Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

Kernel Space/Linux

Leftovers: Software

  • KDE Kirigami 1.1 UI Framework Released
  • [GNOME Maps:] Planning a trip
  • Etcher Image Writer Is Now Better Than Ever
    Back in may we spotlighted Etcher, a stylish open-source USB image writer app for Windows, macOS and Linux. In the months since our feature the app has released a over 10 small beta updates, with Etcher 1.5 Beta being the most recent release at the time of writing.
  • Audacious 3.8 released
    Audacious 3.8 was released on September 21, 2016.
  • New Version of Audacious Music Player Released
    A new version of Audacious, a popular lightweight audio player, is now available for download. Audacious 3.8 introduces a small set of features, including the ability to run more than one instance of the app at the same time. Quite why… no idea. New audtool commands have been added, including stream recording toggles, and cue sheet support is said to be “more seamless”.
  • Rambox Puts All Your Favorite Messaging Services In One App
    Rambox is a free, open-source messaging and email app that groups all your favourite web apps into one easy-to-manage window. Sound familiar? We’ve highlighted apps like Rambox before, with Franz and the Gmail-specific Wmail being but two.
  • Stylish Markdown Editor ‘Typora’ Is Now Available for Ubuntu
    In the market for a desktop markdown editor for Linux? You may have helped but notice that you’re rather spoilt for choice. From Abricotine and Scratch to Simplenote, Springseed and Remarkable. Even Gedit can render markdown with the right plugin! With so much choice it can be difficult to know which app to pick.
  • YoutPlayer Floats Your Fave YouTube Videos on The Desktop [Ed: just an Electron app]
    Looking for a neat-o way to play YouTube playlists on your desktop, outside your browser? Take a looksie at Yout, an Electron app that lets you add and watch YouTube playlists on your desktop, floating window stylee. Yout is not the most user-friendly of apps.

today's howtos

Leftovers: Gaming

  • Avoid the pile-up in 'Clustertruck', a first-person platformer with day-1 Linux support, it's great
    We have been steadily getting more 3D "beat the timer" games where you're up against others times, which is great because they really can be fun. I do love getting competitive in certain games, especially with some of my Steam friends and friends in the wider community. Games like this recently have been something I've been repeatedly going back to for a break from life. Clustertruck is not only about beating the times of other people, but it's also a "the floor is lava" game, so if you touch the floor you have to start again. The really funny thing is that the safe pads are moving trucks you have to keep up with. You can at least grab onto the back of a truck if you just about touch it, so it's not always instant death.
  • Fusion 3, the next generation game engine and editor from Clickteam will support Linux
    The difference between their tools and others, is the event system. Instead of needing to program every single line, you can stack up events and link them together to create a game. It works quite well and I'm pretty excited to give Fusion 3 a go on Linux myself to see what random games I can create for fun.