AplusWebMaster
2008-07-09, 14:35
FYI...
Java SE Runtime Environment 6u7 First Customer Ship
- http://java.sun.com/javase/downloads/index.jsp
July 9, 2008
Changes in 1.6.0_07:
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_07
13 Bug fixes
Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238905-1
"...Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see: http://java.com/en/download/help/uninstall_java.xml ..."
- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
Sun Java JDK/JRE multiple vulns
- http://secunia.com/advisories/31010/
Release Date: 2008-07-09
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Java Web Start 1.x, Java Web Start 5.x, Java Web Start 6.x, Sun Java JDK 1.5.x, Sun Java JDK 1.6.x, Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x, Sun Java SDK 1.3.x, Sun Java SDK 1.4.x ...
Solution: Update to the fixed version.
JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.1_23 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html ...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3112
Last revised: 7/10/2008
CVSS v2 Base score: 9.3 (High)
:fear:
Java SE Runtime Environment 6u7 First Customer Ship
- http://java.sun.com/javase/downloads/index.jsp
July 9, 2008
Changes in 1.6.0_07:
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_07
13 Bug fixes
Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238905-1
"...Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see: http://java.com/en/download/help/uninstall_java.xml ..."
- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
Sun Java JDK/JRE multiple vulns
- http://secunia.com/advisories/31010/
Release Date: 2008-07-09
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Java Web Start 1.x, Java Web Start 5.x, Java Web Start 6.x, Sun Java JDK 1.5.x, Sun Java JDK 1.6.x, Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x, Sun Java SDK 1.3.x, Sun Java SDK 1.4.x ...
Solution: Update to the fixed version.
JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.1_23 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html ...
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3112
Last revised: 7/10/2008
CVSS v2 Base score: 9.3 (High)
:fear: