Java SE 6 Update 5 Available - Multiple Security Vulnerabilities Fixed
March 5th, 2008
Sun recently released Java SE 6 Update 5: Java SE Downloads (Release Notes).
Included are several important security fixes:
- #233321: Two Security Vulnerabilities in the Java Runtime Environment Virtual Machine
- #233322: Security Vulnerability in the Java Runtime Environment With the Processing of XSLT Transformations
- #233323: Multiple Security Vulnerabilities in Java Web Start May Allow an Untrusted Application to Elevate Privileges
- #233324: A Security Vulnerability in the Java Plug-in May Allow an Untrusted Applet to Elevate Privileges
- #233325: Vulnerabilities in the Java Runtime Environment image Parsing Library
- #233326: Security Vulnerability in the Java Runtime Environment May Allow Untrusted JavaScript Code to Elevate Privileges Through Java APIs
- #233327: Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its Privileges
I'll followup with some additional information on the JavaScript privilege elevation (#233326) after I can do some more testing.
Posted by gfleischer on 2008/03/05 at 14:55 in Vulnerabilities