Описание
ELSA-2019-2003: icedtea-web security update (IMPORTANT)
[1.7.2-16]
- added patch1, patch4 and patch11 to fix CVE-2019-10182
- added patch2 to fix CVE-2019-10181
- added patch3 and patch33 to fix CVE-2019-10185
- Resolves: rhbz#1724958
- Resolves: rhbz#1725928
- Resolves: rhbz#1724989
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
icedtea-web
1.7.1-2.el7_6
icedtea-web-devel
1.7.1-2.el7_6
icedtea-web-javadoc
1.7.1-2.el7_6
Oracle Linux x86_64
icedtea-web
1.7.1-2.el7_6
icedtea-web-devel
1.7.1-2.el7_6
icedtea-web-javadoc
1.7.1-2.el7_6
Связанные CVE
Связанные уязвимости
CVSS3: 8.2
ubuntu
больше 6 лет назад
It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.