Note: This is an archival copy of Security Sun Alert 200935 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000714.1. |
Category Security Release Phase Resolved 6232230 Date of Resolved Release 01-MAR-2005 Impact Certain releases of the Sun Java Desktop System (JDS) include versions of the Java Runtime Environment (JRE) which contain a vulnerability in the Java Plug-in that may allow an untrusted applet to escalate privileges. This issue is also described in Sun Alert 57591 which can be seen at http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1. Contributing Factors This issue can occur in the following releases: Linux Platform
Note: This issue only occurs with JDS JRE version j2re-1.4.2_02 or earlier. To determine the release of JDS for Linux installed on a system, the following command can be run: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of the JDS JRE, the following command can be run: % rpm -qf /usr/java/j2re1.4.2_02/bin/java j2re-1.4.2_02 Or: % java -fullversion java full version "1.4.2_02" Symptoms There are no reliable symptoms that would indicate the described issue has been exploited. Workaround To work around the described issue, JavaScript may be temporarily disabled in the browser. Resolution This issue is addressed in the following releases: Linux Platform
To download and install the updated RPMs from the update servers, select the following sequence from the "launch" menu: Launch >> Applications >> System Tools >> Online Update For more information on obtaining updates see:
Modification History Product Sun Java Desktop System 2003 Attachments This solution has no attachment |
|