[fedora-java] [mike.cloaked at gmail.com: Java security update and Iced Tea]
mike cloaked
mike.cloaked at gmail.com
Mon Mar 10 17:09:56 UTC 2008
On Mon, Mar 10, 2008 at 2:56 PM, Andrew Haley <aph at redhat.com> wrote:
> Given thaht we don't know what vulnerabilities were described in the
> notification, the answer must be no. Unless someone on this list
> has some idea what vulnerabilities you're talking about...
Copying from the US-CERT notice:
Overview
Sun has released alerts to address multiple vulnerabilities affecting
the Sun Java Runtime Environment. The most severe of these
vulnerabilities could allow a remote attacker to execute arbitrary
code.
I. Description
The Sun Java Runtime Environment (JRE) allows users to run Java
applications in a browser or as standalone programs. Sun has released
updates to the Java Runtime Environment software to address multiple
vulnerabilities. Further details about these vulnerabilities are
available in the US-CERT Vulnerability Notes Database.
Sun released the following alerts to address these issues:
* 233321 Two Security Vulnerabilities in the Java Runtime
Environment Virtual Machine
* 233322 Security Vulnerability in the Java Runtime Environment With
the Processing of XSLT Transformations
* 233323 Multiple Security Vulnerabilities in Java Web Start May
Allow an Untrusted Application to Elevate Privileges
* 233324 A Security Vulnerability in the Java Plug-in May Allow an
Untrusted Applet to Elevate Privileges
* 233325 Vulnerabilties in the Java Runtime Environment image
Parsing Library
* 233326 Security Vulnerability in the Java Runtime Environment May
Allow Untrusted JavaScript Code to Elevate Privileges Through Java
APIs
* 233327 Buffer Overflow Vulnerability in Java Web Start May Allow
an Untrusted Application to Elevate its Privileges
II. Impact
The impacts of these vulnerabilities vary. The most severe of these
vulnerabilities allows a remote attacker to execute arbitrary code.
--
mike
More information about the fedora-list
mailing list