In association with heise online

05 August 2009, 10:21

Java 6 Update 15 available

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sun has released JDK and JRE 6 Update 15 as well as JDK and JRE 5.0 Update 20 of its Java development and run time environment. With these versions, the developers fixed numerous bugs and resolved several security issues. One of the security problems gives untrusted applets access to a system, allowing attackers to gain control of a PC. Some of the holes are based on integer overflows when processing images and in connection with the Unpack200 JAR tool. Sun had to fix a similar flaw in the JAR tool in March 2009.

The vendor also included additional root certificates and extended the Java blacklist. The blacklist came into existence with Java 6 Update 14 and is designed to prevent Java plug-ins and Web Start from loading and executing vulnerable classes from signed JAR files. Users are, therefore, advised to update to the current version 6 (1.6 respectively) to take advantage of it. Since Java 6 Update 10, Java's installation routines for Windows have offered a patch-in-place configuration that can be used for overwriting older versions of Java. This is to prevent multiple installations in different folders on a system, which may cause security issues.

Mac OS X users will need to be patient and wait until Apple has strung together its own Java update. Three months ago, a Mac exploit caused commotion by targeting a Java vulnerability which, in the author's opinion, was ignored and left unpatched by Apple for several months.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-742817
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit