Old Sun Java JRE updates

**AplusWebMaster** · 2008-01-12, 01:29

FYI...

SunJava JRE v1.6.0_04 released
- http://java.sun.com/javase/downloads/index.jsp
"Java SE Runtime Environment (JRE) allows end-users to run Java applications."

Release Notes:
- http://java.sun.com/javase/6/webnote...es.html#160_04
> 370+ Bug fixes !!!

**AplusWebMaster** · 2008-01-15, 15:56

FYI..

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0012
Last revised: 1/10/2008
Vulnerable software and versions
Configuration 1: Sun, JRE, 5.0 Update13, and previous

Java Runtime Environment (JRE) 5.0 Update 14
> http://java.sun.com/javase/downloads/index_jdk5.jsp

-or- Update to JRE 6 update 4:
> http://java.sun.com/javase/downloads/index.jsp

Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
=================================

- http://secunia.com/advisories/28746/
Release Date: 2008-02-01
Critical: Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: Sun Java JDK 1.6.x, Sun Java JRE 1.6.x / 6.x
...Successful exploitation requires that malicious XML data is processed within a trusted applet or Java Web Start application. The security issue is reported in Sun JDK and JRE 6 Update 3 and earlier. Sun JDK and JRE 5.0, and SDK and JRE 1.4.x and 1.3.x are reportedly not affected...
Solution: Update to JDK or JRE 6 Update 4 or later.
http://java.sun.com/javase/downloads/index.jsp
JDK 6 Update 4 for Solaris is also available in the following patches:
Java SE 6 update 4 (as delivered in patch 125136-05 or later)
Java SE 6 update 4 (as delivered in patch 125137-05 or later (64bit))
Java SE 6 x86 update 4 (as delivered in patch 125138-05 or later)
Java SE 6 x86 update 4 (as delivered in patch 125139-05 or later (64bit))
Provided and/or discovered by:
The vendor credits Chris Evans and Johannes Henkel, Google Security Team.
Original Advisory:
http://sunsolve.sun.com/search/docum...=1-66-231246-1

**AplusWebMaster** · 2008-03-04, 21:39

FYI...

Sun Java JRE6 Update 5 released
> http://java.sun.com/javase/downloads/index.jsp
March 04, 2008

Release Notes:
> http://java.sun.com/javase/6/webnote...es.html#160_05
-7- fixes

Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

**AplusWebMaster** · 2008-03-06, 17:22

FYI...

Sun Java JDK/JRE multiple Vulns - update available
- http://secunia.com/advisories/29239/
Last Update: 2008-03-06
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, DoS, System access
Where: From remote
Solution Status: Vendor Patch...

- http://sunsolve.sun.com/search/docum...=1-66-233327-1
"Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges...
This issue can occur in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 4 and earlier
* JDK and JRE 5.0 Update 14 and earlier
* SDK and JRE 1.4.2_16 and earlier ...
Resolution
This issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 5 or later
* JDK and JRE 5.0 Update 15 or later
* SDK and JRE 1.4.2_17 or later ..."

**AplusWebMaster** · 2008-04-16, 15:00

FYI...

Sun Java Runtime Environment (JRE) 6 Update 6
- http://java.sun.com/javase/downloads/index.jsp
April 16, 2008

Release notes:
- http://java.sun.com/javase/6/webnote...es.html#160_06
13 [lucky] Bug fixes (several interesting...)
- HttpClient and HttpsClient should not try to reverse lookup IP address of a proxy server
- REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC
- Java control panel is not showing up in the Windows Vista control panel on a AMD 64 machine
- 6.0 JRE applet running on Vista limits heap to 64 MB
- Java 6 JavaWebstart increases footprint by factor 2 ...

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

.

**AplusWebMaster** · 2008-04-18, 18:47

FYI... (No Secunia advisory, yet)

- http://sunsolve.sun.com/search/docum...=1-66-231246-1
Jan 30, 2008 - "... Vulnerability in the Java Runtime Environment XML Parsing Code May Allow URL Resources to be Accessed..."
- http://sunsolve.sun.com/search/docum...=1-66-231261-1
Feb 05, 2008 - "... Two Vulnerabilities in the Java Runtime Environment May Independently Allow an Untrusted Application or Applet to Elevate Privileges..."
- http://sunsolve.sun.com/search/docum...=1-66-233322-1
Mar 04, 2008 - "... Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations..."
- http://sunsolve.sun.com/search/docum...=1-66-233324-1
Mar 04, 2008 - "... Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges..."
- http://sunsolve.sun.com/search/docum...=1-66-233325-1
Mar 04, 2008 - "... Vulnerabilties in the Java Runtime Environment image Parsing Library..."
(...and probably others.)

"...Resolution: (These issues are) addressed in the following releases (for all supported platforms):
JDK and JRE 6 Update x or later..."

Choose "later" - JDK and JRE 6 Update 6 (current)
...available for download at the following link:
- http://java.sun.com/javase/downloads/index.jsp

**AplusWebMaster** · 2008-04-21, 22:55

FYI...

- http://blog.washingtonpost.com/secur..._released.html
April 21, 2008 - "...Note to Sun: When you ship an update that includes security fixes, alert your user base and update your Web site. Who is that user base? Just about anyone who owns a Windows computer. Sun estimates that Java is installed on more than 600 million computers worldwide..."

**AplusWebMaster** · 2008-07-09, 13:35

FYI...

Java SE Runtime Environment 6u7 First Customer Ship
- http://java.sun.com/javase/downloads/index.jsp
July 9, 2008

Changes in 1.6.0_07:
- http://java.sun.com/javase/6/webnote...es.html#160_07
13 Bug fixes

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...

- http://sunsolve.sun.com/search/docum...=1-26-238905-1
"...Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see: http://java.com/en/download/help/uninstall_java.xml ..."

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

Sun Java JDK/JRE multiple vulns
- http://secunia.com/advisories/31010/
Release Date: 2008-07-09
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Java Web Start 1.x, Java Web Start 5.x, Java Web Start 6.x, Sun Java JDK 1.5.x, Sun Java JDK 1.6.x, Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x, Sun Java SDK 1.3.x, Sun Java SDK 1.4.x ...
Solution: Update to the fixed version.
JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.1_23 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3112
Last revised: 7/10/2008
CVSS v2 Base score: 9.3 (High)

**AplusWebMaster** · 2008-10-16, 20:02

FYI...

Sun Java JRE v1.6.0_10 released
- http://java.sun.com/javase/downloads/index.jsp
Oct. 16, 2008

Release Notes
- http://java.sun.com/javase/6/webnotes/6u10.html
(MANY bug fixes listed...)

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...
- http://sunsolve.sun.com/search/docum...=1-26-238905-1
"...Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see: http://java.com/en/download/help/uninstall_java.xml ..."

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

**AplusWebMaster** · 2008-12-02, 23:19

FYI...

Sun Java JRE v1.6.0_11 released
- http://java.sun.com/javase/downloads/index.jsp
Dec. 02, 2008

Release Notes
- http://java.sun.com/javase/6/webnotes/6u11.html
-18- bug fixes...
"This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 244986, 244987, 244988, 244989, 244990, 244991, 244992, 245246, 246266, 246286, 246346, 246366, and 246387..."

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...

.

Thread: Old Sun Java JRE updates

Thread Tools

Display

SunJava JRE 6 Update 4 released

Sun Java JRE6 Update 5 released

Sun Java (JRE) v1.6.0_6 released

Sun Java JRE v1.6.0_7 released

Sun Java JRE v1.6.0_10 released

Sun Java JRE update released

Posting Permissions