Old Sun Java JRE updates

AplusWebMaster

AplusWebMaster

New member
Advisor Team
FYI...

Java Runtime Environment (JRE) 5.0 Update 10 released
- http://java.sun.com/javase/downloads/index.jsp

100+ bug fixes
- http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_10
(Several [not all] interesting bug fixes)
BugId Category Subcategory Description
6374321 java classes_awt Textfield loses focus after alt key hit in IE browser
6424631 java_plugin iexplorer Signed applet hangs browser if a remote policy server is being used
6386537 java_plugin iexplorer Deadlock occurs between Java Plug-in and Windows in 1.3.1_06
6437047 java_plugin iexplorer Java Plugin controls are considered "Not Verified" in IE's "Managed Add-ons" list
6466876 java_plugin iexplorer Applet frame is not repainted correctly
6460113 java_plugin iexplorer REGRESSION: Access Violation running on 5.0u9 b01 plugin
6417341 java_plugin misc IE Window becomes Zombie when closed prior to the modal dialog
6406801 java_plugin misc Vista: Click "Go to Java.com" button of Java system tray, two IE windows pop up

:rolleyes:
 
Last edited:
I hate Sun Java but I am forced to use it because MS java is discontinued and buggy. Why does Sun Java take so long to update, load etc..its just so annoying..

Thanks for the new update news.
 
djpailo said:
I hate Sun Java but I am forced to use it because MS java is discontinued and buggy. Why does Sun Java take so long to update, load etc..its just so annoying..

Thanks for the new update news.
Click to expand...
Windows version? The update is rather large, yes, that's a given and yes it will take a while to download and install, you have to learn to live with it.

Silj
 
siljaline said:
Windows version? The update is rather large, yes, that's a given and yes it will take a while to download and install, you have to learn to live with it.

Silj
Click to expand...

How come no one else is allowed to build their own version of java and release it for free?
 
Sun Java JRE Multiple Vulns - updates available

FYI...

- http://secunia.com/advisories/23445/
Release Date: 2006-12-20
Critical: Highly critical
Impact: Privilege escalation, System access
Where: From remote
Solution Status: Vendor Patch....
...The following releases are affected:
* JDK and JRE 5.0 Update 7 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior
* JDK and JRE 5.0 Update 6 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior ...
Solution: Update to fixed versions:
JDK and JRE 5.0: Update to JDK and JRE 5.0 Update 8 or later.
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.x: Update to SDK and JRE 1.4.2_13 or later.
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.x: Update to SDK and JRE 1.3.1_19 or later.
http://java.sun.com/j2se/1.3/download.html ...
Original Advisory: Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 ..."

Also: http://isc.sans.org/diary.php?storyid=1960
Last Updated: 2006-12-20 03:30:43 UTC
"...Sun has a weird habit of *not* removing older versions from your machine, so you might want to do that manually..."

:lip: :fear:
 
Last edited:
FYI...

- http://isc.sans.org/diary.php?storyid=1994
Last Updated: 2007-01-02 04:13:00 UTC
"...Java 6 was released after nearly 2 years of work in December. Many of the updates to Java involve improved security functionality and memory leak updates. A full list of updates is available*... it has been observed that the Java update installer does not clean up older revisions of the product. Any update / change control procedures need to take this into account and remove older versions once you are satisfied that it is safe to move forward..."

"The Java Platform has added support for the following Security functionality in version 6..."
* http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements.html

.
 
FYI...

- http://secunia.com/advisories/23757/
Release Date: 2007-01-17
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch...
...The vulnerability is reported in the following versions:
* JDK and JRE 5.0 Update 9 and prior.
* SDK and JRE 1.4.2_12 and prior.
* SDK and JRE 1.3.1_18 and prior.
Solution: > Updated to fixed versions.
JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 10 or later.
- http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_13 or later.
- http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_19 or later.
- http://java.sun.com/j2se/1.3/download.html ...
Original Advisory:
Sun Microsystems: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1 ..."
"...Relief/Workaround: There is no workaround...
Resolution: This issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 5.0 Update 10 or later
* SDK and JRE 1.4.2_13 or later
* SDK and JRE 1.3.1_19 or later ..."

:fear:
 
FYI...

- http://www.vnunet.com/vnunet/news/2172403/java-exploits-brewing
12 Jan 2007 ~ "Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix... Java is inherently a more secure system, because JRE uses so-called sandboxing that allows it to operate as a virtual machine to block access to other parts of the system... As developers create JavaScript applications that require more capabilities, they begin to call up .dll files from the system. As soon as the programs reach outside the virtual machine for system files, the security protection of the sandbox is negated..."

:fear:
 
More...

- http://www.f-secure.com/weblog/archives/archive-012007.html#00001083
January 18, 2007 ~ "...When running a Java applet from a web page using a vulnerable version of Java Runtime, an applet exploiting the vulnerability may escape Java's sandbox. This means that the Java applet would have exactly the same access to the file system and process execution as any native application. Java vulnerabilities have been actively used by malicious web pages in the past, so it is quite possible that this new vulnerability will also be used. So do make sure that your Java runtime is up to date, instructions are available at Sun Advisory #102760*.
Note: Sun provides links to J2SE 5.0 Update 10 in their advisory. As we posted earlier, version 6.0 is also available**..."

* http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

** http://java.sun.com/javase/downloads/index.jsp

:fear:
 
FYI...

- http://www.us-cert.gov/cas/techalerts/TA07-022A.html
January 22, 2007
"...Systems Affected: Sun Java Runtime Environment versions
* JDK and JRE 5.0 Update 9 and earlier
* SDK and JRE 1.4.2_12 and earlier
* SDK and JRE 1.3.1_18 and earlier
Overview: The Sun Java Runtime Environment contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Solution: Apply an update from Sun
These issues are addressed in the following versions of the Sun Java Runtime environment:
* JDK and JRE 5.0 Update 10 or later
* SDK and JRE 1.4.2_13 or later
* SDK and JRE 1.3.1_19 or later
If you install the latest version of Java, older versions of Java may remain installed on your computer. If these versions of Java are not needed, you may wish to remove them..."

.
 
FYI...

...Java update (1.5.0u11)...
- http://isc.sans.org/diary.html?storyid=2226
Last Updated: 2007-02-12 22:35:17 UTC
"...It is worth noting that this update contains time zone data that incorporates Day Light Saving changes for 2007... Remember to remove the old update revisions if you don’t need them any more (after you’ve thoroughly tested all your applications, of course)..."

:spider:
 
FYI...

Java Platform Privilege Escalation Vuln - updates available
- http://secunia.com/advisories/25069/
Release Date: 2007-05-01
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software:
Sun Java Enterprise System 5.x
Sun Java JDK 1.5.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java SDK 1.4.x
...The vulnerability is reported in Java Web Start in JDK -and- JRE 5.0 Update 10 and Java Web Start in SDK and JRE 1.4.2_13 - and earlier- for Windows, Solaris and Linux...
>>> Solution: Update to Java Web Start in JDK and JRE 5.0 Update 11 or later, or Java Web Start in SDK and JRE 1.4.2_14 or later...
-- J2SE 5.0 --
http://java.sun.com/j2se/1.5.0/download.jsp
--- J2SE 1.4.2 --
http://java.sun.com/j2se/1.4.2/download.html
Note that vulnerable versions should be removed from the system...
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102881-1 ..."

.
 
Last edited:
You must log in or register to reply here.
Back
Top