IcedTea contains a flaw that may lead to an unauthorized information disclosure.  Multiple sensitive variables are declared public, which will disclose user.name, user.home and java.home information to a remote attacker.

Upgrade to version 1.9.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2010-3860 (see also: NVD)
• Secunia Advisory ID: 42412 42417 42563 43085
• VUPEN Advisory: ADV-2010-3090 ADV-2010-3108
• Generic Informational URL: http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/
• Vendor Specific News/Changelog Entry: http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/9aa0018d8c28
  http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
  https://bugzilla.redhat.com/show_bug.cgi?id=645843
• Mail List Post: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html
• Other Advisory URL: http://www.ubuntu.com/usn/usn-1024-1
• RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2011-0176.html

• Not Available