Sun Microsystems have issued a Java update on several critical Java security vulnerabilities. The security vulnerabilities affect several JDK, JRE and SDK versions including JRE 6 Update 10 and earlier which is usually installed to enable Java support on a computer system.
A total of 13 security vulnerabilities are fixed by the Java update. Attackers can use those vulnerabilities for various attacks on a computer system that can lead to privilege escalations.
Probably the easiest way to uninstall old versions of Java and to install the latest secure update is by using the third party software Java RA. Java RA can uninstall old versions of Java. Users should download the latest JRE directly from Sun and install it on their systems. Java Ra should be run after the installation as it will remove all old versions of Java while keeping the latest version installed.
List of vulnerabilities:
- The Java Runtime Environment Creates Temporary Files That Have “Guessable” File Names
- Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts
- Allow Applets or Java Web Start Applications to Elevate Their Privileges
- Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation
- The Java Runtime Environment (JRE) “Java Update” Mechanism Does Not Check the Digital Signature of the JRE that it Downloads
- A Buffer Overflow Vulnerability in the Java Runtime Environment (JRE) May Allow Privileges to be Escalated
- A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated
- The Java Runtime Environment UTF-8 Decoder May Allow Multiple Representations of UTF-8 Input
- Security Vulnerability in Java Runtime Environment May Allow Applets to List the Contents of the Current User’s Home Directory
- Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys
- A Security Vulnerability in Java Runtime Environment (JRE) With Authenticating Users Through Kerberos May Lead to a Denial of Service (DoS)
- Security Vulnerabilities in the Java Runtime Environment (JRE) JAX-WS and JAXB Packages may Allow Privileges to be Escalated
- A Security Vulnerability in Java Runtime Environment (JRE) With Parsing of Zip Files May Allow Reading of Arbitrary Memory Locations
- A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost
May
Users who cannot install the Java update immediately should disable Java for the time being to protect their computer system from the exploits.
Related posts:
Update Java and remove old Java versions from your systemFirefox 3.05 Security Update
Update To Opera 9.52 Now
Microsoft Internet Explorer Security Update
Firefox 2.0.0.16 Security Update
Java Error 25099 Unzipping Core Files Failed
Thunderbird Security Update To 2.0.0.17
Critical Adobe Reader Update
4 Responses to “Java Security Update Released”
Trackbacks/Pingbacks
-
[...] following article about Java Security Update Released is from our content partner Ghacks. Sun Microsystems have issued a Java update on several critical [...]
If you’re an administrator, you might want to get this new Sun Java package, JAVA SE for Business at http://www.sun.com/software/javaseforbusiness/getit_download.jsp#j4b6
This package installs with auto updating (and notification) disabled by default.
would be sad to not have javafx
This new version uninstalls finally previous version also. Only old javaversions (prior to 9 have to be deleted with javara or manual)