Synopsis: Important: icedtea-web security update Advisory ID: SLSA-2019:2003-1 Issue Date: 2019-07-31 CVE Numbers: CVE-2019-10182 CVE-2019-10185 CVE-2019-10181 -- Security Fix(es): * icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite (CVE-2019-10182) * icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite (CVE-2019-10185) * icedtea-web: unsigned code injection in a signed JAR file (CVE-2019-10181) -- SL7 x86_64 icedtea-web-1.7.1-2.el7_6.x86_64.rpm icedtea-web-debuginfo-1.7.1-2.el7_6.x86_64.rpm noarch icedtea-web-devel-1.7.1-2.el7_6.noarch.rpm icedtea-web-javadoc-1.7.1-2.el7_6.noarch.rpm icedtea-web-1.7.1-2.el7_6.src.rpm - Scientific Linux Development Team