tug
Volume 4, Number 3 -- January 25, 2007

Sun Patches Security Holes in Java Runtime Environment

Published: January 25, 2007

by Timothy Prickett Morgan

The past few weeks have been busy ones for patching security holes in the Java Runtime Environment that is at the heart of Sun Microsystems' Java programming language. Several vulnerability alerts for the JRE and the Java Development Kit (JDK) were issued the day after Christmas, and one more was issued on January 17.

If you want to find the details about these security vulnerabilities, go to the National Institute of Standards and Technology's National Vulnerability Database and search for "JRE." The alert posted on January 17 said that Sun JDK and JRE 5.0 Update 9 and earlier releases had a hole that would allow malicious Java applets to gain privileges on machines through a corrupted GIF image file, which would trigger a memory corruption (a buffer overflow) that could in turn allow a malicious coder into a machine. A spate of warnings issued on December 26 for earlier JDKs and JREs had similar security holes.

According to security monitoring site Secunia, these security holes have been patched by Sun, and they were rated highly critical security flaws. Sun fixed the flaws by issuing updates for the JRE 1.3, 1.4, and 5.0 software. You can read Sun's own advisory on this issue here. Sun has patched Java for Windows, Linux, and Solaris platforms, which it supports with its own JDK and JRE software.


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
MICRO FOCUS

Now you can go direct to Micro Focus...

Announcing direct sales, service and support
for HP and Micro Focus customers!

All versions of Micro Focus products previously sold through HP or an HP reseller are now sold, serviced and supported directly by Micro Focus.

For more information, or to talk to a dedicated HP conversion specialist:

www.microfocus.com/hpconversion
1-800-632-6265 Option 2
HPConversion-US@microfocus.com
Editor: Timothy Prickett Morgan
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

World Data Products:  FREE 84-page Unix/Midrange Server Spec Book
FreeBSD:  Advanced OS for X86 and X64, Alpha/AXP, IA-64, PC-98, and Sparc architectures
COMMON:  Join us at the Annual 2007 Conference & Expo, April 29 - May 3, in Anaheim, California

The Four Hundred
Big Blue Readies Revamped Storage for the System i

IBM Closes Out 2006 With a Strong Fourth Quarter

Zend Describes Multiple Instances on i5/OS, Previews RPG Wrapper

Ask TPM: The Economics of Open Source Software

The Linux Beacon
OSDL and Free Standards Group Merge into the Linux Foundation

Sun, Intel Form Alliance for Xeon Servers and Workstations

IDC Says Global IT Spending Will Kiss $1.5 Trillion By 2010

The X Factor: Solaris Versus Linux Support Pricing

Four Hundred Stuff
IBM Lotus Adds Handles to Information Overload

Applied Logic Launches OS/400 Encryption Utility

BOSaNOVA Launches Four Thin Clients

GT Software Gives Web Service Smarts to Web-Enabled Apps

Big Iron
IBM Closes Out 2006 With a Strong Fourth Quarter

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Using the SQL SET OPTION Statement

Legible PATH and CLASSPATH

Admin Alert: Updating Your System i5 for Daylight Saving Time Changes

System i PTF Guide
January 20, 2007: Volume 9, Number 3

January 13, 2007: Volume 9, Number 2

January 6, 2007: Volume 9, Number 1

December 30, 2006: Volume 8, Number 50

December 23, 2006: Volume 8, Number 49

December 16, 2006: Volume 8, Number 48

The Windows Observer
Microsoft Keeps the Pressure on IBM's Notes, Domino

IBM Lotus Adds Handles to Information Overload

Symantec Expands Performance Management Software

Salesforce.com Reports AppExchange Milestone

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

Canvas Systems
MKS
Lakeview Technology
Roaring Penguin
Micro Focus



TABLE OF CONTENTS
Sun Profits in Fiscal Q2, Gets $700 Million Equity Injection from KKR

Sun, Intel Form Alliance for Xeon Servers and Workstations

IBM Closes Out 2006 With a Strong Fourth Quarter

The X Factor: Solaris Versus Linux Support Pricing

But Wait, There's More:

HP Creates Unified Software Unit For Servers and Storage . . . Information is Useless: Survey . . . USPTO Elaborates on 2006's Issued Patents and Backlog . . . New Congress, AT&T Revive the Net Neutrality Issue . . . IBM Lotus Adds Handles to Information Overload . . . Sun Patches Security Holes in Java Runtime Environment . . .

The Unix Guardian

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement