Dec6
10:09 pm (UTC-7)   |   by Jake Soriano (Technical Communications)

Sun Microsystems, a multinational vendor of computers and computer software, has issued 13 alerts to address vulnerabilities affecting the Sun Java Runtime Environment (JRE). JRE allows users to run Java applications. The bugs have varying degrees of severity, and the most severe – when exploited – could allow remote attackers to take control of an affected system.

  • 244986: The Java Runtime Environment Creates Temporary Files That Have “Guessable” File Names
  • 244987: Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges
  • 244988: Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation
  • 244989: The Java Runtime Environment (JRE) “Java Update” Mechanism Does Not Check the Digital Signature of the JRE that it Downloads
  • 244990: A Buffer Overflow Vulnerability in the Java Runtime Environment (JRE) May Allow Privileges to be Escalated
  • 244991: A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated
  • 245246: The Java Runtime Environment UTF-8 Decoder May Allow Multiple Representations of UTF-8 Input
  • 246266: Security Vulnerability in Java Runtime Environment May Allow Applets to List the Contents of the Current User’s Home Directory
  • 246286: Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys
  • 246346: A Security Vulnerability in Java Runtime Environment (JRE) With Authenticating Users Through Kerberos May Lead to a Denial of Service (DoS)
  • 246366: Security Vulnerabilities in the Java Runtime Environment (JRE) JAX-WS and JAXB Packages may Allow Privileges to be Escalated
  • 246386: A Security Vulnerability in Java Runtime Environment (JRE) With Parsing of Zip Files May Allow Reading of Arbitrary Memory Locations
  • 246387: A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost

The following Java Runtime Environment versions are affected:

  • JDK and JRE 6 Update 10 and earlier
  • JDK and JRE 5.0 Update 16 and earlier
  • SDK and JRE 1.4.2_18 and earlier
  • SDK and JRE 1.3.1_23 and earlier

Users are advised to install updates immediately. The bugs are addressed in these new JRE versions:

  • JDK and JRE 6 Update 11
  • JDK and JRE 5.0 Update 17
  • SDK and JRE 1.4.2_19
  • SDK and JRE 1.3.1_24

Sun has instructions on uninstalling old and unused versions of Java, which may remain installed systems. US-CERT.gov has also issued an advisory on these Sun vulnerabilities.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Saturday, December 6th, 2008 at 10:09 pm and is filed under Vulnerabilities . You can leave a response, or trackback from your own site.



One Response to “Sun Issues Updates on Several Critical Java Vulnerabilities”

Trackbacks

  1. Java SE Runtime Environment (JRE) 6 Update 11 - Computer Juice - Forums

Leave a Reply


Most Abused Infection Vector
Yet More Fake (And Malicious) Antivirus


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice