FYI...

Java Runtime Environment (JRE) 5.0 Update 10 released
- http://java.sun.com/javase/downloads/index.jsp

100+ bug fixes
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_10
(Several [not all] interesting bug fixes)
BugId Category Subcategory Description
6374321 java classes_awt Textfield loses focus after alt key hit in IE browser
6424631 java_plugin iexplorer Signed applet hangs browser if a remote policy server is being used
6386537 java_plugin iexplorer Deadlock occurs between Java Plug-in and Windows in 1.3.1_06
6437047 java_plugin iexplorer Java Plugin controls are considered "Not Verified" in IE's "Managed Add-ons" list
6466876 java_plugin iexplorer Applet frame is not repainted correctly
6460113 java_plugin iexplorer REGRESSION: Access Violation running on 5.0u9 b01 plugin
6417341 java_plugin misc IE Window becomes Zombie when closed prior to the modal dialog
6406801 java_plugin misc Vista: Click "Go to Java.com" button of Java system tray, two IE windows pop up

:rolleyes:

Thanks, Jack - appreciated.

Silj

I hate Sun Java but I am forced to use it because MS java is discontinued and buggy. Why does Sun Java take so long to update, load etc..its just so annoying..

Thanks for the new update news.

I hate Sun Java but I am forced to use it because MS java is discontinued and buggy. Why does Sun Java take so long to update, load etc..its just so annoying..

Thanks for the new update news.
Windows version? The update is rather large, yes, that's a given and yes it will take a while to download and install, you have to learn to live with it.

Silj

Windows version? The update is rather large, yes, that's a given and yes it will take a while to download and install, you have to learn to live with it.

Silj

How come no one else is allowed to build their own version of java and release it for free?

How come no one else is allowed to build their own version of java and release it for free?
Patents...


:lip:

Patents...


:lip: That certainly would be the reason!!

Regards,
Silj

FYI...

Java Runtime Environment (JRE) 6 (build 1.6.0-b105)
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
- http://java.sun.com/javase/downloads/index.jsp

> Known Bugs and Issues
Java SE 6 Release Notes
- http://java.sun.com/javase/6/webnotes/index.html#windows
Windows Notes

.

FYI...

- http://secunia.com/advisories/23445/
Release Date: 2006-12-20
Critical: Highly critical
Impact: Privilege escalation, System access
Where: From remote
Solution Status: Vendor Patch....
...The following releases are affected:
* JDK and JRE 5.0 Update 7 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior
* JDK and JRE 5.0 Update 6 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior ...
Solution: Update to fixed versions:
JDK and JRE 5.0: Update to JDK and JRE 5.0 Update 8 or later.
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.x: Update to SDK and JRE 1.4.2_13 or later.
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.x: Update to SDK and JRE 1.3.1_19 or later.
http://java.sun.com/j2se/1.3/download.html ...
Original Advisory: Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 ..."

Also: http://isc.sans.org/diary.php?storyid=1960
Last Updated: 2006-12-20 03:30:43 UTC
"...Sun has a weird habit of *not* removing older versions from your machine, so you might want to do that manually..."

:lip: :fear:

FYI...

- http://isc.sans.org/diary.php?storyid=1994
Last Updated: 2007-01-02 04:13:00 UTC
"...Java 6 was released after nearly 2 years of work in December. Many of the updates to Java involve improved security functionality and memory leak updates. A full list of updates is available*... it has been observed that the Java update installer does not clean up older revisions of the product. Any update / change control procedures need to take this into account and remove older versions once you are satisfied that it is safe to move forward..."

"The Java Platform has added support for the following Security functionality in version 6..."
* http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements.html

.

FYI...

Incompatibilities between the Java Platform, Standard Edition 6 and J2SE 5.0
- http://java.sun.com/javase/6/webnotes/compatibility.html#incompatibilities
Jan 03, 2007


:spider: :lip:

FYI...

