| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Nasty bug: http://www.securityfocus.com/bid/8879/info/ |
| 5 |
|
| 6 |
"A vulnerability has been identified in the Sun Java Virtual Machine packaged |
| 7 |
with JRE and SDK. This issue results in the circumvention of the Java |
| 8 |
Security Model, and can permit an attacker to execute arbitrary code on |
| 9 |
vulnerable hosts." |
| 10 |
|
| 11 |
Hushmail warns about this on their site - possible arbitrary code execution by |
| 12 |
browsing hostile site with java enabled. |
| 13 |
|
| 14 |
Upgrade to dev-java/sun-jdk-1.4.2.06 and clean - there is a downgrade exploit |
| 15 |
as well. |
| 16 |
|
| 17 |
I found it in bugzilla as well: |
| 18 |
http://bugs.gentoo.org/show_bug.cgi?id=72172 |
| 19 |
|
| 20 |
So I guess a GLSA is pending. |
| 21 |
|
| 22 |
Best regards, |
| 23 |
|
| 24 |
- ---Venkat. |
| 25 |
|
| 26 |
- ---------------------------------------------------------------------------- |
| 27 |
Venkat Manakkal Tel:+1-607-546-7300 Fax: +1-607-546-7387 |
| 28 |
venkat@××××××××××.com http://www.rayservers.com/ |
| 29 |
rayservers@××××××××.com Computers. Installed Secure. Wholesale Prices. |
| 30 |
|
| 31 |
PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc |
| 32 |
- ---------------------------------------------------------------------------- |
| 33 |
|
| 34 |
-----BEGIN PGP SIGNATURE----- |
| 35 |
Version: GnuPG v1.2.4 (GNU/Linux) |
| 36 |
|
| 37 |
iD8DBQFBp6kIWdkW/RJDBSIRAmLfAJ9YxDMojMawcV7gobzZ97wsjuqUCACfVUfn |
| 38 |
OyZjkHIPQzIM3WR2qH3eeLM= |
| 39 |
=6NmW |
| 40 |
-----END PGP SIGNATURE----- |
| 41 |
|
| 42 |
-- |
| 43 |
gentoo-security@g.o mailing list |
Archives