Thread-topic: [SA23445] Sun Java JRE Multiple Vulnerabilities
> ----------------------------------------------------------------------
>
> TITLE:
> Sun Java JRE Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA23445
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Privilege escalation, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Sun Java JDK 1.5.x
>
> Sun Java JRE 1.5.x / 5.x
>
> Sun Java JRE 1.4.x
>
> Sun Java JRE 1.3.x
>
> Sun Java SDK 1.4.x
>
> Sun Java SDK 1.3.x
>
>
> DESCRIPTION:
> Some vulnerabilities have been reported in Sun Java JRE (Java Runtime
> Environment), which can be exploited by malicious people to compromise
> a user's system.
>
> 1) Two errors exist in the Java Runtime Environment, which can be
> exploited by malicious, untrusted applets to read and write local
> files, or to execute local applications.
>
> 2) Two errors related to serialisation exist in the Java Runtime
> Environment, which can be exploited by a malicious, untrusted applet
> to elevate it's privileges.
>
> The following releases are affected:
> * JDK and JRE 5.0 Update 7 and prior
> * SDK and JRE 1.4.2_12 and prior
> * SDK and JRE 1.3.1_18 and prior (not affected by vulnerability #2)
>
> SOLUTION:
> Update to fixed versions:
>
> JDK and JRE 5.0:
> Update to JDK and JRE 5.0 Update 8 or later.
>
>
> SDK and JRE 1.4.x:
> Update to SDK and JRE 1.4.2_13 or later.
>
>
> SDK and JRE 1.3.x:
> Update to SDK and JRE 1.3.1_19 or later.
>
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> #1) Chris Evans
> #2) Tom Hawtin
>
> ORIGINAL ADVISORY:
> Sun:
>
>
>
>
>
