• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Sun Patches Security Holes in Java Runtime Environment

    January 22, 2007 Timothy Prickett Morgan

    The past few weeks have been busy ones for patching security holes in the Java Runtime Environment that is at the heart of Sun Microsystems‘ Java programming language. Several vulnerability alerts for the JRE and the Java Development Kit (JDK) were issued the day after Christmas, and one more was issued on January 17.

    If you want to find the details about these security vulnerabilities, go to the National Institute of Standards and Technology’s National Vulnerability Database and search for “JRE.” The alert posted on January 17 said that Sun JDK and JRE 5.0 Update 9 and earlier releases had a hole that would allow malicious Java applets to gain privileges on machines through a corrupted GIF image file, which would trigger a memory corruption (a buffer overflow) that could in turn allow a malicious coder into a machine. A spate of warnings issued on December 26 for earlier JDKs and JREs had similar security holes.

    According to security monitoring site Secunia, these security holes have been patched by Sun, and they were rated highly critical security flaws. Sun fixed the flaws by issuing updates for the JRE 1.3, 1.4, and 5.0 software. You can read Sun’s own advisory on this issue here. Sun has patched Java for Windows, Linux, and Solaris platforms, which it supports with its own JDK and JRE software.

    Because IBM creates its own JDK and JRE software, Sun’s patches do not work on IBM’s own operating systems. I bring this up merely so you know there is a potential problem so you can ask IBM what you need to do. Keep your eyes on the System i PTF Guide, which is brought to you by our good friends at DLB Associates, to find out if and when IBM makes its own patches for this GIF-related Java security hole. As of Sunday afternoon, January 21, there was nothing yet.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 16, Number 3 -- January 22, 2007

    Sponsored by
    ARCAD Software

    [Webinar] Modern IBM i: It’s more than DevOps – It’s modernizing RPG, Database, Fields and SYNON
    September 21

    IBM i modernization can be a daunting and complicated task.  It involves many aspects from modern processes with DevOps to modernizing the backend – RPG fixed- to free-format, moving from DDS to DDL, field expansion, and if you’re SYNON, modernizing code that was created in the 70s with a code generator.  They are all important topics for protecting your IBM i investment and extending it into the future.

    Join us to learn:

    • Why Modernize?
    • Where to start and determine the key areas of focus.
    • How ARCAD can help in the journey.
    • ARCAD Software has the tools and services to get you started wherever you are starting from!

    Register Now!

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Ending Subsystems Properly IBM Lotus Adds Handles to Information Overload

    Leave a Reply Cancel reply

TFH Volume: 16 Issue: 3

This Issue Sponsored By

    Table of Contents

    • New Congress, AT&T Revive the Net Neutrality Issue
    • Security Experts Say Botnets, Web Extortion Threats on the Rise
    • Big Blue Readies Revamped Storage for the System i
    • Study Weighs Building Data Centers Against Colocation for SMBs
    • IBM Closes Out 2006 With a Strong Fourth Quarter
    • Sun Patches Security Holes in Java Runtime Environment
    • Zend Describes Multiple Instances on i5/OS, Previews RPG Wrapper
    • Big Blue Readies Revamped Storage for the System i
    • Ask TPM: The Economics of Open Source Software
    • IBM Closes Out 2006 With a Strong Fourth Quarter

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • ARCAD’s Deal with IBM for DevOps In Merlin Is Exclusive
    • In The IBM i Trenches With: Maxava
    • Is The Cloud On Your IBM i Horizon?
    • Four Hundred Monitor, September 20
    • IBM i PTF Guide, Volume 25, Number 38
    • The Subscription Pricing For The IBM i Stack So Far
    • Facing The Challenges Of Upgrading Old Systems With The Cloud
    • Guru: Generating XML Using SQL – The Easy Way
    • Rocket Buys Data Integration Provider B.O.S.
    • IBM i PTF Guide, Volume 25, Number 37

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2023 IT Jungle