SpywareInfo Forum: Sun Java JRE v1.6.0_17 released - SpywareInfo Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Sun Java JRE v1.6.0_17 released

#1 User is offline   apluswebmaster Icon

  • AplusWebMaster
  • PipPipPipPipPip
  • Group: Full Member
  • Posts: 5,518
  • Joined: 18-May 04

Posted 03 November 2009 - 04:54 PM

FYI...

Sun Java JRE v1.6.0_17 released
- http://java.sun.com/...loads/index.jsp
11.03.2009

- http://java.sun.com/...notes/6u17.html
Bug Fixes ( 33 )
"... This release contains fixes for one or more security vulnerabilities..."

- http://secunia.com/advisories/37231/2/
Release Date: 2009-11-04
Critical: Highly critical
Impact: Security Bypass, DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to a fixed version.
Original Advisory: Sun:
http://sunsolve.sun....y=1-66-269868-1
http://sunsolve.sun....y=1-66-269869-1
http://sunsolve.sun....y=1-66-269870-1
http://sunsolve.sun....y=1-66-270474-1
http://sunsolve.sun....y=1-66-270475-1
http://sunsolve.sun....y=1-66-270476-1

- http://secunia.com/advisories/37231/3/
CVE reference: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885

:ph34r:

This post has been edited by apluswebmaster: 11 November 2009 - 06:31 AM

.

#2 User is offline   apluswebmaster Icon

  • AplusWebMaster
  • PipPipPipPipPip
  • Group: Full Member
  • Posts: 5,518
  • Joined: 18-May 04

Posted 04 December 2009 - 02:39 PM

FYI...

Java proof-of-concept attack released
- http://www.theregist...ws_java_attack/
4 December 2009 - "... A security researcher has released a proof-of-concept attack that exploits critical vulnerabilities that Apple patched on Thursday. The vulns stem from bugs in the Java runtime environment that allow attackers to remotely execute malicious code. Sun Microsystems patched the flaws early last month*... The code will also exploit unpatched Windows machines..."
* Sun Java v1.6.0_17: http://java.sun.com/...loads/index.jsp

Quick check to see what you have installed:
- http://javatester.org/version.html

:grrr: :ph34r:

This post has been edited by apluswebmaster: 04 December 2009 - 03:01 PM

.

#3 User is offline   apluswebmaster Icon

  • AplusWebMaster
  • PipPipPipPipPip
  • Group: Full Member
  • Posts: 5,518
  • Joined: 18-May 04

Post icon  Posted 05 January 2010 - 04:21 PM

FYI...

Java ...exploit in use in web drive-by attacks
- http://isc.sans.org/...ml?storyid=7879
Last Updated: 2010-01-05 17:54:55 UTC - "... java applet exploiting CVE-2008-5353 ( http://web.nvd.nist....d=CVE-2008-5353 / ...JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier... ) as part of a web drive-by attack. While PoC has been around for a long time for this, this is the first time I've heard of it being used in the wild for a general attack... As we get more details on what it does, we'll update this entry with it."
* https://www.virustot...974d-1262270360
File jar_cache5501.zip received on 2009.12.31 14:39:20 (UTC)
Result: 7/39 (17.95%)

:ph34r: :ph34r:
.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users


Support the forum!