Sun Microsystems Security Bulletin 00218

Naviga SWZ: Home Page » News
News del 20 Marzo 02 Autore: eymerich
Sun Microsystems, Inc. Security Bulletin

Bulletin Number: #00218
Date: March 18, 2002

1. Background

A vulnerability in the Java(TM) Runtime Environment Bytecode Verifier may be exploited by an untrusted applet to escalate privileges.

The full and custom installations of Netscape 6.2.1 and earlier are affected since they include an affected version of the Java Runtime Environment. The default Java runtime environments of Netscape(TM)Communicator version 4.79 and earlier are affected.
For more information, see

http://home.netscape.com/security

Microsoft VM up to and including build 3802 is affected.
For more information, see

http://www.microsoft.com/technet/se...in/MS02-013.asp

This issue may or may not affect other vendors' Java technology implementations which are derived from Sun's SDK and JDK(TM) source bases.Sun has notified and made the remedy available to its Java technology licensees.

Sun recommends that users of affected releases upgrade to the latest SDK, JDK, and JRE releases listed in section 3 of this bulletin.


2. Affected Releases

The following releases are affected:

Windows Production Releases

SDK and JRE 1.3.1_01a or earlier
SDK and JRE 1.3.0_05 or earlier
SDK and JRE 1.2.2_010 or earlier
JDK and JRE 1.1.8_008 or earlier

Solaris(TM) Operating Environment (OE) Reference Releases

SDK and JRE 1.2.2_010 or earlier
JDK and JRE 1.1.8_008 or earlier

Solaris OE Production Releases

SDK and JRE 1.3.1_01 or earlier
SDK and JRE 1.3.0_05 or earlier
SDK and JRE 1.2.2_10 or earlier
JDK and JRE 1.1.8_14 or earlier

Linux Production Releases

SDK and JRE 1.3.1_01 or earlier
SDK and JRE 1.3.0_05 or earlier
SDK and JRE 1.2.2_010 or earlier

Releases prior to SDK and JRE 1.2.2, and JDK and JRE 1.1.8 for
Windows and Solaris are also affected and should no longer be used.
Users of these releases should upgrade to a later release listed in
Section 3.

This vulnerability does not affect the Java 2 SDK, Standard Edition, v 1.4.


3. Latest Releases

Windows Production Releases

SDK and JRE 1.4 http://java.sun.com/j2se/1.4/
SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/
SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/
JDK and JRE 1.1.8_009
http://java.sun.com/products/jdk/1....dk-windows.html

Solaris OE Reference Releases

SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/
JDK and JRE 1.1.8_009
http://java.sun.com/products/jdk/1....dk-solaris.html

Solaris OE Production Releases

SDK and JRE 1.4 http://java.sun.com/j2se/1.4/
SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/
SDK and JRE 1.2.2_11 http://java.sun.com/j2se/1.2/
JDK and JRE 1.1.8_15
http://java.sun.com/products/jdk/1....dk-solaris.html

Linux Production Releases

SDK and JRE 1.4 http://java.sun.com/j2se/1.4/
SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/
SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/
1 - Commento/i sul Forum

Voto:

Categoria: Sicurezza

La Community di SWZone.it

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum

Newsletter

Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter

NOTIZIE CORRELATE