In association with heise online

04 November 2009, 11:02

Java 6 Update 17 fixes multiple security vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sun Microsystems has released Java 6 Update 17, which fixes multiple security vulnerabilities. These include various buffer and integer overflows triggered by crafted audio and image files, which can be exploited by Java applets and 'Java Web Start' applications to escalate their privileges and allow system infection. A bug in the 'Java Web Start' installer can result in non-trusted Web Start applications being run as trusted applications and therefore obtaining escalated privileges. A vulnerability in the Java Runtime Environment Deployment Toolkit allows websites to inject and execute code.

Sun has also removed a vulnerability which could be exploited to fake digital signatures, triggered when verifying HMAC digests. The JRE update function should in future also update the runtime environment under non-English language versions of Windows.

Some of the bugs are also present in Java versions 5.0, 1.4.x and 1.3.x. Sun is recommending users of these products update to versions 5.0 Update 22, 1.4.2_24 and 1.3.1_27 respectively. All three have already reached or exceeded their end of life. Update 22 will be the final update for version 5 , and Sun is therefore advising all users to switch to version 6 in order to continue to receive security updates.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit