Oval Definition:oval:org.opensuse.security:def:201910181
Revision Date:2022-08-07Version:1
Title:CVE-2019-10181
Description:

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-10181
SUSE-SU-2019:2033-1
openSUSE-SU-2019:1911-1
Mitre CVE-2019-10181
SUSE CVE-2019-10181
SUSE-SU-2019:2033-1
openSUSE-SU-2019:1911-1
SUSE-SU-2022:1259-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.3
openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 15
SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Package Hub 15 SP3
SUSE Linux Enterprise Module for Package Hub 15 SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP4
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • icedtea-web-1.7.2-lp150.2.3 is installed
  • AND icedtea-web is signed with openSUSE key
  • OR
  • icedtea-web-javadoc-1.7.2-lp150.2.3 is installed
  • AND icedtea-web-javadoc is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND icedtea-web-1.7.2-3.3 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND
  • icedtea-web-1.7.2-3.3 is installed
  • OR icedtea-web-javadoc-1.7.2-3.3 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • icedtea-web-1.8.6-1.3 is installed
  • OR icedtea-web-javadoc-1.8.6-1.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND icedtea-web-1.7.2-3.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP3 is installed
  • AND icedtea-web-1.7.2-150100.7.3.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed
  • AND
  • icedtea-web-1.7.2-150100.7.3.1 is installed
  • OR icedtea-web-javadoc-1.7.2-150100.7.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Package Hub 15 SP4 is installed
  • AND Package Information
  • icedtea-web-1.7.2-150100.7.3.1 is installed
  • OR icedtea-web-javadoc-1.7.2-150100.7.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP1 is installed
  • OR SUSE Linux Enterprise Server 15 SP1 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND icedtea-web is affected
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • icedtea-web-1.7.2-150100.7.3.1 is installed
  • AND icedtea-web is signed with openSUSE key
  • OR
  • icedtea-web-javadoc-1.7.2-150100.7.3.1 is installed
  • AND icedtea-web-javadoc is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Linux Enterprise Workstation Extension 15 SP4 is installed
  • AND icedtea-web-1.7.2-150100.7.3.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Module for Package Hub 15 SP4 is installed
  • AND
  • icedtea-web-1.7.2-150100.7.3.1 is installed
  • OR icedtea-web-javadoc-1.7.2-150100.7.3.1 is installed
    • BACK