Alert GCSA-11042 - Vulnerabilita' in Oracle Sun Java JDK, JRE, SDK
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11042
Data : 9 Giugno 2011
Titolo : Vulnerabilita' in Oracle Sun Java JDK, JRE, SDK
******************************************************************
:: Descrizione del problema
Sono state scoperte varie vulnerabilita' in alcune componenti di
Sun Java JDK (Java Development Kit) e JRE (Java Runtime Environment)
che potrebbero consentire ad attaccanti remoti di oltrepassare
le restrizioni di sicurezza di un sistema vulnerabile, accedere
ad informazioni sensibili, causare condizioni denial of service
ed ottenere il controllo completo del sistema.
Consultare i riferimenti per il dettaglio sulle componenti,
le versioni ed i sistemi operativi interessati.
:: Piattaforme e Software interessati
Versioni per Windows, Solaris e Linux
Oracle Sun Java JRE version 6 Update 25 (1.6.0_25) e precedenti
Oracle Sun Java JRE version 5 Update 29 (1.5.0_29) e precedenti
Oracle Sun Java JDK version 5 Update 25 (1.5.0_25) e precedenti
Oracle Sun Java SDK version 1.4.2_31 e precedenti
:: Impatto
Security Bypass
Manipolazione di dati
Esposizione di informazioni sensibili
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
Java JDK e JRE 6 Update 26
Java JDK e JRE 5 Update 30
Java SDK version 1.4.2_32
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.sun.com/javase/downloads/index.jsp
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - October 2010
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0873
Secunia
http://secunia.com/advisories/44784/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTfB+lvOB+SpikaiRAQJYZAP/SsMN9hGqglTkZ5Q66yfc06Jza7t6NHW+
KEy4Q7p7KOuUATQoC7ceSrkk84lLUCr7XHFg+NWqfmUUpYn7tpLlR8VTM4AiqJrW
cA1+7dDuCYpvvat76kZGUzZnqQFr1HDxk33UipIDWifhbUb8LufovZIHDEqNeoFH
7Fs+ozKOjVk=
=PkQ5
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11042
Data : 9 Giugno 2011
Titolo : Vulnerabilita' in Oracle Sun Java JDK, JRE, SDK
******************************************************************
:: Descrizione del problema
Sono state scoperte varie vulnerabilita' in alcune componenti di
Sun Java JDK (Java Development Kit) e JRE (Java Runtime Environment)
che potrebbero consentire ad attaccanti remoti di oltrepassare
le restrizioni di sicurezza di un sistema vulnerabile, accedere
ad informazioni sensibili, causare condizioni denial of service
ed ottenere il controllo completo del sistema.
Consultare i riferimenti per il dettaglio sulle componenti,
le versioni ed i sistemi operativi interessati.
:: Piattaforme e Software interessati
Versioni per Windows, Solaris e Linux
Oracle Sun Java JRE version 6 Update 25 (1.6.0_25) e precedenti
Oracle Sun Java JRE version 5 Update 29 (1.5.0_29) e precedenti
Oracle Sun Java JDK version 5 Update 25 (1.5.0_25) e precedenti
Oracle Sun Java SDK version 1.4.2_31 e precedenti
:: Impatto
Security Bypass
Manipolazione di dati
Esposizione di informazioni sensibili
Denial of service
Accesso al sistema
:: Soluzioni
Aggiornare alle versioni
Java JDK e JRE 6 Update 26
Java JDK e JRE 5 Update 30
Java SDK version 1.4.2_32
tramite la funzione 'Aggiornamento' in Pannello di controllo -> Java,
oppure con download dal sito ufficiale:
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://java.sun.com/javase/downloads/index.jsp
http://java.com/it/download/manual.jsp
:: Riferimenti
Oracle Java SE Critical Patch Update Advisory - October 2010
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0873
Secunia
http://secunia.com/advisories/44784/
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTfB+lvOB+SpikaiRAQJYZAP/SsMN9hGqglTkZ5Q66yfc06Jza7t6NHW+
KEy4Q7p7KOuUATQoC7ceSrkk84lLUCr7XHFg+NWqfmUUpYn7tpLlR8VTM4AiqJrW
cA1+7dDuCYpvvat76kZGUzZnqQFr1HDxk33UipIDWifhbUb8LufovZIHDEqNeoFH
7Fs+ozKOjVk=
=PkQ5
-----END PGP SIGNATURE-----