: skip to content : Home : Uni : Students : Research : Community : News : Events
150 years of Achievement: image of university student
Faculties : A-Z Directory : Library
  • IT Security Links
    • University IT Security Alerts
-----------

ITSS-Advisory : Medium : Sun : JDK and JRE : Various remote issues

THREAT LEVEL
============
Medium

INFORMATION
===========

Product: JDK and JRE 6 Update 14 and earlier
JDK and JRE 5.0 Update 19 and earlier
SDK and JRE 1.4.2_21 and earlier
Publisher: Sun Microsystems
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Remote with User Interaction
Access Privileged Data -- Remote with User Interaction
Modify Arbitrary Files -- Remote with User Interaction
Create Arbitrary Files -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction

AFFECTED PLATFORMS
==================
Operating System: Windows
Solaris
Linux variants
ACTION
======

Workaround:
There is no workaround for this issue. Please see the Resolution section below.

Resolution: Patch/Upgrade
This issue is addressed in the following Java SE and Java SE for Business releases for Windows, Solaris, and Linux:
* JDK and JRE 6 Update 15 or later
* JDK and JRE 5.0 Update 20 or later

Java SE releases are available at:

JDK and JRE 6 Update 15:

* http://java.sun.com/javase/downloads/index.jsp

JRE 6 Update 15:

* http://java.com/
* Through the Java Update tool for Microsoft Windows users

JDK 6 Update 15 for Solaris is available in the following patches:

* Java SE 6: update 15 (as delivered in patch 125136-16)
* Java SE 6: update 15 (as delivered in patch 125137-16 (64bit))
* Java SE 6_x86: update 15 (as delivered in patch 125138-16)
* Java SE 6_x86: update 15 (as delivered in patch 125139-16 (64bit))

JDK and JRE 5.0 Update 20:

* http://java.sun.com/javase/downloads/index_jdk5.jsp

JDK 5.0 Update 20 for Solaris is available in the following patches:

* J2SE 5.0: update 20 (as delivered in patch 118666-21)
* J2SE 5.0: update 20 (as delivered in patch 118667-21 (64bit))
* J2SE 5.0_x86: update 20 (as delivered in patch 118668-21)
* J2SE 5.0_x86: update 20 (as delivered in patch 118669-21 (64bit))

Java SE for Business releases are available at:

* http://www.sun.com/software/javaseforbusiness/getit_download.jsp

Note: When installing a new version of the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system. To remove old affected versions on the Windows platform, please see:

* http://www.java.com/en/download/help/5000010800.xml

Original Bulletin:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263408-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263409-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1

Administrators of affected computer systems are advised to review the
bulletins, test and apply relevant mitigation strategies and updates.


top of page

Contact Us : Disclaimer & Copyright : Privacy