Alert GCSA-10037 - Vulnerabilita' multiple in Java JDK/JRE
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-10037
Data : 02 Aprile 2010
Titolo : Vulnerabilita' multiple in Sun Java JDK / JRE
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' in Sun Java, che potrebbero
essere sfruttate per aggirare alcune restrizioni di sicurezza, provocare
un DoS o per compromettere un sistema utente.
Consultare i riferimenti agli avvisi di Sun per il dettaglio delle
componenti, le versioni interessate ed i sistemi operativi coinvolti.
:: Piattaforme e Software interessati:
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.4.x
:: Impatto:
Security Bypass
DoS
Accesso al sistema
:: Soluzioni:
Aggiornare il software alla seguenti versioni:
JDK e JRE 6 aggiornare al 19 o successivi:
http://java.sun.com/javase/downloads/index.jsp
JDK e JRE 5.0 aggiornare al 24 o successivi (solo Solaris):
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK e JRE 1.4.2_26:
http://java.sun.com/j2se/1.4.2/download.html
Java SE for Business :
http://www.sun.com/software/javaseforbusiness/getit_download.jsp
:: Riferimenti:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
Secunia:
http://secunia.com/advisories/37255
VuPen:
http://www.vupen.com/english/advisories/2010/0747
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS7WpPfOB+SpikaiRAQJv8gQAtyZAtKPpeX4ne9c3Qm/eQwD0JySk/bWB
QhirvG0yaKq0qipfHPSJGyT+TIdD9fCJytsA5upxtlKlIh2UUXA8Q+JapN2j7c7w
O3pbie//0r6cqU14KCphp7U2RZOmVG2x6qpygNhSqXjHRLIRT2NEVH65pHAj4Snh
8nBLePdu0Gg=
=uS/4
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************************
Alert ID : GCSA-10037
Data : 02 Aprile 2010
Titolo : Vulnerabilita' multiple in Sun Java JDK / JRE
*****************************************************************************
:: Descrizione del problema:
Sono state riscontrate varie vulnerabilita' in Sun Java, che potrebbero
essere sfruttate per aggirare alcune restrizioni di sicurezza, provocare
un DoS o per compromettere un sistema utente.
Consultare i riferimenti agli avvisi di Sun per il dettaglio delle
componenti, le versioni interessate ed i sistemi operativi coinvolti.
:: Piattaforme e Software interessati:
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.4.x
:: Impatto:
Security Bypass
DoS
Accesso al sistema
:: Soluzioni:
Aggiornare il software alla seguenti versioni:
JDK e JRE 6 aggiornare al 19 o successivi:
http://java.sun.com/javase/downloads/index.jsp
JDK e JRE 5.0 aggiornare al 24 o successivi (solo Solaris):
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK e JRE 1.4.2_26:
http://java.sun.com/j2se/1.4.2/download.html
Java SE for Business :
http://www.sun.com/software/javaseforbusiness/getit_download.jsp
:: Riferimenti:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
Secunia:
http://secunia.com/advisories/37255
VuPen:
http://www.vupen.com/english/advisories/2010/0747
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850
-----BEGIN PGP SIGNATURE-----
iQCVAwUBS7WpPfOB+SpikaiRAQJv8gQAtyZAtKPpeX4ne9c3Qm/eQwD0JySk/bWB
QhirvG0yaKq0qipfHPSJGyT+TIdD9fCJytsA5upxtlKlIh2UUXA8Q+JapN2j7c7w
O3pbie//0r6cqU14KCphp7U2RZOmVG2x6qpygNhSqXjHRLIRT2NEVH65pHAj4Snh
8nBLePdu0Gg=
=uS/4
-----END PGP SIGNATURE-----