-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
AA-2008.0062                  AUSCERT Advisory

                           [Win][Linux][Solaris]
         Sun Java JRE and JDK - multiple security vulnerabilities
                               15 July 2008
- ---------------------------------------------------------------------------

        AusCERT Advisory Summary
        ------------------------

Product:              JDK and JRE 6 Update 4 and earlier
                      JDK and JRE 5.0 Update 14 and earlier
                      SDK and JRE 1.4.2_16 and earlier
Operating System:     Windows
                      Linux variants
                      Solaris
Impact:               Execute Arbitrary Code/Commands
                      Increased Privileges
                      Denial of Service
Access:               Remote/Unauthenticated
CVE Names:            CVE-2008-1185 CVE-2008-1186 CVE-2008-1187
                      CVE-2008-1188 CVE-2008-1189 CVE-2008-1190
                      CVE-2008-1191 CVE-2008-1192 CVE-2008-1193
                      CVE-2008-1194 CVE-2008-1195 CVE-2008-1196
Member content until: Thursday, April 03 2008

Revision History:  July  15 2008: Added CVE
                   March 10 2008: Added CVEs
                   March  6 2008: Initial Release


OVERVIEW:
 
	Sun has released an update to the Java Runtime Environment and the
        Java Development Kit.  This update fixes seven security vulnerabilities
        and several bugs.
 
 
DETAILS:

        New root CA certificates added to the JDK which include AOL, 
        TrustCenter and DigiCert.

        * 233321
        
         Two security vulnerabilities in the Java Runtime Environment Virtual
         Machine may independently allow an untrusted application or applet 
         that is downloaded from a website to elevate its privileges. [2]

         * 233322

         A security vulnerability in the Java Runtime Environment (JRE) with 
         the processing of XSLT transformations may allow an untrusted applet 
         or application that is downloaded from a website to elevate its 
         privileges. For example, an applet may read certain unauthorized URL 
         resources (such as some files and web pages) or potentially execute 
         arbitrary code. This vulnerability may also be exploited to create a
         Denial-of-Service (DoS) condition by causing the JRE to crash. [3]

         * 233323

         Three buffer overflow security vulnerabilities may independently allow
         a Java Web Start application that is downloaded from a website to elevate
         its privileges.

         * 233324

         A security vulnerability in the Java Plug-in may allow an applet that 
         is downloaded from a website to bypass the same origin policy and 
         leverage this flaw to execute local applications that are accessible to
         the user running the untrusted applet. [5]

         * 233325

         A vulnerability in the Java Runtime Environment image parsing library 
         may allow an untrusted application or applet that is downloaded from 
         a website to elevate its privileges. [6]

         * 233326

         A vulnerability in the Java Runtime Environment may allow JavaScript 
         code that is downloaded by a browser to make connections to network 
         services on the system that the browser runs on, through Java APIs. 
         This may allow files (that are accessible through these network 
         services) or vulnerabilities (that exist on these network services) 
         which are not otherwise normally accessible to be accessed or 
         exploited. [7]

         * 233327

         A buffer overflow vulnerability in Java Web Start may allow an 
         untrusted Java Web Start application that is downloaded from a 
         website to elevate its privileges. [8]

         
MITIGATION:
 
        Sun provides mitigation strategies for some of the individual 
        alerts. Refer to the individual bulletins for appropriate strategies.

        Administrators are recommended to upgrade Java packages to one of the
        following releases:

        * JDK and JRE 6 Update 5 or later
        * JDK and JRE 5.0 Update 15 or later
        * SDK and JRE 1.4.2_17 or later

 
REFERENCES:

        [1] Java SE 6 Update 5 Release Notes
            http://java.sun.com/javase/6/webnotes/ReleaseNotes.html

        [2] Two Security Vulnerabilities in the Java Runtime Environment 
              Virtual Machine
            http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1

        [3] Security Vulnerability in the Java Runtime Environment With the 
              Processing of XSLT Transformations 
            http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1

        [4] Multiple Security Vulnerabilities in Java Web Start May Allow an 
              Untrusted Application to Elevate Privileges
            http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1

        [5] A Security Vulnerability in the Java Plug-in May Allow an Untrusted
              Applet to Elevate Privileges
            http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1

        [6] Vulnerabilties in the Java Runtime Environment image Parsing Library
            http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1

        [7] Security Vulnerability in the Java Runtime Environment May Allow
              Untrusted JavaScript Code to Elevate Privileges Through Java APIs 
            http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1

        [8] Buffer Overflow Vulnerability in Java Web Start May Allow an 
              Untrusted Application to Elevate its Privileges
            http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1


AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBSHvm2yh9+71yA2DNAQKOWwP/eKSDxS1cECckf9dAUcPLzh+qGCdJezsy
YfAGrdl+SNFyFMgIliyZCDNv2lVwgWb0p27o0zC1C/QOdl0z+eFx8Eypn95A455X
w5GMXqX1GseMinWUWfnSWiQOUqYOlBorpet757jy3tBnLihU2tll5AxzwQPJ6tj5
rmo4BOYICZ0=
=AMG4
-----END PGP SIGNATURE-----