SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)

This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment JRE may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 5846)

IBM Java 1.4.2 SR12 fixes the following security problems : - Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the...

SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960)

This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment JRE may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application...

Java Web Start Buffer unpack200 processing integer overflow (6830335)

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...

OpenJDK Proxy mechanism information leaks (6801071)

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0123)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

RHEL 5 : java-1.5.0-bea (RHSA-2008:0156)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0156 advisory. - Security Vulnerability in Java Runtime Environment With Applet Caching CVE-2007-5232 - Untrusted Application or Applet May Move or Copy...

RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0132)

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.4.2 SR10 Java release includes the IBM...

RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)

Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

java security update

CentOS Errata and Security Advisory CESA-2009:1201 Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages...

Sun Java运行时环境XML解析拒绝服务漏洞

BUGTRAQ ID: 35958 CVECAN ID: CVE-2009-2625 Solaris系统的Java运行时环境（JRE）为JAVA应用程序提供可靠的运行环境。 JRE在解析包含有非预期字节值和递归括号的XML元素时可能导致程序越界访问内存或陷入死循环。攻击者可以通过诱骗用户打开特制文件或向服务器提交恶意XML内容来利用这个漏洞，导致拒绝服务的情况。 Sun JDK 6 Sun JDK 5.0 Sun JRE 6 Sun JRE 5.0 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2009:1199-01）以及相应补丁:...

ZDI-09-050: Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability

ZDI-09-050: Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-050 August 5, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details: This vulnerability allows...

ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability

ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-049 August 5, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details: This vulnerability allow...

OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...

OpenJDK GIF processing buffer overflow vulnerability (6804998)

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)

Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...

OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

OpenJDK Pack200 Buffer overflow vulnerability (6792554)

Buffer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...

Java Web Start Buffer unpack200 processing integer overflow (6830335)

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...