Jump to content

CERT Alert - SUN JAVA - JRE 5 and 6

Guest MEB

By Guest MEB
in Windows 98

 Share

Recommended Posts

Guest MEB

Guest MEB

Posted
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

 

Technical Cyber Security Alert TA08-066A

 

 

Sun Updates for Multiple Vulnerabilities in Java

 

Original release date: March 6, 2008

Last revised: --

Source: US-CERT

 

 

Systems Affected

 

Sun Java Runtime Environment versions

* JDK and JRE 6 Update 4 and earlier

* JDK and JRE 5.0 Update 14 and earlier

* SDK and JRE 1.4.2_16 and earlier

* SDK and JRE 1.3.1_21 and earlier

 

 

Overview

 

Sun has released alerts to address multiple vulnerabilities affecting

the Sun Java Runtime Environment. The most severe of these

vulnerabilities could allow a remote attacker to execute arbitrary

code.

 

 

I. Description

 

The Sun Java Runtime Environment (JRE) allows users to run Java

applications in a browser or as standalone programs. Sun has released

updates to the Java Runtime Environment software to address multiple

vulnerabilities. Further details about these vulnerabilities are

available in the US-CERT Vulnerability Notes Database.

 

Sun released the following alerts to address these issues:

* 233321 Two Security Vulnerabilities in the Java Runtime

Environment Virtual Machine

 

* 233322 Security Vulnerability in the Java Runtime Environment With

the Processing of XSLT Transformations

 

* 233323 Multiple Security Vulnerabilities in Java Web Start May

Allow an Untrusted Application to Elevate Privileges

 

* 233324 A Security Vulnerability in the Java Plug-in May Allow an

Untrusted Applet to Elevate Privileges

 

* 233325 Vulnerabilties in the Java Runtime Environment image

Parsing Library

 

* 233326 Security Vulnerability in the Java Runtime Environment May

Allow Untrusted JavaScript Code to Elevate Privileges Through Java

APIs

 

* 233327 Buffer Overflow Vulnerability in Java Web Start May Allow

an Untrusted Application to Elevate its Privileges

 

 

II. Impact

 

The impacts of these vulnerabilities vary. The most severe of these

vulnerabilities allows a remote attacker to execute arbitrary code.

 

 

III. Solution

 

Apply an update from Sun

 

These issues are addressed in the following versions of the Sun Java

Runtime environment:

* JDK and JRE 6 Update 5 or later

* JDK and JRE 5.0 Update 15 or later

* SDK and JRE 1.4.2_17 or later

* SDK and JRE 1.3.1_21 and earlier

 

If you install the latest version of Java, older versions of Java may

remain installed on your computer. If these versions of Java are not

needed, you may wish to remove them. For instructions on how to remove

older versions of Java, refer to the following instructions from Sun.

 

Disable Java

 

Disable Java in your web browser, as specified in the Securing Your

Web Browser document. While this does not fix the underlying

vulnerabilities, it does block a common attack vector.

 

 

IV. References

 

* US-CERT Vulnerability Notes for Sun Alerts -

<http://www.kb.cert.org/vuls/byid?searchview&query=SUNJAVA_020608>

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

* Sun Alert 233321 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1>

 

* Sun Alert 233322 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1>

 

* Sun Alert 233323 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1>

 

* Sun Alert 233324 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1>

 

* Sun Alert 233325 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1>

 

* Sun Alert 233326 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1>

 

* Sun Alert 233327 -

<http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1>

 

* Java SE Technologies at a Glance -

<http://java.sun.com/javase/technologies/>

 

* Java SE Security -

<http://java.sun.com/javase/technologies/security/index.jsp>

 

* Can I remove older versions of the JRE after installing a newer

version? - <http://www.java.com/en/download/faq/5000070400.xml>

____________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA08-066A.html>

____________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA08-066A Feedback VU#223028" in the

subject.

____________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

 

Revision History

 

March 6, 2008: Initial release

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBR9BZrfRFkHkM87XOAQLTzQgAnYzrhCIWEuWRlfH8tVWZl159MZ+vEX5Z

TYwjqClljWyy8edzxNWRUV0pqHVe799hJtRA1luKgTEOWqOtXLrw6/AGdpIf+3CB

ikiAEQR4Cirvt5lHRrlZjMG7eBPZwGQtFgHxzVrEE2lwDl5UDGejMDz+rTwJCm7/

HWBkktM7suHWpZu9jKFpfnizFTbzRSXw/CcALe/FwFxjND3hBjnDWv2Gu7bmMaEA

7a/Q8IJ8mNiU6ZIYdriQEVZHZs6IHtzyw39Qh9NpL+NAGuBxna4MXAOtqoIR1Rvt

FyzZUfjMvEBSKHvA6VWrWmt/JlaSlcVUZB7jRIyInYTvbYPwAnylXg==

=U6aE

-----END PGP SIGNATURE-----

 

 

 

--

 

MEB

http://peoplescounsel.orgfree.com

_________

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Vic

Guest Vic

Posted
Posted

Re: CERT Alert - SUN JAVA - JRE 5 and 6

 

Thanks for your post, would not have known without it.

___

"MEB" <meb@not here@hotmail.com> wrote in message

news:Ol5IIiAgIHA.5164@TK2MSFTNGP03.phx.gbl...

> -----BEGIN PGP SIGNED MESSAGE-----

> Hash: SHA1

>

> National Cyber Alert System

>

> Technical Cyber Security Alert TA08-066A

>

>

> Sun Updates for Multiple Vulnerabilities in Java

>

> Original release date: March 6, 2008

> Last revised: --

> Source: US-CERT

>

>

> Systems Affected

>

> Sun Java Runtime Environment versions

> * JDK and JRE 6 Update 4 and earlier

> * JDK and JRE 5.0 Update 14 and earlier

> * SDK and JRE 1.4.2_16 and earlier

> * SDK and JRE 1.3.1_21 and earlier

>

>

> Overview

>

> Sun has released alerts to address multiple vulnerabilities

> affecting

> the Sun Java Runtime Environment. The most severe of

> these

> vulnerabilities could allow a remote attacker to execute

> arbitrary

> code.