- http://secunia.com/advisories/23757/
Release Date: 2007-01-17
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
...The vulnerability is reported in the following versions:
* JDK and JRE 5.0 Update 9 and prior.
* SDK and JRE 1.4.2_12 and prior.
* SDK and JRE 1.3.1_18 and prior.
Solution: > Updated to fixed versions.
JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 10 or later.
- http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_13 or later.
- http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_19 or later.
- http://java.sun.com/j2se/1.3/download.html ...
Original Advisory:
Sun Microsystems: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1 ..."
"...Relief/Workaround: There is no workaround...
Resolution: This issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 5.0 Update 10 or later
* SDK and JRE 1.4.2_13 or later
* SDK and JRE 1.3.1_19 or later ..."

:fear:

FYI...

- http://www.vnunet.com/vnunet/news/2172403/java-exploits-brewing
12 Jan 2007 ~ "Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix... Java is inherently a more secure system, because JRE uses so-called sandboxing that allows it to operate as a virtual machine to block access to other parts of the system... As developers create JavaScript applications that require more capabilities, they begin to call up .dll files from the system. As soon as the programs reach outside the virtual machine for system files, the security protection of the sandbox is negated..."

:fear:

More...

- http://www.f-secure.com/weblog/archives/archive-012007.html#00001083
January 18, 2007 ~ "...When running a Java applet from a web page using a vulnerable version of Java Runtime, an applet exploiting the vulnerability may escape Java's sandbox. This means that the Java applet would have exactly the same access to the file system and process execution as any native application. Java vulnerabilities have been actively used by malicious web pages in the past, so it is quite possible that this new vulnerability will also be used. So do make sure that your Java runtime is up to date, instructions are available at Sun Advisory #102760*.
Note: Sun provides links to J2SE 5.0 Update 10 in their advisory. As we posted earlier, version 6.0 is also available**..."

* http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

** http://java.sun.com/javase/downloads/index.jsp

:fear:

FYI...

- http://www.us-cert.gov/cas/techalerts/TA07-022A.html
January 22, 2007
"...Systems Affected: Sun Java Runtime Environment versions
* JDK and JRE 5.0 Update 9 and earlier
* SDK and JRE 1.4.2_12 and earlier
* SDK and JRE 1.3.1_18 and earlier
Overview: The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Solution: Apply an update from Sun
These issues are addressed in the following versions of the Sun Java Runtime environment:
* JDK and JRE 5.0 Update 10 or later
* SDK and JRE 1.4.2_13 or later
* SDK and JRE 1.3.1_19 or later
If you install the latest version of Java, older versions of Java may remain installed on your computer. If these versions of Java are not needed, you may wish to remove them..."

.

FYI...

Java Runtime Environment (JRE) 5.0 Update 11
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
- http://java.sun.com/javase/downloads/index_jdk5.jsp

Changes in 1.5.0_11
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_11
50+ bug fixes (from v1.5.0_10)

:spider:

FYI...

...Java update (1.5.0u11)...
- http://isc.sans.org/diary.html?storyid=2226
Last Updated: 2007-02-12 22:35:17 UTC
"...It is worth noting that this update contains time zone data that incorporates Day Light Saving changes for 2007... Remember to remove the old update revisions if you don’t need them any more (after you’ve thoroughly tested all your applications, of course)..."

:spider:

FYI...

Java Runtime Environment (JRE) 6u1 released
- http://java.sun.com/javase/downloads/index.jsp

Release Notes - Changes in 1.6.0_01
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_01
90+ bug fixes


.

FYI...

Java Platform Privilege Escalation Vuln - updates available
- http://secunia.com/advisories/25069/
Release Date: 2007-05-01
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software:
Sun Java Enterprise System 5.x
Sun Java JDK 1.5.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java SDK 1.4.x
...The vulnerability is reported in Java Web Start in JDK -and- JRE 5.0 Update 10 and Java Web Start in SDK and JRE 1.4.2_13 - and earlier- for Windows, Solaris and Linux...
>>> Solution: Update to Java Web Start in JDK and JRE 5.0 Update 11 or later, or Java Web Start in SDK and JRE 1.4.2_14 or later...
-- J2SE 5.0 --
http://java.sun.com/j2se/1.5.0/download.jsp
--- J2SE 1.4.2 --
http://java.sun.com/j2se/1.4.2/download.html
Note that vulnerable versions should be removed from the system...
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1 ..."

