Detalji

U radu programskog paketa JRE (eng. Java Runtime Environment) uočeno je nekoliko sigurnosnih propusta. JRE je radno okruženje za programe pisane u Java programskom jeziku (Java applets). Propusti su rezultat nespecificiranih grešaka u JRE programskim komponentama, a najozbiljniji propusti mogu rezultirati izvođenjem proizvoljnog programskog koda. Za iskorištavanje propusta, potrebno je korisnika navesti na otvaranje web stranice s posebno oblikovanom Java aplikacijom. Preporuča se korištenje nadogradnje.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2011-03-08-2 Java for Mac OS X 10.5 Update 9

Java for Mac OS X 10.5 Update 9 is now available and addresses the
following:

Java
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact:  Multiple vulnerabilities in Java 1.6.0_22
Description:  Multiple vulnerabilities exist in Java 1.6.0_22, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_24.
Further information is available via the Java website at
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
CVE-ID
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4476

Java
Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact:  Multiple vulnerabilities in Java 1.5.0_26
Description:  Multiple vulnerabilities exist in Java 1.5.0_26, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.5.0_28.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/documentation/overview-137139.html
CVE-ID
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4454
CVE-2010-4462
CVE-2010-4465
CVE-2010-4468
CVE-2010-4469
CVE-2010-4471
CVE-2010-4473
CVE-2010-4476


Java for Mac OS X 10.5 Update 9 may be obtained from the Software
Update pane in System Preferences, or Apple's Software Downloads
web site: http://www.apple.com/support/downloads/

The download file is named: JavaForMacOSX10.5Update9.dmg
Its SHA-1 digest is: 65173cd19b5f4dd9b6b3bc396c364665eae23217

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJNdnYHAAoJEGnF2JsdZQee6u8IAMPf/ftUPYtjBK8RWxjwFhUv
Czj79SLQ81Rie/JvuGib90b9IWX5U757tKdoumyCF6Pv2lEjo53Cu+1k/6TgrTzL
p6odiSbQ8xYpzZ5FLn3CrfN94a1SK00+TdocKN0zpRKENRSz2uNaFwfHILo1SyMe
Gr19M6Av0QKrNBXZSILR5l1WIA5Bg8Hk0HWiKl/Jo+F7uvZzWX98qP8rKFBLQw+r
llnK8c/JAMSt79MRXNhGXJKfLpPPiPG2RiUdCHQci87pPkm4pmioEFXTvaDDUSpZ
ZirowKvDqEaR1XpW67/8JcY3+mW/QKXNMGnFaBSqFZLzQ5wxtn6IxNnk/8RaSdY=
=IR0f
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/lss.advisory%40gmail.com

This email sent to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Idi na vrh