Site icon Liquidmatrix Security Digest

Java JDK/JRE Security Patches Released

A batch of security issues have been addressed by Sun for the Java JDK/JRE. Please update your instances.

From Secunia:

Description:

Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.

1) Java Runtime Environment (JRE) creates temporary files with insufficiently random names. This can be exploited to write arbitrary JAR files and perform restricted actions on the affected system.

2) Multiple errors in the JRE image processing implementation can be exploited to cause buffer overflows.

3) Multiple errors in the JRE when processing GIF images can be exploited to cause buffer overflows.

4) Multiple errors in the JRE when processing fonts can be exploited to cause buffer overflows.

5) An error in the JRE can be exploited to establish network connections to arbitrary hosts.

6) An error when launching Java Web Start applications can be exploited by an untrusted application to e.g. read, write, or execute local files with the privileges of the user running the application.

7) An error can be exploited by an untrusted Java Web Start application to obtain the current username and the location of the Java Web Start cache.

8. An error in Java Web Start can be exploited to perform restricted actions (e.g. modify system properties).

9) An error in Java Web Start and Java Plug-in can be exploited to hijack HTTP sessions.

10) An error in the JRE applet class loading functionality can be exploited to read arbitrary files and establish network connections to arbitrary hosts.

…and it goes on like this. For the full listing please check out the advisory over on Secunia.

Article Link

Exit mobile version