.

FYI...

Java Runtime Environment (JRE) 5.0 Update 12
- http://java.sun.com/javase/downloads/index_jdk5.jsp

Release Notes
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_12
70+ fixes


:spider:

FYI...

Security Vulns in the JRE Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges
- http://www.sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102934-1
Update Date: Thu May 31 00:00:00 MDT 2007
Relief/Workaround: There is no workaround. Please see Resolution section below.
Resolution: The first issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 1 or later
* JDK and JRE 5.0 Update 11 or later...
Java SE 6 Update 1 is available for download at the following links:
* http://java.sun.com/javase/downloads/index.jsp
J2SE 5.0 is available for download at the following link:
* http://java.sun.com/j2se/1.5.0/download.jsp ...
Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system..."

> http://www.us-cert.gov/current/#sun_microsystems_releases_security_advisory
June 6, 2007

> http://www.kb.cert.org/vuls/id/138545
Last Updated: 06/06/2007

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

:fear:

FYI...

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

.

Thanks for the notice. I read on neowin that microsoft were making a flash program to rival adobes flash player. Will they ever resume with their java programme or are there still legal issues?

FYI...

- http://secunia.com/advisories/25823/
Release Date: 2007-06-29
Critical: Highly critical
Impact: Security Bypass, Manipulation of data
Where: From remote
Solution Status: Vendor Patch
Software:
Java Web Start 1.x
Sun Java JDK 1.5.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java SDK 1.4.x
...The vulnerability affects Java Web Start in JDK and JRE 5.0 Update 11 and earlier and Java Web Start in SDK and JRE 1.4.2_13 and earlier for the Windows platform...
Solution: Apply updates.
Java Web Start in JDK and JRE 5.0 Update 12 or later
http://java.sun.com/j2se/1.5.0/download.jsp
Java Web Start in SDK and JRE 1.4.2_14 or later
http://java.sun.com/j2se/1.4.2/download.html ...
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1 ..."

Also see: http://secunia.com/advisories/25769/
( http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1 )

:fear:

FYI...

SunJava JRE v1.6.0_02 released
Download Java Runtime Environment (JRE) 6u2:
- http://java.sun.com/javase/downloads/index.jsp

Release notes:
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_02
180+ bug fixes (!)

-----------------------------

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

.

FYI...

- http://secunia.com/advisories/25981/
Release Date: 2007-07-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Java Web Start 1.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x ...
The vulnerability is reported in the following versions:
* Java Runtime Environment 6 Update 1 and earlier
* Java Runtime Environment 5 Update 11, and earlier ...
Solution: Apply updates.
JRE 5 Update 12:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JRE 6 Update 2:
http://java.sun.com/javase/downloads/index.jsp ..."

Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

:fear:

FYI...

Sun Java vuln - updates available
> http://secunia.com/advisories/26015/
Release Date: 2007-07-11
Critical: Moderately critical
...The vulnerability affects the following versions for Solaris, Linux, and Windows:
* JDK and JRE 6 Update 1 and earlier
* JDK and JRE 5.0 Updates 7, 8, 9, 10, and 11
* SDK and JRE 1.4.2_11, _12, _13, and _14 ...
Solution: Update to the latest versions:
JDK and JRE 6 Update 2 or later: http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 12 and later: http://java.sun.com/j2se/1.5.0/download.jsp
SDK and JRE 1.4.2_15 and later: http://java.sun.com/j2se/1.4.2/download.html ...
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1 ...

- http://secunia.com/advisories/26031/
Release Date: 2007-07-11
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Sun Java JDK 1.6.x, Sun Java JRE 1.6.x / 6.x ...
Solution: Apply patches.
Update to JDK and JRE 6 Update 2 or later.
http://java.sun.com/javase/downloads/index.jsp ...

----------------------
Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

.

FYI...

