Changes in KaarPux version 2.1.1¶

SECURITY: icedtea: v 2.3.1 to fix CVE-2012-4681¶

(Commit 92c1d61a)

Oracle Java 7 Update 6, and possibly other versions, allows remote attackers to execute arbitrary code via a crafted applet, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

See

• [SECURITY] IcedTea 2.3.1 Released!
• CVE-2012-4681 from CVE database
• Oracle Security Alert for CVE-2012-4681

Upgrade instructions¶

The security fix can be applied to a:program:KaarPux version 2.1.0 system:

rm -rf /opt/kaarpux/icedtea*
linux/scripts/opt/icedtea_BUILD.sh
linux/scripts/opt/icedtea_INSTALL.sh
linux/scripts/opt/icedtea-web_BUILD.sh
linux/scripts/opt/icedtea-web_INSTALL.sh
master/tools/kx_opt.pl