Note: This is an archival copy of Security Sun Alert 200935 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000714.1.
Date of Resolved Release
Certain releases of the Sun Java Desktop System (JDS) include versions of the Java Runtime Environment (JRE) which contain a vulnerability in the Java Plug-in that may allow an untrusted applet to escalate privileges.
This issue is also described in Sun Alert 57591 which can be seen at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1.
This issue can occur in the following releases:
Note: This issue only occurs with JDS JRE version j2re-1.4.2_02 or earlier.
To determine the release of JDS for Linux installed on a system, the following command can be run:
% cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004
To determine the version of the JDS JRE, the following command can be run:
% rpm -qf /usr/java/j2re1.4.2_02/bin/java j2re-1.4.2_02
% java -fullversion java full version "1.4.2_02"
There are no reliable symptoms that would indicate the described issue has been exploited.
This issue is addressed in the following releases:
To download and install the updated RPMs from the update servers, select the following sequence from the "launch" menu:
Launch >> Applications >> System Tools >> Online Update
For more information on obtaining updates see:
Sun Java Desktop System 2003
This solution has no attachment