Multiple vulnerabilities has been discovered and corrected in icedtea-web: An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code . It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI . When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution . The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.