|
||
| Editor Login | Register | ||
| > World > Security |
|
|
| Sun updates for Multiple Vulnerabilities in Java |
|
Original release date: March 6, 2008 Last revised: March 7, 2008 Source: US-CERT Systems Affected Sun Java Runtime Environment versions JDK and JRE 6 Update 4 and earlier JDK and JRE 5.0 Update 14 and earlier SDK and JRE 1.4.2_16 and earlierSDK and JRE 1.3.1_21 and earlier Overview Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. I. Description The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Sun has released updates to the Java Runtime Environment software to address multiple vulnerabilities. Further details about these vulnerabilities are available in the US-CERT Vulnerability Notes Database. Sun released the following alerts to address these issues: 233321 Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine233322 Security Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations233323 Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges233324 A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges233325 Vulnerabilties in the Java Runtime Environment image Parsing Library233326 Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges Through Java APIs233327 Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its PrivilegesII. Impact The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code. III. Solution Apply an update from Sun These issues are addressed in the following versions of the Sun Java Runtime environment: JDK and JRE 6 Update 5 or laterJDK and JRE 5.0 Update 15 or laterSDK and JRE 1.4.2_17 or laterSDK and JRE 1.3.1_22 and laterIf you install the latest version of Java, older versions of Java may remain installed on your computer. If these versions of Java are not needed, you may wish to remove them. For instructions on how to remove older versions of Java, refer to the following instructions from Sun. Disable JavaDisable Java in your web browser, as specified in the Securing Your Web Browser document. While this does not fix the underlying vulnerabilities, it does block a common attack vector. IV. References US-CERT Vulnerability Notes for Sun Alerts - <http://www.kb.cert.org/vuls/byid?searchview&query=SUNJAVA_020608> Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>Sun Alert 233321 - <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1>Sun Alert 233322 - <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1>Sun Alert 233323 - <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1>Sun Alert 233324 - <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1>Sun Alert 233325 - <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1>Sun Alert 233326 - <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1>Sun Alert 233327 - <http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1>Java SE Technologies at a Glance - <http://java.sun.com/javase/technologies/>Java SE Security - <http://java.sun.com/javase/technologies/security/index.jsp>Can I remove older versions of the JRE after installing a newer version? - <http://www.java.com/en/download/faq/5000070400.xml> Deionized | Security Expert TÝM |
|
| Bağlantılar: bilgininefendisi.net |
| Open Source Document Project | AUP&TOS |