Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

Top Android apps for your Raspberry Pi

Mostly, our tutorials are about completing a specific project and reaching a particular goal. However, this time we’re doing something a bit different. We are showing you some Android apps that you can use along with your Ras Pi. These apps aren’t tied to particular projects – you can use them whenever and as often as you like – but we think they can add something to your whole experience with the Pi. Read more

These 3 things are trying to kill Linux containers

For nearly two years, Linux containers have dominated the world of enterprise IT, and for good reason — among others, they take on issues that virtualization simply cannot within application development and computing at scale and allow for the enterprise world to truly embrace concepts like devops and microservices (the Service Oriented Architecture dream from years gone by). That sound you hear is IT vendors stampeding towards the container bandwagon, but, as with every emerging tech trend, this isn’t always a good thing, as not everyone is walking the walk, regardless of what the business might actually say. Read more

GNOME and KDE

GNOME
  • GNOME Maps Is Looking Better In GNOME 3.20
    While not yet as versatile as say Google Maps, GNOME Maps for GNOME 3.20. is looking to be a nice upgrade. Maps in GNOME 3.20 is making progress with OpenStreetMap editing, expanded place bubbles, adding new places to OSM, support for printing routes, and more.
  • My Updated 3.18 Packages for GNOME Extensions
    I started releasing extension updates in 2014 due to a lot of extensions being unmaintained and seemingly break every time GNOME releases a new version of the Desktop Environment (DE). This is my third batch release post for GNOME extensions and these extension packages are for GNOME 3.18.
KDE

today's howtos