[security-alerts] FW: [SA23398] Sun Java JRE Applet Security Bypass

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

Теперь понятнее, что за уязвимости в JRE

> ----------------------------------------------------------------------
> 
> TITLE:
> Sun Java JRE Applet Security Bypass
> 
> SECUNIA ADVISORY ID:
> SA23398
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/23398/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Security Bypass
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Sun Java JDK 1.5.x
> http://secunia.com/product/4621/
> Sun Java JRE 1.5.x / 5.x
> http://secunia.com/product/4228/
> Sun Java JRE 1.4.x
> http://secunia.com/product/784/
> Sun Java JRE 1.3.x
> http://secunia.com/product/87/
> Sun Java SDK 1.4.x
> http://secunia.com/product/1661/
> Sun Java SDK 1.3.x
> http://secunia.com/product/1660/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in Sun Java JRE (Java Runtime
> Environment), which can be exploited by malicious people to bypass
> certain security restrictions.
> 
> The vulnerabilities are caused due to unspecified errors in the Java
> Runtime Environment and may allow a malicious, untrusted applet to
> access data in other applets.
> 
> The vulnerabilities are reported in the following versions:
> * JDK and JRE 5.0 Update 6 and prior
> * SDK and JRE 1.4.2_12 and prior
> * SDK and JRE 1.3.1_18 and prior
> 
> SOLUTION:
> Update to fixed versions.
> 
> JDK and JRE 5.0:
> Update to JDK and JRE 5.0 Update 7 or later.
> http://java.sun.com/javase/downloads/index_jdk5.jsp
> 
> SDK and JRE 1.4.x:
> Update to SDK and JRE 1.4.2_13 or later.
> http://java.sun.com/j2se/1.4.2/download.html
> 
> SDK and JRE 1.3.x:
> Update to SDK and JRE 1.3.1_19 or later.
> http://java.sun.com/j2se/1.3/download.html
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Tom Hawtin.
> 
> ORIGINAL ADVISORY:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
>