Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

Open/Hacker Hardware

4MLinux 20.1 released.

This is a minor maintenance release in the 4MLinux STABLE channel. The release ships with the Linux kernel 4.4.34, which restores PAE support that "magically" disappeared in 4MLinux 20.0 (sorry :-). Additionally, some popular programs (Double Commander, Dropbox, Firefox, Java RE, Opera, PeaZip, Thunderbird, Wine) have been updated, too. Read more

Refracta 8.0 Is a Pint-Sized Powerhouse

Refracta is a somewhat obscure Linux distribution that offers exceptional functionality and stability. Obscurity is not always a bad thing when it comes to Linux distros. You can find some very worthwhile alternatives to your current operating system. Refracta is a big surprise in a small package. Many look-alike desktop distros are difficult to distinguish from run-of-the-mill garden varieties. Others offer new adopters something unique that makes using them fun and productive. Refracta is one of the few full-service Linux distros that makes an easy and more convenient replacement for pocket Linux options such as Puppy Linux. Not all Linux distros that install to a USB drive -- and have the ability to save files and system settings in a persistent mode -- work equally well. Read more

Clear Linux With Mesa 13 Is A Strong Match For Intel Linux Performance

When benchmarking Intel's Clear Linux distribution earlier this year we found its Intel graphics performance to be quite good and slightly faster than other Linux distributions even when Clear was using an older version of Mesa. Now with Clear Linux having switched to Mesa 13, I decided to run some fresh Intel OpenGL benchmarks on it compared to other distributions. Read more