Old Sun Java JRE updates

Multiple Sun JRE vulns - updates available

FYI...

Security Vulns in the JRE Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges
- http://www.sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102934-1
Update Date: Thu May 31 00:00:00 MDT 2007
Relief/Workaround: There is no workaround. Please see Resolution section below.
Resolution: The first issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 1 or later
* JDK and JRE 5.0 Update 11 or later...
Java SE 6 Update 1 is available for download at the following links:
* http://java.sun.com/javase/downloads/index.jsp
J2SE 5.0 is available for download at the following link:
* http://java.sun.com/j2se/1.5.0/download.jsp ...
Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system..."

> http://www.us-cert.gov/current/#sun_microsystems_releases_security_advisory
June 6, 2007

> http://www.kb.cert.org/vuls/id/138545
Last Updated: 06/06/2007

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

:fear:
 
Last edited:
Thanks for the notice. I read on neowin that microsoft were making a flash program to rival adobes flash player. Will they ever resume with their java programme or are there still legal issues?
 
Sun Java Web Start vuln - updates available

FYI...

- http://secunia.com/advisories/25823/
Release Date: 2007-06-29
Critical: Highly critical
Impact: Security Bypass, Manipulation of data
Where: From remote
Solution Status: Vendor Patch
Software:
Java Web Start 1.x
Sun Java JDK 1.5.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java SDK 1.4.x
...The vulnerability affects Java Web Start in JDK and JRE 5.0 Update 11 and earlier and Java Web Start in SDK and JRE 1.4.2_13 and earlier for the Windows platform...
Solution: Apply updates.
Java Web Start in JDK and JRE 5.0 Update 12 or later
http://java.sun.com/j2se/1.5.0/download.jsp
Java Web Start in SDK and JRE 1.4.2_14 or later
http://java.sun.com/j2se/1.4.2/download.html ...
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1 ..."

Also see: http://secunia.com/advisories/25769/
( http://sunsolve.sun.com/search/document.do?assetkey=1-26-102958-1 )

:fear:
 
Last edited:
Last edited:
FYI...

- http://secunia.com/advisories/25981/
Release Date: 2007-07-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Java Web Start 1.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x ...
The vulnerability is reported in the following versions:
* Java Runtime Environment 6 Update 1 and earlier
* Java Runtime Environment 5 Update 11, and earlier ...
Solution: Apply updates.
JRE 5 Update 12:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JRE 6 Update 2:
http://java.sun.com/javase/downloads/index.jsp ..."

Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

:fear:
 
FYI...

Sun Java vuln - updates available
> http://secunia.com/advisories/26015/
Release Date: 2007-07-11
Critical: Moderately critical
...The vulnerability affects the following versions for Solaris, Linux, and Windows:
* JDK and JRE 6 Update 1 and earlier
* JDK and JRE 5.0 Updates 7, 8, 9, 10, and 11
* SDK and JRE 1.4.2_11, _12, _13, and _14 ...
Solution: Update to the latest versions:
JDK and JRE 6 Update 2 or later: http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 12 and later: http://java.sun.com/j2se/1.5.0/download.jsp
SDK and JRE 1.4.2_15 and later: http://java.sun.com/j2se/1.4.2/download.html ...
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1 ...

- http://secunia.com/advisories/26031/
Release Date: 2007-07-11
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Sun Java JDK 1.6.x, Sun Java JRE 1.6.x / 6.x ...
Solution: Apply patches.
Update to JDK and JRE 6 Update 2 or later.
http://java.sun.com/javase/downloads/index.jsp ...

----------------------
Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

.
 
Last edited:
FYI...

- http://isc.sans.org/diary.html?storyid=3140
Last Updated: 2007-07-13 16:44:38 UTC - "...anyone using the Java Runtime Environment or Java Development Kit is at risk.
http://www.auscert.org.au/render.html
This flaw may have an impact on PDA's and mobile phones as well as PC's. Because Java is browser independent it has potential to impact many, many devices. It is recommended that you patch all java devices as soon as possible."

- http://news.zdnet.com/2100-1009_22-6196493.html
July 13, 2007 - "...problem is compounded by the fact that organizations are unlikely to take on the daunting process of patching -all- of their Java Runtime vulnerabilities..."

:oops:
 
FYI...

Sun Java JRE multiple Vulns - updates available
- http://secunia.com/advisories/27009/
Release Date: 2007-10-04
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, System access
Where: From remote
Solution Status: Vendor Patch
Software: Sun Java JDK 1.5.x, Sun Java JDK 1.6.x, Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x, Sun Java SDK 1.3.x, Sun Java SDK 1.4.x
...The vulnerabilities are reported in the following versions:
* JDK and JRE 6 Update 2 and earlier
* JDK and JRE 5.0 Update 12 and earlier
* SDK and JRE 1.4.2_15 and earlier
* SDK and JRE 1.3.1_20 and earlier
Solution: Update to the fixed versions.
JDK and JRE 6 Update 3:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 13:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_16:
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.1 for Solaris 8:
http://java.sun.com/j2se/1.3/download.html ...

.
 
FYI..

