More JAVA Updates

By Roger on March 5, 2008 9:19 PM | | Comments (0) | TrackBacks (0)

We just finished rolling out Java 1.5 update 14. As we've come to expect with all updates, that means another update is right around the corner. SUN has not disappointed.

Sun JDK and JRE 5.0 Update 15
http://java.sun.com/javase/downloads/index_jdk5.jsp

Sun JDK and JRE 6 Update 5
http://java.sun.com/javase/downloads/index.jsp

SUN SDK and JRE 1.4.2_17
http://java.sun.com/j2se/1.4.2/download.html

Multiple vulnerabilities have been disclosed:

- Two privilege-escalation vulnerabilities affect Java Runtime Environment Virtual Machine. An untrusted application downloaded from a website may be able to elevate its privileges to read and write local files or execute local applications.

- A privilege-escalation vulnerability affects Java Runtime Environment
(JRE) when processing XSLT transformations. An applet may be able to
exploit this to read unauthorized URI, potentially execute arbitrary
code, or cause denial-of-service conditions.

- Three buffer-overflow vulnerabilities affect Java Web Start. These
issues may be exploited by a malicious Java Web Start application to
elevate privileges and perform arbitrary actions as the currently
logged-in user.

- A privilege-escalation vulnerability affects Java Web Start. A
untrusted application may be able to grant read and write permission to
local files, or execute local application in the context of the currently
logged-in user.

- An unauthorized-access vulnerability affects Java Web Start. A
malicious Java Web Start application can exploit this issue to create
files on the vulnerable system. It may then be able to execute those
files to run arbitrary code in the context of the currently logged-in
user.

- A same-origin bypass vulnerability affects the Java Plug-in. An applet
may be able to exploit this issue to execute local applications that are
accessible to the user running the plugin.

- A privilege-escalation vulnerability affects Java Runtime Environment
in the image-parsing library. A malicious applet may be able to exploit
this to read and write to local scripts and execute local applications in
the context of the currently logged-in user.

- Two denial-of-service vulnerabilities affect the color management
library that may cause the Java Runtime Environment to crash.

- An unauthorized-access vulnerability affects the Java Runtime
Environment that may allow JavaScript code to make connections to network
services. This may aid in further attacks.

- A buffer-overflow vulnerability affects Java Web Start. A Java Web
Start application may be able to exploit this issue to elevate
privileges, read/write arbitrary files, and execute arbitrary local
applications in the context of the currently logged-in user.


(Symantec Deepsight Alert Service)

Categories

General

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: More JAVA Updates.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/695

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on March 5, 2008 9:19 PM.

Cox PIN was the previous entry in this blog.

Google CAPTCHA breakage leads to increase in spam is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search