Sun Java运行时环境音频系统信息泄露漏洞

2009-08-09T00:00:00
ID SSV:12008
Type seebug
Reporter Root
Modified 2009-08-09T00:00:00

Description

BUGTRAQ ID: 35939 CVE(CAN) ID: CVE-2009-2670

Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。

Java运行时环境音频系统中的安全漏洞可能允许不可信任的Applet或Java Web Start应用访问java.lang.System属性。

Sun JDK 6 Sun JDK 5.0 Sun JRE 6 Sun JRE 5.0 厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2009:1199-01)以及相应补丁: RHSA-2009:1199-01:Critical: java-1.5.0-sun security update 链接:https://www.redhat.com/support/errata/RHSA-2009-1199.html

Sun

Sun已经为此发布了一个安全公告(Sun-Alert-263408)以及相应补丁: Sun-Alert-263408:A Security Vulnerability in the Java Runtime Environment Audio System may Allow System Properties to be Accessed 链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-263408-1

补丁下载: http://java.sun.com/javase/downloads/index.jsp http://java.sun.com/javase/downloads/index_jdk5.jsp