_______________________________________________________________________________
Blackdown Java-Linux Security Advisory Advisory number: Blackdown-SA-2005-02 Issue date: 2005, June 14 Synopsis: Java Runtime Environment May Allow Untrusted Applet to Elevate Privileges _______________________________________________________________________________ 1. Problem A vulnerability in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. 2. Vulnerable Versions Blackdown J2SE 1.4.2-01 and earlier 1.4 releases. 1.3.1 releases are not affected. 3. Solution Upgrade to J2SE v1.4.2-02 4. Location of fixed packages: Java 2 Runtime Environment v1.4.2-02: amd64: ftp://ftp.tux.org/java/JDK-1.4.2/amd64/02/j2re-1.4.2-02-linux-amd64.bin dc4d79332f7fc5a1a729415584ab0f22 x86: ftp://ftp.tux.org/java/JDK-1.4.2/i386/02/j2re-1.4.2-02-linux-i586.bin c209c959ce4ab0188e77d065ec57901a Java 2 SDK v1.4.2-02 amd64: ftp://ftp.tux.org/java/JDK-1.4.2/amd64/02/j2sdk-1.4.2-02-linux-amd64.bin 71a00fbf52e39987790c3216a219c281 x86: ftp://ftp.tux.org/java/JDK-1.4.2/i386/02/j2sdk-1.4.2-02-linux-i586.bin a65733528562794b7838407084cabd9a Debian packages are available at ftp://ftp.tux.org/java/debian/ 5. References http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 _______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the cleartext signature shows proof of the authenticity of the text. Blackdown Java-Linux makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. _______________________________________________________________________________ -- Juergen Kreileder, Blackdown Java-Linux Team http://blog.blackdown.de/
pgpKGGdRlm2UA.pgp
Description: PGP signature