Clytie Siddall, 19-01-2007 04:54:
Hi guys :)
Today Secunia says:
A vulnerability in the Sun Java Runtime Environment (JRE) has been
reported, which can be used by malicious people to gain access to a
remote system.
An error occurs when JRE processes a specially crafted GIF image with 0
width, which can be exploited to cause a heap-based buffer overflow.
Successful exploitation allows the execution of arbitrary code.
The vulnerability is reported in the following versions:
* JDK and JRE 5.0 Update 9 and prior.
* SDK and JRE 1.4.2_12 and prior.
* SDK and JRE 1.3.1_18 and prior.
Vendor patches are now available.
Does that affect OpenOffice.org? If so, what do we do to (1) fix it and
(2) inform and help our users?
Thankyou for sharing your wisdom on this situation. I am still puzzled
why security issues aren't linked from the OpenOffice.org homepage.
Users want and need to know about them.
The bug is of the JRE, so it can happen in any program that uses it.
But for being exploited the user would have to open a infected file.
Since we distribute the JRE 5 update 9 in some builds, we could post a
notice, but it's up to the security team, not QA:
<http://www.openoffice.org/security/>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