>

>

> I. Description

>

> The Sun Java Runtime Environment (JRE) allows users to run

> Java

> applications in a browser or as standalone programs. Sun has

> released

> updates to the Java Runtime Environment software to address

> multiple

> vulnerabilities. Further details about these vulnerabilities

> are

> available in the US-CERT Vulnerability Notes Database.

>

> Sun released the following alerts to address these issues:

> * 233321 Two Security Vulnerabilities in the Java

> Runtime

> Environment Virtual Machine

>

> * 233322 Security Vulnerability in the Java Runtime Environment

> With

> the Processing of XSLT Transformations

>

> * 233323 Multiple Security Vulnerabilities in Java Web Start

> May

> Allow an Untrusted Application to Elevate Privileges

>

> * 233324 A Security Vulnerability in the Java Plug-in May Allow

> an

> Untrusted Applet to Elevate Privileges

>

> * 233325 Vulnerabilties in the Java Runtime Environment

> image

> Parsing Library

>

> * 233326 Security Vulnerability in the Java Runtime Environment

> May

> Allow Untrusted JavaScript Code to Elevate Privileges Through

> Java

> APIs

>

> * 233327 Buffer Overflow Vulnerability in Java Web Start May

> Allow

> an Untrusted Application to Elevate its Privileges

>

>

> II. Impact

>

> The impacts of these vulnerabilities vary. The most severe of

> these

> vulnerabilities allows a remote attacker to execute arbitrary code.

>

>

> III. Solution

>

> Apply an update from Sun

>

> These issues are addressed in the following versions of the Sun

> Java

> Runtime environment:

> * JDK and JRE 6 Update 5 or later

> * JDK and JRE 5.0 Update 15 or later

> * SDK and JRE 1.4.2_17 or later

> * SDK and JRE 1.3.1_21 and earlier

>

> If you install the latest version of Java, older versions of Java

> may

> remain installed on your computer. If these versions of Java are

> not

> needed, you may wish to remove them. For instructions on how to

> remove

> older versions of Java, refer to the following instructions from

> Sun.

>

> Disable Java

>

> Disable Java in your web browser, as specified in the Securing

> Your

> Web Browser document. While this does not fix the

> underlying

> vulnerabilities, it does block a common attack vector.

>

>

> IV. References

>

> * US-CERT Vulnerability Notes for Sun Alerts -

>

> <http://www.kb.cert.org/vuls/byid?searchview&query=SUNJAVA_020608>

>

> * Securing Your Web Browser -

> <http://www.us-cert.gov/reading_room/securing_browser/>

>

> * Sun Alert 233321 -

>

> <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1>

>

> * Sun Alert 233322 -

>

> <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1>

>

> * Sun Alert 233323 -

>

> <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1>

>

> * Sun Alert 233324 -

>

> <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1>

>

> * Sun Alert 233325 -

>

> <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1>

>

> * Sun Alert 233326 -

>

> <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1>

>

> * Sun Alert 233327 -

>

> <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1>

>

> * Java SE Technologies at a Glance -

> <http://java.sun.com/javase/technologies/>

>

> * Java SE Security -

> <http://java.sun.com/javase/technologies/security/index.jsp>

>

> * Can I remove older versions of the JRE after installing a

> newer

> version? - <http://www.java.com/en/download/faq/5000070400.xml>

> ____________________________________________________________________

>

> The most recent version of this document can be found at:

>

> <http://www.us-cert.gov/cas/techalerts/TA08-066A.html>

> ____________________________________________________________________

>

> Feedback can be directed to US-CERT Technical Staff. Please send

> email to <cert@cert.org> with "TA08-066A Feedback VU#223028" in the

> subject.

> ____________________________________________________________________

>

> For instructions on subscribing to or unsubscribing from this

> mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

> ____________________________________________________________________

>

> Produced 2008 by US-CERT, a government organization.

>

> Terms of use:

>

> <http://www.us-cert.gov/legal.html>

> ____________________________________________________________________

>

>

> Revision History

>

> March 6, 2008: Initial release

> -----BEGIN PGP SIGNATURE-----

> Version: GnuPG v1.2.1 (GNU/Linux)

>

> iQEVAwUBR9BZrfRFkHkM87XOAQLTzQgAnYzrhCIWEuWRlfH8tVWZl159MZ+vEX5Z

> TYwjqClljWyy8edzxNWRUV0pqHVe799hJtRA1luKgTEOWqOtXLrw6/AGdpIf+3CB

> ikiAEQR4Cirvt5lHRrlZjMG7eBPZwGQtFgHxzVrEE2lwDl5UDGejMDz+rTwJCm7/

> HWBkktM7suHWpZu9jKFpfnizFTbzRSXw/CcALe/FwFxjND3hBjnDWv2Gu7bmMaEA

> 7a/Q8IJ8mNiU6ZIYdriQEVZHZs6IHtzyw39Qh9NpL+NAGuBxna4MXAOtqoIR1Rvt

> FyzZUfjMvEBSKHvA6VWrWmt/JlaSlcVUZB7jRIyInYTvbYPwAnylXg==

> =U6aE

> -----END PGP SIGNATURE-----

>

>

>

> --

>

> MEB

> http://peoplescounsel.orgfree.com

> _________

>

>

>

 Share
Go to topic listing
×
×
  • Create New...