LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis: Important: icedtea-web security update
Advisory ID:       SLSA-2019:2003-1
Issue Date:        2019-07-31
CVE Numbers:       CVE-2019-10182
                   CVE-2019-10185
                   CVE-2019-10181
--

Security Fix(es):

* icedtea-web: path traversal while processing <jar/> elements of JNLP
files results in arbitrary file overwrite (CVE-2019-10182)

* icedtea-web: directory traversal in the nested jar auto-extraction
leading to arbitrary file overwrite (CVE-2019-10185)

* icedtea-web: unsigned code injection in a signed JAR file
(CVE-2019-10181)
--

SL7
  x86_64
    icedtea-web-1.7.1-2.el7_6.x86_64.rpm
    icedtea-web-debuginfo-1.7.1-2.el7_6.x86_64.rpm
  noarch
    icedtea-web-devel-1.7.1-2.el7_6.noarch.rpm
    icedtea-web-javadoc-1.7.1-2.el7_6.noarch.rpm
    icedtea-web-1.7.1-2.el7_6.src.rpm

- Scientific Linux Development Team