FYI...
Incompatibilities between the Java Platform, Standard Edition 6 and J2SE 5.0
- http://java.sun.com/javase/6/webnote...ompatibilities
Jan 03, 2007
:spider: :lip:
Printable View
FYI...
Incompatibilities between the Java Platform, Standard Edition 6 and J2SE 5.0
- http://java.sun.com/javase/6/webnote...ompatibilities
Jan 03, 2007
:spider: :lip:
FYI...
- http://secunia.com/advisories/23757/
Release Date: 2007-01-17
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
...The vulnerability is reported in the following versions:
* JDK and JRE 5.0 Update 9 and prior.
* SDK and JRE 1.4.2_12 and prior.
* SDK and JRE 1.3.1_18 and prior.
Solution: > Updated to fixed versions.
JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 10 or later.
- http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_13 or later.
- http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_19 or later.
- http://java.sun.com/j2se/1.3/download.html ...
Original Advisory:
Sun Microsystems: http://sunsolve.sun.com/search/docum...=1-26-102760-1 ..."
"...Relief/Workaround: There is no workaround...
Resolution: This issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 5.0 Update 10 or later
* SDK and JRE 1.4.2_13 or later
* SDK and JRE 1.3.1_19 or later ..."
:fear:
FYI...
- http://www.vnunet.com/vnunet/news/21...ploits-brewing
12 Jan 2007 ~ "Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix... Java is inherently a more secure system, because JRE uses so-called sandboxing that allows it to operate as a virtual machine to block access to other parts of the system... As developers create JavaScript applications that require more capabilities, they begin to call up .dll files from the system. As soon as the programs reach outside the virtual machine for system files, the security protection of the sandbox is negated..."
:fear:
More...
- http://www.f-secure.com/weblog/archi....html#00001083
January 18, 2007 ~ "...When running a Java applet from a web page using a vulnerable version of Java Runtime, an applet exploiting the vulnerability may escape Java's sandbox. This means that the Java applet would have exactly the same access to the file system and process execution as any native application. Java vulnerabilities have been actively used by malicious web pages in the past, so it is quite possible that this new vulnerability will also be used. So do make sure that your Java runtime is up to date, instructions are available at Sun Advisory #102760*.
Note: Sun provides links to J2SE 5.0 Update 10 in their advisory. As we posted earlier, version 6.0 is also available**..."
* http://www.sunsolve.sun.com/search/d...=1-26-102760-1
** http://java.sun.com/javase/downloads/index.jsp
:fear:
FYI...
- http://www.us-cert.gov/cas/techalerts/TA07-022A.html
January 22, 2007
"...Systems Affected: Sun Java Runtime Environment versions
* JDK and JRE 5.0 Update 9 and earlier
* SDK and JRE 1.4.2_12 and earlier
* SDK and JRE 1.3.1_18 and earlier
Overview: The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Solution: Apply an update from Sun
These issues are addressed in the following versions of the Sun Java Runtime environment:
* JDK and JRE 5.0 Update 10 or later
* SDK and JRE 1.4.2_13 or later
* SDK and JRE 1.3.1_19 or later
If you install the latest version of Java, older versions of Java may remain installed on your computer. If these versions of Java are not needed, you may wish to remove them..."
.
FYI...
Java Runtime Environment (JRE) 5.0 Update 11
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
- http://java.sun.com/javase/downloads/index_jdk5.jsp
Changes in 1.5.0_11
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_11
50+ bug fixes (from v1.5.0_10)
:spider:
FYI...
...Java update (1.5.0u11)...
- http://isc.sans.org/diary.html?storyid=2226
Last Updated: 2007-02-12 22:35:17 UTC
"...It is worth noting that this update contains time zone data that incorporates Day Light Saving changes for 2007... Remember to remove the old update revisions if you don’t need them any more (after you’ve thoroughly tested all your applications, of course)..."
:spider:
FYI...
Java Runtime Environment (JRE) 6u1 released
- http://java.sun.com/javase/downloads/index.jsp
Release Notes - Changes in 1.6.0_01
- http://java.sun.com/javase/6/webnote...es.html#160_01
90+ bug fixes
.
FYI...
Java Platform Privilege Escalation Vuln - updates available
- http://secunia.com/advisories/25069/
Release Date: 2007-05-01
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software:
Sun Java Enterprise System 5.x
Sun Java JDK 1.5.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java SDK 1.4.x
...The vulnerability is reported in Java Web Start in JDK -and- JRE 5.0 Update 10 and Java Web Start in SDK and JRE 1.4.2_13 - and earlier- for Windows, Solaris and Linux...
>>> Solution: Update to Java Web Start in JDK and JRE 5.0 Update 11 or later, or Java Web Start in SDK and JRE 1.4.2_14 or later...
-- J2SE 5.0 --
http://java.sun.com/j2se/1.5.0/download.jsp
--- J2SE 1.4.2 --
http://java.sun.com/j2se/1.4.2/download.html
Note that vulnerable versions should be removed from the system...
Original Advisory:
http://sunsolve.sun.com/search/docum...=1-26-102881-1 ..."
.
FYI...
Java Runtime Environment (JRE) 5.0 Update 12
- http://java.sun.com/javase/downloads/index_jdk5.jsp
Release Notes
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_12
70+ fixes
:spider: