Sun Java Updates for Multiple Vulnerabilities

Original release date: December 05, 2008
Last revised: --
Source: US-CERT

Systems Affected

Sun Java Runtime Environment versions

• JDK and JRE 6 Update 10 and earlier
• JDK and JRE 5.0 Update 16 and earlier
• SDK and JRE 1.4.2_18 and earlier
• SDK and JRE 1.3.1_23 and earlier

Overview

There are multiple vulnerabilities affecting the Sun Java Runtime Environment.

Solution

Apply an update from Sun

These issues are addressed in the following versions of the Sun Java Runtime Environment:

• JDK and JRE 6 Update 11
• JDK and JRE 5.0 Update 17
• SDK and JRE 1.4.2_19
• SDK and JRE 1.3.1_24

If you install the latest version of Java, older versions may remain installed on your computer. If you do not need these older versions, you can remove them by following Sun's instructions.

Disable Java

Disable Java in your web browser, as described in the Securing Your Web Browser document. While this does not fix the underlying vulnerabilities, it does block a common attack vector.

Description

The Sun Java Runtime Environment (JRE) allows users to run Java applications. Sun has released alerts to address multiple vulnerabilities in the JRE. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.

More information is available in US-CERT Technical Cyber Security Alert TA08-340A.

References

• US-CERT Technical Cyber Security Alert TA08-340A - <http://www.us-cert.gov/cas/techalerts/TA08-340A.html>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>

---

Feedback can be directed to US-CERT.

---

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

December 05, 2008: Initial release