Icedtea-Web Exploit Fixed in Multiple Ubuntu OSes

Perform a simple system update in order to solve the problem

By on November 8th, 2012 10:54 GMT

On November 7, in a security notice, Canonical published details about an Icedtea-Web vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.

According to Canonical, the Icedtea-Web plugin could have been made to crash or run programs as your login if it opened a specially crafted web page.

It was discovered that if a user was tricked into opening a malicious website, an attacker could have caused the plugin to crash or possibly execute arbitrary code, as the user invoking the program.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest icedtea-7-plugin and icedtea-6-plugin, specific to each distribution.

A normal system update, executed with the Update Manager, will implement all the necessary changes. A complete system restart is not necessary.

Comments