SCIENTIFIC-LINUX-ERRATA Archives

July 2019

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: icedtea-web on SL7.x x86_64
From:
Scott Reid <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 31 Jul 2019 20:34:32 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines) 
Synopsis: Important: icedtea-web security update

Advisory ID:       SLSA-2019:2003-1

Issue Date:        2019-07-31

CVE Numbers:       CVE-2019-10182

                   CVE-2019-10185

                   CVE-2019-10181

--



Security Fix(es):



* icedtea-web: path traversal while processing <jar/> elements of JNLP

files results in arbitrary file overwrite (CVE-2019-10182)



* icedtea-web: directory traversal in the nested jar auto-extraction

leading to arbitrary file overwrite (CVE-2019-10185)



* icedtea-web: unsigned code injection in a signed JAR file

(CVE-2019-10181)

--



SL7

  x86_64

    icedtea-web-1.7.1-2.el7_6.x86_64.rpm

    icedtea-web-debuginfo-1.7.1-2.el7_6.x86_64.rpm

  noarch

    icedtea-web-devel-1.7.1-2.el7_6.noarch.rpm

    icedtea-web-javadoc-1.7.1-2.el7_6.noarch.rpm

    icedtea-web-1.7.1-2.el7_6.src.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2