- http://isc.sans.org/diary.html?storyid=3140
Last Updated: 2007-07-13 16:44:38 UTC - "...anyone using the Java Runtime Environment or Java Development Kit is at risk.
http://www.auscert.org.au/render.html
This flaw may have an impact on PDA's and mobile phones as well as PC's. Because Java is browser independent it has potential to impact many, many devices. It is recommended that you patch all java devices as soon as possible."

- http://news.zdnet.com/2100-1009_22-6196493.html
July 13, 2007 - "...problem is compounded by the fact that organizations are unlikely to take on the daunting process of patching -all- of their Java Runtime vulnerabilities..."

:oops:

FYI...

- http://java.sun.com/javase/downloads/index.jsp

Bug Fixes: -10-
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_03

----------------------
Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

.

FYI...

Sun Java JRE multiple Vulns - updates available
- http://secunia.com/advisories/27009/
Release Date: 2007-10-04
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Sun Java JDK 1.5.x, Sun Java JDK 1.6.x, Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x, Sun Java SDK 1.3.x, Sun Java SDK 1.4.x
...The vulnerabilities are reported in the following versions:
* JDK and JRE 6 Update 2 and earlier
* JDK and JRE 5.0 Update 12 and earlier
* SDK and JRE 1.4.2_15 and earlier
* SDK and JRE 1.3.1_20 and earlier
Solution: Update to the fixed versions.
JDK and JRE 6 Update 3:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 13:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_16:
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.1 for Solaris 8:
http://java.sun.com/j2se/1.3/download.html ...

.

FYI...

SunJava JRE v1.6.0_04 released
- http://java.sun.com/javase/downloads/index.jsp
"Java SE Runtime Environment (JRE) allows end-users to run Java applications."

Release Notes:
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_04
> 370+ Bug fixes !!!

:lip::spider:

FYI..

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0012
Last revised: 1/10/2008
Vulnerable software and versions
Configuration 1: Sun, JRE, 5.0 Update13, and previous

Java Runtime Environment (JRE) 5.0 Update 14
> http://java.sun.com/javase/downloads/index_jdk5.jsp

-or- Update to JRE 6 update 4:
> http://java.sun.com/javase/downloads/index.jsp

Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
=================================

- http://secunia.com/advisories/28746/
Release Date: 2008-02-01
Critical: Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: Sun Java JDK 1.6.x, Sun Java JRE 1.6.x / 6.x
...Successful exploitation requires that malicious XML data is processed within a trusted applet or Java Web Start application. The security issue is reported in Sun JDK and JRE 6 Update 3 and earlier. Sun JDK and JRE 5.0, and SDK and JRE 1.4.x and 1.3.x are reportedly not affected...
Solution: Update to JDK or JRE 6 Update 4 or later.
http://java.sun.com/javase/downloads/index.jsp
JDK 6 Update 4 for Solaris is also available in the following patches:
Java SE 6 update 4 (as delivered in patch 125136-05 or later)
Java SE 6 update 4 (as delivered in patch 125137-05 or later (64bit))
Java SE 6 x86 update 4 (as delivered in patch 125138-05 or later)
Java SE 6 x86 update 4 (as delivered in patch 125139-05 or later (64bit))
Provided and/or discovered by:
The vendor credits Chris Evans and Johannes Henkel, Google Security Team.
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1

FYI...

Sun Java JRE6 Update 5 released
> http://java.sun.com/javase/downloads/index.jsp
March 04, 2008

Release Notes:
> http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_05
-7- fixes

Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

:fear:

FYI...

Sun Java JDK/JRE multiple Vulns - update available
- http://secunia.com/advisories/29239/
Last Update: 2008-03-06
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, DoS, System access
Where: From remote
Solution Status: Vendor Patch...

- http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1
"Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges...
This issue can occur in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 4 and earlier
* JDK and JRE 5.0 Update 14 and earlier
* SDK and JRE 1.4.2_16 and earlier ...
Resolution
This issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 5 or later
* JDK and JRE 5.0 Update 15 or later
* SDK and JRE 1.4.2_17 or later ..."

:fear: