1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Nasty bug: http://www.securityfocus.com/bid/8879/info/ |
5 |
|
6 |
"A vulnerability has been identified in the Sun Java Virtual Machine packaged |
7 |
with JRE and SDK. This issue results in the circumvention of the Java |
8 |
Security Model, and can permit an attacker to execute arbitrary code on |
9 |
vulnerable hosts." |
10 |
|
11 |
Hushmail warns about this on their site - possible arbitrary code execution by |
12 |
browsing hostile site with java enabled. |
13 |
|
14 |
Upgrade to dev-java/sun-jdk-1.4.2.06 and clean - there is a downgrade exploit |
15 |
as well. |
16 |
|
17 |
I found it in bugzilla as well: |
18 |
http://bugs.gentoo.org/show_bug.cgi?id=72172 |
19 |
|
20 |
So I guess a GLSA is pending. |
21 |
|
22 |
Best regards, |
23 |
|
24 |
- ---Venkat. |
25 |
|
26 |
- ---------------------------------------------------------------------------- |
27 |
Venkat Manakkal Tel:+1-607-546-7300 Fax: +1-607-546-7387 |
28 |
venkat@××××××××××.com http://www.rayservers.com/ |
29 |
rayservers@××××××××.com Computers. Installed Secure. Wholesale Prices. |
30 |
|
31 |
PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc |
32 |
- ---------------------------------------------------------------------------- |
33 |
|
34 |
-----BEGIN PGP SIGNATURE----- |
35 |
Version: GnuPG v1.2.4 (GNU/Linux) |
36 |
|
37 |
iD8DBQFBp6kIWdkW/RJDBSIRAmLfAJ9YxDMojMawcV7gobzZ97wsjuqUCACfVUfn |
38 |
OyZjkHIPQzIM3WR2qH3eeLM= |
39 |
=6NmW |
40 |
-----END PGP SIGNATURE----- |
41 |
|
42 |
-- |
43 |
gentoo-security@g.o mailing list |