Sun says Java flaw has been patched | Tech News on ZDNet

On CNET: 7 essential free apps for PC

BNET Business Network:: BNET; TechRepublic; ZDNet

By Robert Vamosi
Posted on ZDNet News: Jul 13, 2007 12:41:00 PM

Sun Microsystems says a Java security threat, the subject of an earlier Australian report, has been patched.

A news story from ZDNet Australia based on a CERT advisory identified vulnerabilities within Sun's Java Runtime Environment. However, Sun representatives said the company has already patched the flaws and that there are no known exploits circulating in the wild.

Sun on Friday released a new version of Java SE 6 Update 2 that it says addresses all current vulnerabilities.

The Australian CERT advisory published Thursday, an update of an original advisory posted on June 4, summarizes two Java Runtime Environment vulnerabilities and also provides links to Sun's patches.

The Java Runtime Environment vulnerabilities cited in the article were first reported by Chris Evans of Google's security team in October. He reported them to Sun, then to the public on May 15.

One flaw demonstrated in Evans' advisory shows an integer overflow in a JPEG image. Documented in CVE-2006-2788, this affects Sun Java Development Kit (JDK) before versions 1.5.0_11-b03, 1.6.x and 1.6.0_01-b06.

A second demo shows a local file being opened via the BMP image parser. This was documented in CVE-2006-2789 and affects Sun Java Development Kit (JDK) before versions 1.5.0_11-b03, 1.6.x and 1.6.0_01-b06 on Unix and Linux systems.

Sun spokeswoman Jacki DeCoster recommends that consumers go to Java.com and download Java SE 6 update 2, installing the latest version of the Java Runtime Environment. Additional information about the specific patches related to these vulnerabilities can be found on the company's SunSolve site.

SponsoredWhite Papers, Webcasts, and Downloads

The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Remote Management With the Baseboard Management Controller in Eighth-Generation Dell PowerEdge Servers Dell The first wave of eighth-generation Dell servers - the Dell PowerEdge 1850 ... Download Now

Talkback
Most Recent of 47 Talkback(s)

Thread View
Flat View

Yep patched: Java removed from system. ... (Read the rest); Posted by: Boot_Agnostic Posted on: 07/17/07 You are currently: a Guest | Log in | Terms of Use

Article needs more detail... mrlinux | 07/13/07

Why? No_Ax_to_Grind | 07/13/07

duh... JustAMuggle | 07/13/07

Ah, you may be right. (nt) No_Ax_to_Grind | 07/13/07

Check again gtdavies33@... | 07/13/07

I'm sure it's only java on windoze Linux Geek | 07/13/07

I use linux too.. birdofire@... | 07/13/07

Message has been deleted. Linux User 147560 | 07/13/07

Of course it was deleted Linux User 147560 | 07/13/07

That's M$ long hand censoring you! Linux Geek | 07/13/07

You are "sure". Ummm, can you read? No_Ax_to_Grind | 07/13/07

excellent comment mighetto | 07/13/07

Message has been deleted. Yagotta B. Kidding | 07/13/07

hehehe. 9.5 wink

wink

PB_z | 07/13/07

You're so right Boot_Agnostic | 07/16/07

I use NOSCRIPT in firefox galileon | 07/13/07

JavaScript is not Java Fred Fredrickson | 07/15/07

NoScript JDThompson | 07/16/07

Too late.. balazsa | 07/13/07

do us a favor... Monkey_MCSE | 07/13/07

Yes, like the Monkey said... Linux User 147560 | 07/13/07

Article is pure FUD from from MS lapdog ZDNet super_J | 07/13/07

Wrong Schnazzer | 07/13/07

You just proved me right super_J | 07/13/07

The article actually did Greenknight_z | 07/17/07

Since ZDNET is a lapdog, leave this board BXLE | 07/13/07

Naw, it's too entertaining super_J | 07/13/07

Disappointment in Iphone; Solution to Java flaw already implemented. mighetto | 07/13/07

Apple responds - kind of. Who is Luke? Is the force with him? mighetto | 07/13/07

Java flaw poses widespread security threat RickC998 | 07/13/07

The problem doesn't threaten me Knorthern Knight | 07/13/07

Java is solution for multi-core multiprocessor speed mighetto | 07/13/07

Your reasoning is incorrect John Zern | 07/13/07

Titanium to you Zern mighetto | 07/13/07

You're either... wolf_z | 07/14/07

Yo, Frank... Linux User 147560 | 07/13/07

Amen Brother mighetto | 07/13/07

Novels greybeardtechie | 07/16/07

Java is a solution for speed alright... Knorthern Knight | 07/14/07

Here is the real bug info jmanico | 07/13/07

install Java 6 update 2 jmanico | 07/13/07

PRAISE JAVA! jmanico | 07/13/07

Hee Hee mighetto | 07/13/07

reportage below minimum standards = FUD wti | 07/13/07

is is this Sun advisory???... (so many to choose from) wti | 07/13/07

Update 2 is a dog Greenknight_z | 07/17/07

Yep patched Boot_Agnostic | 07/17/07

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

White Papers, Webcasts, and Downloads

The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Remote Management With the Baseboard Management Controller in Eighth-Generation Dell PowerEdge Servers Dell The first wave of eighth-generation Dell servers - the Dell PowerEdge 1850 ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More