U radu programskog paketa Java uočen je niz sigurnosnih propusta. Napadač ih može iskoristiti za pokretanje proizvoljnog programskog koda, otkrivanje osjetljivih informacija te utjecanje na povjerljivost, integritet i dostupnost podataka.
Propusti su posljedica višestrukih nespecificiranih pogrešaka u komponenti Java Runtime Environment, nepravilnosti u implementaciji SSL protokola, itd. Za više informacija o svim propustima savjetuje se čitanje izvorne preporuke.
Posljedica:
Napadaču propusi omogućuju utjecaj na povjerljivost, integritet i dostupnost podataka, pokretanje proizvoljnog programskog koda i otkrivanje osjetljivih informacija.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac
OS X 10.6 Update 6
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
are now available and address the following:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
Mac OS X v10.7.2, Mac OS X Server v10.7.2
Impact: Multiple vulnerabilities in Java 1.6.0_26
Description: Multiple vulnerabilities exist in Java 1.6.0_26, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_29.
Further information is available via the Java website at
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
CVE-ID
CVE-2011-3389
CVE-2011-3521
CVE-2011-3544
CVE-2011-3545
CVE-2011-3546
CVE-2011-3547
CVE-2011-3548
CVE-2011-3549
CVE-2011-3551
CVE-2011-3552
CVE-2011-3553
CVE-2011-3554
CVE-2011-3556
CVE-2011-3557
CVE-2011-3558
CVE-2011-3560
CVE-2011-3561
Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b
For Mac OS X v10.7 systems
The download file is named: JavaForMacOSX10.7.dmg
Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP
2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW
t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4
mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL
wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS
D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8=
=4KBF
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/advisory%40lss.hr
This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke