Test ID:	1.3.6.1.4.1.25623.1.0.702768
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2768-1)
Summary:	The remote host is missing an update for the Debian 'icedtea-web' package(s) announced via the DSA-2768-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'icedtea-web' package(s) announced via the DSA-2768-1 advisory. Vulnerability Insight: A heap-based buffer overflow vulnerability was found in icedtea-web, a web browser plugin for running applets written in the Java programming language. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program. This problem was initially discovered by Arthur Gerkis and got assigned CVE-2012-4540. Fixes where applied in the 1.1, 1.2 and 1.3 branches but not to the 1.4 branch. For the stable distribution (wheezy), this problem has been fixed in version 1.4-3~ deb7u2. For the unstable distribution (sid), this problem has been fixed in version 1.4-3.1. We recommend that you upgrade your icedtea-web packages. Affected Software/OS: 'icedtea-web' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4540 BugTraq ID: 56434 http://www.securityfocus.com/bid/56434 BugTraq ID: 62426 http://www.securityfocus.com/bid/62426 Debian Security Information: DSA-2768 (Google Search) http://www.debian.org/security/2013/dsa-2768 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:171 https://bugzilla.redhat.com/show_bug.cgi?id=869040 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html http://www.openwall.com/lists/oss-security/2012/11/07/5 RedHat Security Advisories: RHSA-2012:1434 http://rhn.redhat.com/errata/RHSA-2012-1434.html http://www.securitytracker.com/id?1027738 http://secunia.com/advisories/51206 http://secunia.com/advisories/51220 http://secunia.com/advisories/51374 SuSE Security Announcement: openSUSE-SU-2012:1524 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html SuSE Security Announcement: openSUSE-SU-2013:0174 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html SuSE Security Announcement: openSUSE-SU-2013:1509 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html SuSE Security Announcement: openSUSE-SU-2013:1511 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html SuSE Security Announcement: openSUSE-SU-2015:1595 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html http://www.ubuntu.com/usn/USN-1625-1 XForce ISS Database: icedtea-applet-bo(79894) https://exchange.xforce.ibmcloud.com/vulnerabilities/79894
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.