tfh
Volume 16, Number 3 -- January 22, 2007

Sun Patches Security Holes in Java Runtime Environment

Published: January 22, 2007

by Timothy Prickett Morgan

The past few weeks have been busy ones for patching security holes in the Java Runtime Environment that is at the heart of Sun Microsystems' Java programming language. Several vulnerability alerts for the JRE and the Java Development Kit (JDK) were issued the day after Christmas, and one more was issued on January 17.

If you want to find the details about these security vulnerabilities, go to the National Institute of Standards and Technology's National Vulnerability Database and search for "JRE." The alert posted on January 17 said that Sun JDK and JRE 5.0 Update 9 and earlier releases had a hole that would allow malicious Java applets to gain privileges on machines through a corrupted GIF image file, which would trigger a memory corruption (a buffer overflow) that could in turn allow a malicious coder into a machine. A spate of warnings issued on December 26 for earlier JDKs and JREs had similar security holes.

According to security monitoring site Secunia, these security holes have been patched by Sun, and they were rated highly critical security flaws. Sun fixed the flaws by issuing updates for the JRE 1.3, 1.4, and 5.0 software. You can read Sun's own advisory on this issue here. Sun has patched Java for Windows, Linux, and Solaris platforms, which it supports with its own JDK and JRE software.

Because IBM creates its own JDK and JRE software, Sun's patches do not work on IBM's own operating systems. I bring this up merely so you know there is a potential problem so you can ask IBM what you need to do. Keep your eyes on the System i PTF Guide, which is brought to you by our good friends at DLB Associates, to find out if and when IBM makes its own patches for this GIF-related Java security hole. As of Sunday afternoon, January 21, there was nothing yet.


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
AFFIRMATIVE COMPUTER

For tough production and warehouse environments, Affirmative introduces
the industrial-strength YEStablet wireless thin client.

Featuring a magnesium alloy case and shock protection boot for industrial applications, the new YEStablet supports 5250 and 3270 emulation with built-in GUI and touch-screen keyboard.

The USB port supports barcode scanners and other data collection devices.
Vehicle mount and wearable options are also available.

Visit www.affirmative.net for more information.
Editor: Timothy Prickett Morgan
Contributing Editors: Dan Burger, Joe Hertvik, Shannon O'Donnell,
Mary Lou Roberts, Victor Rozek, Kevin Vandever, Hesh Wiener, Alex Woodie
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Computer Keyes:  Rapidly convert *SCS printer files into black and white or full color PDF documents
Databorough:  X-analysis is the world leader in AS/400 application retro-documentation
COMMON:  Join us at the 2007 conference, April 29 – May 3, in Anaheim, California
 
The Linux Beacon
Red Hat Consolidates Fedora Core and Extras Development

Penguin Hatches Bare-Bones Altus Opteron Server

Why the Number of Women in IT Is Decreasing

Mad Dog 21/21: Between y o u and i

Four Hundred Stuff
IBM Patches Security Flaw in OS/400 V5R3

LXI Partners with FalconStor for VTL

Lawson Brings EMEA EAM App to the U.S.

Seagull Relaunches Farabi Tool Under BlueZone Name

Big Iron
VSE Becomes an Instrument of Strategy

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Using APIs to Send Impromptu Messages, Take Two

Gotcha Lurking in Datalink File Manager for DB2/400

Admin Alert: Ending Subsystems Properly

System i PTF Guide
January 13, 2007: Volume 9, Number 2

January 6, 2007: Volume 9, Number 1

December 30, 2006: Volume 8, Number 50

December 23, 2006: Volume 8, Number 49

December 16, 2006: Volume 8, Number 48

December 9, 2006: Volume 8, Number 47

The Windows Observer
Microsoft Partners Begin Testing for Dynamics CRM 'Titan'

Aras Delivers Open Source PLM Software for Windows

Intel Delivers More Quad-Core Server and PC Chips

SGI and Microsoft Partner on Windows Supercomputer Clusters

The Unix Guardian
Sun Tapes Out Rock Sparc Chip, Gooses Clocks on Niagara Sparc T1

Sun Finally Gets Solaris 10 11/06 Update Out the Door

Unisys Broadens Oasis Open Source Software Stacks for Linux

Why the Number of Women in IT Is Decreasing

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

ProData Computer Services
Vision Solutions
LXI
Bytware
Affirmative Computer



TABLE OF CONTENTS
Big Blue Readies Revamped Storage for the System i

IBM Closes Out 2006 With a Strong Fourth Quarter

Zend Describes Multiple Instances on i5/OS, Previews RPG Wrapper

Ask TPM: The Economics of Open Source Software

But Wait, There's More:
Reader Feedback on Why the Number of Women in IT Is Decreasing . . . USPTO Elaborates on 2006's Issued Patents and Backlog . . . New Congress, AT&T Revive the Net Neutrality Issue . . . Security Experts Say Botnets, Web Extortion Threats on the Rise . . . Study Weighs Building Data Centers Against Colocation for SMBs . . . Sun Patches Security Hole in Java Runtime Environment . . .

The Four Hundred

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement