In association with heise online

01 June 2007, 16:34

More bugs in Java image processing routines

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Two significant security problems have been discovered in Sun's Java Runtime Environment (JRE) and in the associated development environment (JDK / SDK). According to an advisory from the vendor, there are two vulnerabilities in the image processing routines as a result of which untrusted Java applets may be able to obtain unauthorised access to user files and execute arbitrary programs or crash the Java VM (denial of service). The latest version of Java, version 6, and all previous versions for all operating systems are affected.

Sun have fixed both problems in version 6 update 1 and 5.0 update 11. Version 1.3.1_20 fixes the denial of service bug only. Users of version 1.3.x should update to a later major version. No update is available for either bug for Version 1.4, still widely used by developers for reasons of stability. Both vulnerabilities remain unfixed in the current version 1.4.2_14. Other Java implementations, such as those from IBM and Blackdown, may also be affected by the bugs, as they are based on Sun Java. No bug reports have yet been issued by these vendors.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit