RHSA-2019:2004-01 -- Redhat icedtea-webID: oval:org.secpod.oval:def:503210 | Date: (C)2019-10-09 (M)2023-06-01 |
Class: PATCH | Family: unix |
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Security Fix: * icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite * icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite * icedtea-web: unsigned code injection in a signed JAR file For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 8 |