----- Forwarded message from Mike mike.cloaked@gmail.com -----
From: Mike mike.cloaked@gmail.com To: fedora-list@redhat.com User-Agent: Loom/3.14 (http://gmane.org/) Date: Fri, 7 Mar 2008 18:14:08 +0000 (UTC) Subject: Java security update and Iced Tea
Today I received a notification from US-CERT that Sun Java Runtime Environment versions JDK and JRE 6 Update 4 and earlier have multiple vulnerabilities and Java 1.6.0_05 is available as an update.
Does anybody know if Iced Tea as current in F8 is immune from this problem? This is effectively version 1.7.0
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
----- End forwarded message -----
Andrew Overholt wrote:
----- Forwarded message from Mike mike.cloaked@gmail.com -----
From: Mike mike.cloaked@gmail.com To: fedora-list@redhat.com User-Agent: Loom/3.14 (http://gmane.org/) Date: Fri, 7 Mar 2008 18:14:08 +0000 (UTC) Subject: Java security update and Iced Tea
Today I received a notification from US-CERT that Sun Java Runtime Environment versions JDK and JRE 6 Update 4 and earlier have multiple vulnerabilities and Java 1.6.0_05 is available as an update.
Does anybody know if Iced Tea as current in F8 is immune from this problem? This is effectively version 1.7.0
Given thaht we don't know what vulnerabilities were described in the notification, the answer must be no. Unless someone on this list has some idea what vulnerabilities you're talking about...
Andrew.
Andrew Haley <aph@...> writes:
Given thaht we don't know what vulnerabilities were described in the notification, the answer must be no. Unless someone on this list has some idea what vulnerabilities you're talking about...
Copying from the US-CERT notice:
Overview
Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
I. Description
The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Sun has released updates to the Java Runtime Environment software to address multiple vulnerabilities. Further details about these vulnerabilities are available in the US-CERT Vulnerability Notes Database.
Sun released the following alerts to address these issues: * 233321 Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine
* 233322 Security Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations
* 233323 Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges
* 233324 A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges
* 233325 Vulnerabilties in the Java Runtime Environment image Parsing Library
* 233326 Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges Through Java APIs
* 233327 Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges
II. Impact
The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code.
Andrew Haley <aph@...> writes:
Given thaht we don't know what vulnerabilities were described in the notification, the answer must be no. Unless someone on this list has some idea what vulnerabilities you're talking about...
On Mon, Mar 10, 2008 at 2:56 PM, Andrew Haley aph@redhat.com wrote:
Given thaht we don't know what vulnerabilities were described in the notification, the answer must be no. Unless someone on this list has some idea what vulnerabilities you're talking about...
Copying from the US-CERT notice:
Overview
Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
I. Description
The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Sun has released updates to the Java Runtime Environment software to address multiple vulnerabilities. Further details about these vulnerabilities are available in the US-CERT Vulnerability Notes Database.
Sun released the following alerts to address these issues: * 233321 Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine
* 233322 Security Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations
* 233323 Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges
* 233324 A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges
* 233325 Vulnerabilties in the Java Runtime Environment image Parsing Library
* 233326 Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges Through Java APIs
* 233327 Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges
II. Impact
The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code.
Andrew Haley <aph@...> writes:
Andrew Overholt wrote:
----- Forwarded message from Mike <mike.cloaked@...> -----
Today I received a notification from US-CERT that Sun Java Runtime Environment versions JDK and JRE 6 Update 4 and earlier have multiple vulnerabilities and Java 1.6.0_05 is available as an update.
Does anybody know if Iced Tea as current in F8 is immune from this problem? This is effectively version 1.7.0
Given thaht we don't know what vulnerabilities were described in the notification, the answer must be no. Unless someone on this list has some idea what vulnerabilities you're talking about...
From http://java.sun.com/javase/6/webnotes/ReleaseNotes.html#160_05 , wherein
you'll find hyperlinks:
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 233321 233322 233323 233324 233325 233326 and 233327.
java-devel@lists.fedoraproject.org