Sun plugs serious holes in Java
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
By Joris Evers
Sun Microsystems has fixed five security bugs in Java that expose computers running Windows, Linux and Solaris to hacker attack.
The flaws are "highly critical," according to an advisory from Secunia posted Tuesday. Vulnerabilities that get that ranking--one notch below "extremely critical," the security monitoring company's most severe rating--typically open the door to a remote intruder and to full compromise of the system. All the flaws affect the Java Runtime Environment, or JRE, in computers loaded with Microsoft Windows, Linux or Sun's own Solaris operating system. This is the software many computer owners have on their system to run Java applications. The bugs could allow an intruder to use a Java application to inappropriately read and write files, or to run code on a victim's computer, Sun said in three separate security advisories released late Monday.
The vulnerabilities also affect specific versions of the Sun Java Software Development Kit (SDK) and Java Development Kit (JDK), according to those advisories.
The French Security Incident Response Team, or FrSIRT, rated the issues "critical" in an alert posted Tuesday.
There have been no reported cases of the flaws being exploited by hackers, Sun said in a statement.
Three of the bugs lie in application programming interface, or API, parts of the Java Runtime Environment. Another vulnerability lies in the Java Management Extensions implementation in the software. The fifth flaw is in an unspecified part of the JRE.
Sun, based in Santa Clara, Calif., is urging people to install updated software to protect their systems. It has released updates to address the issues, including JDK and JRE 5.0 Update 4, which was actually delivered on June 23. A newer version, Update 5, was issued in September, but Sun would not say if additional security problems were fixed in that release.
go to DOWNLOAD PAGE
Article submitted by: Webshark
Last Update: 11-30-2005
Category: Security
Sun Microsystems has fixed five security bugs in Java that expose computers running Windows, Linux and Solaris to hacker attack.
The flaws are "highly critical," according to an advisory from Secunia posted Tuesday. Vulnerabilities that get that ranking--one notch below "extremely critical," the security monitoring company's most severe rating--typically open the door to a remote intruder and to full compromise of the system. All the flaws affect the Java Runtime Environment, or JRE, in computers loaded with Microsoft Windows, Linux or Sun's own Solaris operating system. This is the software many computer owners have on their system to run Java applications. The bugs could allow an intruder to use a Java application to inappropriately read and write files, or to run code on a victim's computer, Sun said in three separate security advisories released late Monday.
The vulnerabilities also affect specific versions of the Sun Java Software Development Kit (SDK) and Java Development Kit (JDK), according to those advisories.
The French Security Incident Response Team, or FrSIRT, rated the issues "critical" in an alert posted Tuesday.
There have been no reported cases of the flaws being exploited by hackers, Sun said in a statement.
Three of the bugs lie in application programming interface, or API, parts of the Java Runtime Environment. Another vulnerability lies in the Java Management Extensions implementation in the software. The fifth flaw is in an unspecified part of the JRE.
Sun, based in Santa Clara, Calif., is urging people to install updated software to protect their systems. It has released updates to address the issues, including JDK and JRE 5.0 Update 4, which was actually delivered on June 23. A newer version, Update 5, was issued in September, but Sun would not say if additional security problems were fixed in that release.
go to DOWNLOAD PAGE
Article submitted by: Webshark
Last Update: 11-30-2005
Category: Security
Current rating: 5.53 by 45 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(9,183 reads) 07-05-2008
· Fusion Security(14,868 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,646 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,086 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,584 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,366 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,406 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,126 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(17,979 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,358 reads) 10-01-2006
· ipBan Modification
Please register or sign-in to post comments.