Alert GCSA-07109 - Vulnerabilita' in Sun Java Runtime Environment
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07109
Data : 26 ottobre 2007
Titolo : Vulnerabilita' in Sun Java Runtime Environment VM
******************************************************************
:: Descrizione del problema
Numerose vulnerabilita' presenti nel Java Runtime Environment di Sun
potrebbero consentire ad aggressori remoti di operare vari tipi
di attacco, tramite codice JavaScript o untrusted applet.
:: Piattaforme e Software interessati
versioni vulnerabili (per Windows, Solaris, e Linux):
JDK e JRE 6 Update 2 e precedenti
JDK e JRE 5.0 Update 12 e precedenti
SDK e JRE 1.4.2_15 e precedenti
SDK e JRE 1.3.1_20 e precedenti
:: Impatto
Security Bypass
Manipulation of data
Exposure of sensitive information
System access
:: Soluzioni
Aggiornare i prodotti alle seguenti versioni,
tramite la funzione 'Update panel' in Pannello di controllo -> Java,
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/jcp.html#update
oppure con download dal sito ufficiale:
JDK e JRE 6 Update 3
http://java.sun.com/javase/downloads/index.jsp
JDK e JRE 5.0 Update 13
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK e JRE 1.4.2_16
http://java.sun.com/j2se/1.4.2/download.html
SDK e JRE 1.3.1_21 (solo per Windows e Solaris 8)
http://java.sun.com/j2se/1.3/download.html
L'installazione di una nuova versione non rimuove automaticamente
le versioni precedentemente installate, per questo e' necessario
procedere esplicitamente alla rimozione
http://www.java.com/en/download/faq/5000070400.xml
:: Riferimenti
Sun Alert Notification
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232
Secunia
http://secunia.com/advisories/27320/
http://secunia.com/advisories/27009/
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/25918
US-CERT
http://www.kb.cert.org/vuls/id/336105
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2007-0963.html
SUSE Linux, Novell Linux, openSUSE
http://www.novell.com/linux/security/advisories/2007_55_java.html
CIAC Advisory
http://www.ciac.org/ciac/bulletins/s-028.shtml
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRyH6pvOB+SpikaiRAQISHQP/akOZ61461VN9aLEUMvN0S7fRzWrEkH3R
ay/KVdRlG8CNwgphVaLx5Gix8G/7Ur+u9YOTc8vVOKeA11n+A4SBFlvvBTAbdxTs
YIV/k34OHV2WEGVMHyLQ5zbLY5itoLC4deHTqAvIzyxNV6p0qP7IS4Zn7fNPytxk
HGxL7z+u8FI=
=FleE
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-07109
Data : 26 ottobre 2007
Titolo : Vulnerabilita' in Sun Java Runtime Environment VM
******************************************************************
:: Descrizione del problema
Numerose vulnerabilita' presenti nel Java Runtime Environment di Sun
potrebbero consentire ad aggressori remoti di operare vari tipi
di attacco, tramite codice JavaScript o untrusted applet.
:: Piattaforme e Software interessati
versioni vulnerabili (per Windows, Solaris, e Linux):
JDK e JRE 6 Update 2 e precedenti
JDK e JRE 5.0 Update 12 e precedenti
SDK e JRE 1.4.2_15 e precedenti
SDK e JRE 1.3.1_20 e precedenti
:: Impatto
Security Bypass
Manipulation of data
Exposure of sensitive information
System access
:: Soluzioni
Aggiornare i prodotti alle seguenti versioni,
tramite la funzione 'Update panel' in Pannello di controllo -> Java,
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/jcp.html#update
oppure con download dal sito ufficiale:
JDK e JRE 6 Update 3
http://java.sun.com/javase/downloads/index.jsp
JDK e JRE 5.0 Update 13
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK e JRE 1.4.2_16
http://java.sun.com/j2se/1.4.2/download.html
SDK e JRE 1.3.1_21 (solo per Windows e Solaris 8)
http://java.sun.com/j2se/1.3/download.html
L'installazione di una nuova versione non rimuove automaticamente
le versioni precedentemente installate, per questo e' necessario
procedere esplicitamente alla rimozione
http://www.java.com/en/download/faq/5000070400.xml
:: Riferimenti
Sun Alert Notification
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103071-1
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5232
Secunia
http://secunia.com/advisories/27320/
http://secunia.com/advisories/27009/
Securityfocus Bugtraq ID
http://www.securityfocus.com/bid/25918
US-CERT
http://www.kb.cert.org/vuls/id/336105
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2007-0963.html
SUSE Linux, Novell Linux, openSUSE
http://www.novell.com/linux/security/advisories/2007_55_java.html
CIAC Advisory
http://www.ciac.org/ciac/bulletins/s-028.shtml
-----BEGIN PGP SIGNATURE-----
iQCVAwUBRyH6pvOB+SpikaiRAQISHQP/akOZ61461VN9aLEUMvN0S7fRzWrEkH3R
ay/KVdRlG8CNwgphVaLx5Gix8G/7Ur+u9YOTc8vVOKeA11n+A4SBFlvvBTAbdxTs
YIV/k34OHV2WEGVMHyLQ5zbLY5itoLC4deHTqAvIzyxNV6p0qP7IS4Zn7fNPytxk
HGxL7z+u8FI=
=FleE
-----END PGP SIGNATURE-----