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0012
Last revised: 1/10/2008
Vulnerable software and versions
Configuration 1: Sun, JRE, 5.0 Update13, and previous

Java Runtime Environment (JRE) 5.0 Update 14
> http://java.sun.com/javase/downloads/index_jdk5.jsp

-or- Update to JRE 6 update 4:
> http://java.sun.com/javase/downloads/index.jsp

Note: http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
=================================

- http://secunia.com/advisories/28746/
Release Date: 2008-02-01
Critical: Less critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: Sun Java JDK 1.6.x, Sun Java JRE 1.6.x / 6.x
...Successful exploitation requires that malicious XML data is processed within a trusted applet or Java Web Start application. The security issue is reported in Sun JDK and JRE 6 Update 3 and earlier. Sun JDK and JRE 5.0, and SDK and JRE 1.4.x and 1.3.x are reportedly not affected...
Solution: Update to JDK or JRE 6 Update 4 or later.
http://java.sun.com/javase/downloads/index.jsp
JDK 6 Update 4 for Solaris is also available in the following patches:
Java SE 6 update 4 (as delivered in patch 125136-05 or later)
Java SE 6 update 4 (as delivered in patch 125137-05 or later (64bit))
Java SE 6 x86 update 4 (as delivered in patch 125138-05 or later)
Java SE 6 x86 update 4 (as delivered in patch 125139-05 or later (64bit))
Provided and/or discovered by:
The vendor credits Chris Evans and Johannes Henkel, Google Security Team.
Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
 
Last edited:
FYI...

Sun Java JDK/JRE multiple Vulns - update available
- http://secunia.com/advisories/29239/
Last Update: 2008-03-06
Critical: Highly critical
Impact: Security Bypass, Manipulation of data, DoS, System access
Where: From remote
Solution Status: Vendor Patch...

- http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1
"Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges...
This issue can occur in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 4 and earlier
* JDK and JRE 5.0 Update 14 and earlier
* SDK and JRE 1.4.2_16 and earlier ...
Resolution
This issue is addressed in the following releases (for Windows, Solaris, and Linux):
* JDK and JRE 6 Update 5 or later
* JDK and JRE 5.0 Update 15 or later
* SDK and JRE 1.4.2_17 or later ..."

:fear:
 
Sun Java (JRE) v1.6.0_6 released

FYI...

Sun Java Runtime Environment (JRE) 6 Update 6
- http://java.sun.com/javase/downloads/index.jsp
April 16, 2008

Release notes:
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_06
13 [lucky] Bug fixes (several interesting...)
- HttpClient and HttpsClient should not try to reverse lookup IP address of a proxy server
- REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC
- Java control panel is not showing up in the Windows Vista control panel on a AMD 64 machine
- 6.0 JRE applet running on Vista limits heap to 64 MB
- Java 6 JavaWebstart increases footprint by factor 2 ...

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

.
 
Last edited:
FYI... (No Secunia advisory, yet)

- http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
Jan 30, 2008 - "... Vulnerability in the Java Runtime Environment XML Parsing Code May Allow URL Resources to be Accessed..."
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1
Feb 05, 2008 - "... Two Vulnerabilities in the Java Runtime Environment May Independently Allow an Untrusted Application or Applet to Elevate Privileges..."
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1
Mar 04, 2008 - "... Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations..."
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1
Mar 04, 2008 - "... Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges..."
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1
Mar 04, 2008 - "... Vulnerabilties in the Java Runtime Environment image Parsing Library..."
(...and probably others.)

"...Resolution: (These issues are) addressed in the following releases (for all supported platforms):
JDK and JRE 6 Update x or later..."

Choose "later" - JDK and JRE 6 Update 6 (current)
...available for download at the following link:
- http://java.sun.com/javase/downloads/index.jsp

:fear:
 
Sun Java JRE v1.6.0_7 released

FYI...

Java SE Runtime Environment 6u7 First Customer Ship
- http://java.sun.com/javase/downloads/index.jsp
July 9, 2008

Changes in 1.6.0_07:
- http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_07
13 Bug fixes

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...

- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238905-1
"...Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see: http://java.com/en/download/help/uninstall_java.xml ..."

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

Sun Java JDK/JRE multiple vulns
- http://secunia.com/advisories/31010/
Release Date: 2008-07-09
Critical: Highly critical
Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Java Web Start 1.x, Java Web Start 5.x, Java Web Start 6.x, Sun Java JDK 1.5.x, Sun Java JDK 1.6.x, Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java JRE 1.5.x / 5.x, Sun Java JRE 1.6.x / 6.x, Sun Java SDK 1.3.x, Sun Java SDK 1.4.x ...
Solution: Update to the fixed version.
JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.1_23 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html ...

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3112
Last revised: 7/10/2008
CVSS v2 Base score: 9.3 (High)

:fear:
 
Last edited:
Sun Java JRE v1.6.0_10 released

FYI...

Sun Java JRE v1.6.0_10 released
- http://java.sun.com/javase/downloads/index.jsp
Oct. 16, 2008

Release Notes
- http://java.sun.com/javase/6/webnotes/6u10.html
(MANY bug fixes listed...)

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...
Note: Don't forget to uninstall the old version(s). Their installs don't do it...
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238905-1
"...Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see: http://java.com/en/download/help/uninstall_java.xml ..."

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."
 
Sun Java JRE update released

FYI...

Sun Java JRE v1.6.0_11 released
- http://java.sun.com/javase/downloads/index.jsp
Dec. 02, 2008

Release Notes
- http://java.sun.com/javase/6/webnotes/6u11.html
-18- bug fixes...
"This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 244986, 244987, 244988, 244989, 244990, 244991, 244992, 245246, 246266, 246286, 246346, 246366, and 246387..."

- http://java.sun.com/javase/6/
"Java SE 6 is the current major release of the Java SE platform... Sun provides some older product and technology releases as a courtesy..."

Verify/test (-not- a Sun site):
- http://javatester.org/version.html ...

.
 
Last edited:
You must log in or register to reply here.
Back
Top