Alert GCSA-10159 - Vulnerabilita' in Oracle Sun Java JDK, JRE, SDK
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10159
Data : 22 ottobre 2010
Titolo : Vulnerabilita' in Oracle Sun Java JDK, JRE, SDK
******************************************************************
:: Descrizione del problema
Sono state scoperte varie vulnerabilita' in alcune componenti di
Sun Java JDK (Java Development Kit) e JRE (Java Runtime Environment)
che potrebbero consentire ad attaccanti remoti di oltrepassare
le restrizioni di sicurezza di un sistema vulnerabile, accedere
ad informazioni sensibili, causare condizioni denial of service
ed ottenere il controllo completo del sistema.
Consultare i riferimenti per il dettaglio sulle componenti,
le versioni ed i sistemi operativi interessati.
:: Piattaforme e Software interessati
Versioni per Windows, Solaris e Linux
Oracle Sun Java JRE version 6 Update 21 (1.6.0_21) e precedenti
Oracle Sun Java JRE version 5 Update 25 (1.5.0_25) e precedenti
Oracle Sun Java JDK version 6 Update 21 (1.6.0_21) e precedenti
Oracle Sun Java JDK version 5 Update 25 (1.5.0_25) e precedenti
Oracle Sun Java SDK version 1.4.2_27 e precedenti
:: Impatto
Security Bypass
Manipulazione di dati
Esposizione di informazioni sensibili
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
Java JDK e JRE 6 Update 22
Java JDK e JRE 5 Update 26
Java SDK version 1.4.2_28
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.sun.com/javase/downloads/index.jsp
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - October 2010
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Java SE 6 Update 22 Release Notes
http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
Secunia
http://secunia.com/advisories/41791/
VUPEN
http://www.vupen.com/english/advisories/2010/2660
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2010-0770.html
https://rhn.redhat.com/errata/RHSA-2010-0768.html
Fedora Update Notification
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
Zero Day Initiative (ZDI)
http://www.zerodayinitiative.com/advisories/ZDI-10-202/
http://www.zerodayinitiative.com/advisories/ZDI-10-203/
http://www.zerodayinitiative.com/advisories/ZDI-10-204/
http://www.zerodayinitiative.com/advisories/ZDI-10-205/
http://www.zerodayinitiative.com/advisories/ZDI-10-206/
http://www.zerodayinitiative.com/advisories/ZDI-10-207/
http://www.zerodayinitiative.com/advisories/ZDI-10-208/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTMGD7fOB+SpikaiRAQKn+QP/XqHWBgsqbjvhYwGcSGWJvfes2w4buBhw
TAV6aJF228Heww0t36S/5MWvgDnKCJuXl3L8R3EMXMvTF9fGptrIHYXZ1xOC75JX
tRTprkCNJeg7lb3c635bDdTSm5oXvCigEai4OAB7JqMORVqNkZmuKmx55d4MvKsV
MpRj3ir3rAw=
=SNby
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10159
Data : 22 ottobre 2010
Titolo : Vulnerabilita' in Oracle Sun Java JDK, JRE, SDK
******************************************************************
:: Descrizione del problema
Sono state scoperte varie vulnerabilita' in alcune componenti di
Sun Java JDK (Java Development Kit) e JRE (Java Runtime Environment)
che potrebbero consentire ad attaccanti remoti di oltrepassare
le restrizioni di sicurezza di un sistema vulnerabile, accedere
ad informazioni sensibili, causare condizioni denial of service
ed ottenere il controllo completo del sistema.
Consultare i riferimenti per il dettaglio sulle componenti,
le versioni ed i sistemi operativi interessati.
:: Piattaforme e Software interessati
Versioni per Windows, Solaris e Linux
Oracle Sun Java JRE version 6 Update 21 (1.6.0_21) e precedenti
Oracle Sun Java JRE version 5 Update 25 (1.5.0_25) e precedenti
Oracle Sun Java JDK version 6 Update 21 (1.6.0_21) e precedenti
Oracle Sun Java JDK version 5 Update 25 (1.5.0_25) e precedenti
Oracle Sun Java SDK version 1.4.2_27 e precedenti
:: Impatto
Security Bypass
Manipulazione di dati
Esposizione di informazioni sensibili
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
Java JDK e JRE 6 Update 22
Java JDK e JRE 5 Update 26
Java SDK version 1.4.2_28
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.sun.com/javase/downloads/index.jsp
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - October 2010
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Java SE 6 Update 22 Release Notes
http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560
Secunia
http://secunia.com/advisories/41791/
VUPEN
http://www.vupen.com/english/advisories/2010/2660
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2010-0770.html
https://rhn.redhat.com/errata/RHSA-2010-0768.html
Fedora Update Notification
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html
Zero Day Initiative (ZDI)
http://www.zerodayinitiative.com/advisories/ZDI-10-202/
http://www.zerodayinitiative.com/advisories/ZDI-10-203/
http://www.zerodayinitiative.com/advisories/ZDI-10-204/
http://www.zerodayinitiative.com/advisories/ZDI-10-205/
http://www.zerodayinitiative.com/advisories/ZDI-10-206/
http://www.zerodayinitiative.com/advisories/ZDI-10-207/
http://www.zerodayinitiative.com/advisories/ZDI-10-208/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTMGD7fOB+SpikaiRAQKn+QP/XqHWBgsqbjvhYwGcSGWJvfes2w4buBhw
TAV6aJF228Heww0t36S/5MWvgDnKCJuXl3L8R3EMXMvTF9fGptrIHYXZ1xOC75JX
tRTprkCNJeg7lb3c635bDdTSm5oXvCigEai4OAB7JqMORVqNkZmuKmx55d4MvKsV
MpRj3ir3rAw=
=SNby
-----END PGP SIGNATURE-----