Synopsis: Important: icedtea-web security update
Advisory ID: SLSA-2019:2003-1
Issue Date: 2019-07-31
CVE Numbers: CVE-2019-10182
CVE-2019-10185
CVE-2019-10181
—
Security Fix(es):
* icedtea-web: path traversal while processing elements of JNLP
files results in arbitrary file overwrite (CVE-2019-10182)
* icedtea-web: directory traversal in the nested jar auto-extraction
leading to arbitrary file overwrite (CVE-2019-10185)
* icedtea-web: unsigned code injection in a signed JAR file
(CVE-2019-10181)
—
SL7
x86_64
icedtea-web-1.7.1-2.el7_6.x86_64.rpm
icedtea-web-debuginfo-1.7.1-2.el7_6.x86_64.rpm
noarch
icedtea-web-devel-1.7.1-2.el7_6.noarch.rpm
icedtea-web-javadoc-1.7.1-2.el7_6.noarch.rpm
icedtea-web-1.7.1-2.el7_6.src.rpm
– Scientific Linux Development Team
