Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.


More in Tux Machines

Openwashing (Fake FOSS)

Android Leftovers

Slackware Live Edition – Beta 2

  • Slackware Live Edition – Beta 2
    Thanks for all the valuable feedback on the first public beta of my Slackware Live Edition. It allowed me to fix quite a few bugs in the Live scripts (thanks again!), add new functionality (requested by you or from my own TODO) and I took the opportunity to fix the packages in my Plasma 5 repository so that its Live Edition should actually work now.
  • Updated multilib packages for -current
  • (Hopefully) final recompilations for KDE 5_15.11
    There was still some work to do about my Plasma 5 package repository. The recent updates in slackware-current broke several packages that were still linking to older (and no longer present) libraries which were part of the icu4c and udev packages.

Leftovers: Software

  • Resuming work on Yokadi
    A few weeks ago we started working again on Yokadi, our command-line oriented, todo list. We are now finally ready to release version 1.0. This new version fixes a few bugs but does not bring new features. This lack of new features is actually a conscious decision: we wanted to make changes under the hood, and doing changes under the hood at the same time as adding new features is often a recipe for disaster.
  • remctl 3.10
    remctl is a simple and secure remote command execution protocol using GSS-API. Essentially, it's the thinnest and simplest possible way to deploy remote network APIs for commands using Kerberos authentication and encryption.
  • rra-c-util 5.9
    A minor release of my C utility library, including some changes required for the previous release of pam-afs-session and the upcoming release of remctl.
  • Feeding Emacs
    For the past fifteen years, I have been tweaking my ~/.emacs continously, most recently by switching to Spacemacs. With that switch done, I started to migrate a few more things to Emacs, an Atom/RSS reader being one that's been in the queue for years - ever since Google Reader shut down. Since March 2013, I have been a Feedly user, but I wanted to migrate to something better for a long time. I wanted to use Free Software, for one.
  • ELKI 0.7.0 on Maven and GitHub
    Version 0.7.0 of our data mining toolkit ELKI is now available on the project homepage, GitHub and Maven.