Status Tracking Note TRTA08-066A

Sun Updates for Multiple Vulnerabilities in Java

Overview

Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
Event Information

Date (UTC)Description
2008-03-06 21:05 US-CERT
TA08-066A: Sun Updates for Multiple Vulnerabilities in Java
Via US-CERT Mailing List
Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
2008-03-06 13:00 US-CERT
Sun Java SE Updates
US-CERT Current Activity
Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Web Start, Java JDK, Java JRE, and Java SDK. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, or cause a denial-of-service condition.
2008-03-04 07:00 Sun Microsystems
233326: Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges Through Java APIs
A vulnerability in the Java Runtime Environment may allow JavaScript code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs. This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.
2008-03-04 07:00 Sun Microsystems
233325: Vulnerabilties in the Java Runtime Environment image Parsing Library
A vulnerability in the Java Runtime Environment image parsing library may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet.
2008-03-04 07:00 Sun Microsystems
233324: A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges
A security vulnerability in the Java Plug-in may allow an applet that is downloaded from a website to bypass the same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet.
2008-03-04 07:00 Sun Microsystems
233323: Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges
Three buffer overflow security vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application.
2008-03-04 07:00 Sun Microsystems
233322: Security Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations
A security vulnerability in the Java Runtime Environment (JRE) with the processing of XSLT transformations may allow an untrusted applet or application that is downloaded from a website to elevate its privileges. For example, an applet may read certain unauthorized URL resources (such as some files and web pages) or potentially execute arbitrary code. This vulnerability may also be exploited to create a Denial-of-Service (DoS) condition by causing the JRE to crash.
2008-03-04 07:00 Sun Microsystems
233321: Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine
Two security vulnerabilities in the Java Runtime Environment Virtual Machine may independently allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet.
2008-03-04 07:00 Sun Microsystems
233327: Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted application to Elevate its Privileges
A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application.

Reference

Date first published (UTC): 2008-03-09T22:24+00:00
Date last updated (UTC): 2008-03-12T06:20+00:00
Valid HTML 4.01!