VMware Mega Patch Plugs Security Holes

Virtualization software specialist VMware has shipped a massive batch of critical security updates to cover 48 security holes in a wide range of its server and workstation products. According to an advisory from VMWare, the vulnerabilities affect the DHCP Server,DHCP Client, Service Console kerne...

SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336)

This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment JRE may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application...

SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12313)

IBM Java 1.4.2 SR12 fixes the following security problems : - Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 5846)

IBM Java 1.4.2 SR12 fixes the following security problems : - Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the...

SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960)

This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment JRE may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application...

OpenJDK Proxy mechanism information leaks (6801071)

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0123)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2007:0963)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having important security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

RHEL 5 : java-1.5.0-bea (RHSA-2008:0156)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0156 advisory. - Security Vulnerability in Java Runtime Environment With Applet Caching CVE-2007-5232 - Untrusted Application or Applet May Move or Copy...

RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0132)

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.4.2 SR10 Java release includes the IBM...

RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018)

Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

java security update

CentOS Errata and Security Advisory CESA-2009:1201 Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages...

Sun Java运行时环境XML解析拒绝服务漏洞

BUGTRAQ ID: 35958 CVECAN ID: CVE-2009-2625 Solaris系统的Java运行时环境（JRE）为JAVA应用程序提供可靠的运行环境。 JRE在解析包含有非预期字节值和递归括号的XML元素时可能导致程序越界访问内存或陷入死循环。攻击者可以通过诱骗用户打开特制文件或向服务器提交恶意XML内容来利用这个漏洞，导致拒绝服务的情况。 Sun JDK 6 Sun JDK 5.0 Sun JRE 6 Sun JRE 5.0 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2009:1199-01）以及相应补丁:...

OpenJDK remote LDAP Denial-Of-Service (6717680)

LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier does not close the connection when initialization fails, which allows remote attackers to cause ...

OpenJDK GIF processing buffer overflow vulnerability (6804998)

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)

Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...

OpenJDK proxy mechanism allows non-authorized socket connections (6801497)

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lack...

Java Web Start Buffer unpack200 processing integer overflow (6830335)

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...

Input validation

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...