Multiple Sun JRE vulns - updates available
FYI...
Security Vulns in the JRE Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges
- http://www.sunsolve.sun.com/search/p...=1-26-102934-1
Update Date: Thu May 31 00:00:00 MDT 2007
Relief/Workaround: There is no workaround. Please see Resolution section below.
Resolution: The first issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 1 or later
* JDK and JRE 5.0 Update 11 or later...
Java SE 6 Update 1 is available for download at the following links:
* http://java.sun.com/javase/downloads/index.jsp
J2SE 5.0 is available for download at the following link:
* http://java.sun.com/j2se/1.5.0/download.jsp ...
Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system..."
> http://www.us-cert.gov/current/#sun_...urity_advisory
June 6, 2007
> http://www.kb.cert.org/vuls/id/138545
Last Updated: 06/06/2007
- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
:fear:
Sun Java Web Start vuln - updates available
FYI...
- http://secunia.com/advisories/25823/
Release Date: 2007-06-29
Critical: Highly critical
Impact: Security Bypass, Manipulation of data
Where: From remote
Solution Status: Vendor Patch
Software:
Java Web Start 1.x
Sun Java JDK 1.5.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java SDK 1.4.x
...The vulnerability affects Java Web Start in JDK and JRE 5.0 Update 11 and earlier and Java Web Start in SDK and JRE 1.4.2_13 and earlier for the Windows platform...
Solution: Apply updates.
Java Web Start in JDK and JRE 5.0 Update 12 or later
http://java.sun.com/j2se/1.5.0/download.jsp
Java Web Start in SDK and JRE 1.4.2_14 or later
http://java.sun.com/j2se/1.4.2/download.html ...
Original Advisory:
http://sunsolve.sun.com/search/docum...=1-26-102957-1 ..."
Also see: http://secunia.com/advisories/25769/
( http://sunsolve.sun.com/search/docum...=1-26-102958-1 )
:fear:
SunJava JRE v1.6.0_02 released
FYI...
SunJava JRE v1.6.0_02 released
Download Java Runtime Environment (JRE) 6u2:
- http://java.sun.com/javase/downloads/index.jsp
Release notes:
- http://java.sun.com/javase/6/webnote...es.html#160_02
180+ bug fixes (!)
-----------------------------
- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
.
SunJava JRE 6 Update 3 released
FYI...
- http://java.sun.com/javase/downloads/index.jsp
Bug Fixes: -10-
- http://java.sun.com/javase/6/webnote...es.html#160_03
----------------------
Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
.