Re: [fedora-java] [mike.cloaked@xxxxxxxxx: Java security update and Iced Tea]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 10, 2008 at 2:56 PM, Andrew Haley <aph@xxxxxxxxxx> wrote:

>  Given thaht we don't know what vulnerabilities were described in the
>  notification, the answer must be no.  Unless someone on this list
>  has some idea what vulnerabilities you're talking about...

Copying from the US-CERT notice:

Overview

   Sun  has released alerts to address multiple vulnerabilities affecting
   the   Sun   Java   Runtime  Environment.  The  most  severe  of  these
   vulnerabilities  could  allow  a  remote attacker to execute arbitrary
   code.


I. Description

   The  Sun  Java  Runtime  Environment  (JRE)  allows  users to run Java
   applications  in a browser or as standalone programs. Sun has released
   updates  to  the Java Runtime Environment software to address multiple
   vulnerabilities.  Further  details  about  these  vulnerabilities  are
   available in the US-CERT Vulnerability Notes Database.

   Sun released the following alerts to address these issues:
     * 233321   Two   Security   Vulnerabilities   in  the  Java  Runtime
       Environment Virtual Machine

     * 233322 Security Vulnerability in the Java Runtime Environment With
       the Processing of XSLT Transformations

     * 233323  Multiple  Security  Vulnerabilities  in Java Web Start May
       Allow an Untrusted Application to Elevate Privileges

     * 233324  A  Security Vulnerability in the Java Plug-in May Allow an
       Untrusted Applet to Elevate Privileges

     * 233325  Vulnerabilties  in  the  Java  Runtime  Environment  image
       Parsing Library

     * 233326  Security Vulnerability in the Java Runtime Environment May
       Allow Untrusted JavaScript Code to Elevate Privileges Through Java
       APIs

     * 233327  Buffer  Overflow Vulnerability in Java Web Start May Allow
       an Untrusted Application to Elevate its Privileges


II. Impact

   The  impacts  of  these vulnerabilities vary. The most severe of these
   vulnerabilities allows a remote attacker to execute arbitrary code.



-- 
mike


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux