Page 2 of 8 FirstFirst 123456 ... LastLast
Results 11 to 20 of 78

Thread: Old Sun Java JRE updates

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post

    FYI...

    Incompatibilities between the Java Platform, Standard Edition 6 and J2SE 5.0
    - http://java.sun.com/javase/6/webnote...ompatibilities
    Jan 03, 2007


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://secunia.com/advisories/23757/
    Release Date: 2007-01-17
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch...
    ...The vulnerability is reported in the following versions:
    * JDK and JRE 5.0 Update 9 and prior.
    * SDK and JRE 1.4.2_12 and prior.
    * SDK and JRE 1.3.1_18 and prior.
    Solution: > Updated to fixed versions.
    JDK and JRE 5.0:
    Update to JDK and JRE 5.0 Update 10 or later.
    - http://java.sun.com/javase/downloads/index_jdk5.jsp
    SDK and JRE 1.4.x:
    Update to SDK and JRE 1.4.2_13 or later.
    - http://java.sun.com/j2se/1.4.2/download.html
    SDK and JRE 1.3.x:
    Update to SDK and JRE 1.3.1_19 or later.
    - http://java.sun.com/j2se/1.3/download.html ...
    Original Advisory:
    Sun Microsystems: http://sunsolve.sun.com/search/docum...=1-26-102760-1 ..."
    "...Relief/Workaround: There is no workaround...
    Resolution: This issue is addressed in the following releases (for Windows, Solaris, and Linux):
    * JDK and JRE 5.0 Update 10 or later
    * SDK and JRE 1.4.2_13 or later
    * SDK and JRE 1.3.1_19 or later ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post

    FYI...

    - http://www.vnunet.com/vnunet/news/21...ploits-brewing
    12 Jan 2007 ~ "Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix... Java is inherently a more secure system, because JRE uses so-called sandboxing that allows it to operate as a virtual machine to block access to other parts of the system... As developers create JavaScript applications that require more capabilities, they begin to call up .dll files from the system. As soon as the programs reach outside the virtual machine for system files, the security protection of the sandbox is negated..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb

    More...

    - http://www.f-secure.com/weblog/archi....html#00001083
    January 18, 2007 ~ "...When running a Java applet from a web page using a vulnerable version of Java Runtime, an applet exploiting the vulnerability may escape Java's sandbox. This means that the Java applet would have exactly the same access to the file system and process execution as any native application. Java vulnerabilities have been actively used by malicious web pages in the past, so it is quite possible that this new vulnerability will also be used. So do make sure that your Java runtime is up to date, instructions are available at Sun Advisory #102760*.
    Note: Sun provides links to J2SE 5.0 Update 10 in their advisory. As we posted earlier, version 6.0 is also available**..."

    * http://www.sunsolve.sun.com/search/d...=1-26-102760-1

    ** http://java.sun.com/javase/downloads/index.jsp

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://www.us-cert.gov/cas/techalerts/TA07-022A.html
    January 22, 2007
    "...Systems Affected: Sun Java Runtime Environment versions
    * JDK and JRE 5.0 Update 9 and earlier
    * SDK and JRE 1.4.2_12 and earlier
    * SDK and JRE 1.3.1_18 and earlier
    Overview: The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
    Solution: Apply an update from Sun
    These issues are addressed in the following versions of the Sun Java Runtime environment:
    * JDK and JRE 5.0 Update 10 or later
    * SDK and JRE 1.4.2_13 or later
    * SDK and JRE 1.3.1_19 or later
    If you install the latest version of Java, older versions of Java may remain installed on your computer. If these versions of Java are not needed, you may wish to remove them..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Sun Java JRE v1.5.0_11 update released

    FYI...

    Java Runtime Environment (JRE) 5.0 Update 11
    The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
    - http://java.sun.com/javase/downloads/index_jdk5.jsp

    Changes in 1.5.0_11
    - http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_11
    50+ bug fixes (from v1.5.0_10)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow

    FYI...

    ...Java update (1.5.0u11)...
    - http://isc.sans.org/diary.html?storyid=2226
    Last Updated: 2007-02-12 22:35:17 UTC
    "...It is worth noting that this update contains time zone data that incorporates Day Light Saving changes for 2007... Remember to remove the old update revisions if you don’t need them any more (after you’ve thoroughly tested all your applications, of course)..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Sun Java JRE v1.6.0_01 released

    FYI...

    Java Runtime Environment (JRE) 6u1 released
    - http://java.sun.com/javase/downloads/index.jsp

    Release Notes - Changes in 1.6.0_01
    - http://java.sun.com/javase/6/webnote...es.html#160_01
    90+ bug fixes


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Java Platform Privilege Escalation Vuln - updates available
    - http://secunia.com/advisories/25069/
    Release Date: 2007-05-01
    Critical: Moderately critical
    Impact: Security Bypass
    Where: From remote
    Solution Status: Vendor Patch
    Software:
    Sun Java Enterprise System 5.x
    Sun Java JDK 1.5.x
    Sun Java JRE 1.4.x
    Sun Java JRE 1.5.x / 5.x
    Sun Java SDK 1.4.x
    ...The vulnerability is reported in Java Web Start in JDK -and- JRE 5.0 Update 10 and Java Web Start in SDK and JRE 1.4.2_13 - and earlier- for Windows, Solaris and Linux...
    >>> Solution: Update to Java Web Start in JDK and JRE 5.0 Update 11 or later, or Java Web Start in SDK and JRE 1.4.2_14 or later...
    -- J2SE 5.0 --
    http://java.sun.com/j2se/1.5.0/download.jsp
    --- J2SE 1.4.2 --
    http://java.sun.com/j2se/1.4.2/download.html
    Note that vulnerable versions should be removed from the system...
    Original Advisory:
    http://sunsolve.sun.com/search/docum...=1-26-102881-1 ..."

    .
    Last edited by AplusWebMaster; 2007-05-01 at 18:59. Reason: Added links to updates...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Java JRE/JDK 1.5.0_12 released

    FYI...

    Java Runtime Environment (JRE) 5.0 Update 12
    - http://java.sun.com/javase/downloads/index_jdk5.jsp

    Release Notes
    - http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_12
    70+ fixes


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •