Novell Home

CVE-2013-1927

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1927 at MITRE

Description

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 815596, 818768

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • icedtea-web >= 1.4-0.5.1
Builds
SAT Patch Nr: 7742
SUSE Linux Enterprise Desktop 11 SP2
  • icedtea-web >= 1.3.2-0.5.1
Builds
SAT Patch Nr: 7642
SUSE Linux Enterprise Desktop 11 SP3
  • icedtea-web >= 1.4-0.10.1
Builds
SAT Patch Nr: 7981

© 2014 Novell