Alert GCSA-08070 - Vulnerabilita' multiple in Sun Java JDK / JRE
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08070
Data : 11 luglio 2008
Titolo : Vulnerabilita' multiple in Sun Java JDK / JRE
******************************************************************
:: Descrizione del problema
Sono state scoperte varie vulnerabilita' in alcune componenti di Sun
Java JDK / JRE che potrebbero consentire ad attaccanti remoti di
oltrepassare le restrizioni di sicurezza di un sistema vulnerabile,
accedere ad informazioni sensibili, causare condizioni denial of
service ed ottenere il controllo completo del sistema.
Consultare i riferimenti agli avvisi di Sun per il dettaglio delle
componenti, le versioni interessate ed i sistemi operativi coinvolti.
:: Software interessato
Java Web Start 1.x
Java Web Start 5.x
Java Web Start 6.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x
per Windows, Solaris, e Linux.
:: Impatto
Security Bypass
Accesso ad informazioni di sistema
Accesso a dati sensibili
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare i prodotti alle seguenti versioni:
JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html
:: Riferimenti
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
FrSirt:
http://www.frsirt.com/english/advisories/2008/2056
Secunia:
http://secunia.com/advisories/31010/
SecurityFocus:
http://www.securityfocus.com/bid/30148
http://www.securityfocus.com/bid/30147
http://www.securityfocus.com/bid/30146
http://www.securityfocus.com/bid/30143
http://www.securityfocus.com/bid/30142
http://www.securityfocus.com/bid/30144
http://www.securityfocus.com/bid/30141
http://www.securityfocus.com/bid/30140
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSHc/g/OB+SpikaiRAQKMLgQAtyNN8Yc6axVyXW1N+9uuPIBaVHZUuWzn
pu2/3feehuwshwd46/WPxBNpSdNUzJDBHjVwp9w0wsRoFAp5IpaCosA1kq1suXhe
Z6ddr4G7NW28vMfcj+RergeItZZvpTzc5omIxFj+uxk2TbidZhKQKnTTw3BIazdo
fv5AP5Ng6Zg=
=vN9K
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-08070
Data : 11 luglio 2008
Titolo : Vulnerabilita' multiple in Sun Java JDK / JRE
******************************************************************
:: Descrizione del problema
Sono state scoperte varie vulnerabilita' in alcune componenti di Sun
Java JDK / JRE che potrebbero consentire ad attaccanti remoti di
oltrepassare le restrizioni di sicurezza di un sistema vulnerabile,
accedere ad informazioni sensibili, causare condizioni denial of
service ed ottenere il controllo completo del sistema.
Consultare i riferimenti agli avvisi di Sun per il dettaglio delle
componenti, le versioni interessate ed i sistemi operativi coinvolti.
:: Software interessato
Java Web Start 1.x
Java Web Start 5.x
Java Web Start 6.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x
per Windows, Solaris, e Linux.
:: Impatto
Security Bypass
Accesso ad informazioni di sistema
Accesso a dati sensibili
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare i prodotti alle seguenti versioni:
JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp
JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html
:: Riferimenti
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
FrSirt:
http://www.frsirt.com/english/advisories/2008/2056
Secunia:
http://secunia.com/advisories/31010/
SecurityFocus:
http://www.securityfocus.com/bid/30148
http://www.securityfocus.com/bid/30147
http://www.securityfocus.com/bid/30146
http://www.securityfocus.com/bid/30143
http://www.securityfocus.com/bid/30142
http://www.securityfocus.com/bid/30144
http://www.securityfocus.com/bid/30141
http://www.securityfocus.com/bid/30140
CVE Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSHc/g/OB+SpikaiRAQKMLgQAtyNN8Yc6axVyXW1N+9uuPIBaVHZUuWzn
pu2/3feehuwshwd46/WPxBNpSdNUzJDBHjVwp9w0wsRoFAp5IpaCosA1kq1suXhe
Z6ddr4G7NW28vMfcj+RergeItZZvpTzc5omIxFj+uxk2TbidZhKQKnTTw3BIazdo
fv5AP5Ng6Zg=
=vN9K
-----END PGP SIGNATURE-----