Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

KDE: Introduction to Kdenlive, Qt 3D Aspect, Mini Bug Squashing Day

  • A Brief Introduction to Kdenlive
    Kdenlive has become one of the main free software tools for audio-visual editing. Although complaints about earlier versions continue to dog its reputation — especially about syncing — the latest releases soon make clear that Kdenlive is now a mature and reliable tool. However, one thing it lacks is a general overview that helps new users navigate its complexity. Admittedly, the information users need is available. Yet finding it when you need it can be time-consuming, and add to the difficulties of learning a new application. Having just completed my first video — “Preparing Labels in LibreOffice” for WorldLabel — I think I have learned enough of the basics that my next effort should go far more efficiently. As a guide to myself, and to anyone else who might be starting to use Kdenlive, I present the following in the hopes of saving everyone some time and distraction.
  • Writing a Custom Qt 3D Aspect – part 1
    Qt 3D has a flexible and extensible architecture that allows us to easily add our own new functionality to it without disrupting the existing features.
  • Mini Bug Squashing Day
    In preparation for the 17.12 release we will be holding a mini bug squashing day on the 1st of December, between 10:00 and 15:30 (CET time). Community members are invited to submit their bug suggestions. For developers interested in contributing to the project we have a set up a list of low hanging bugs for them to cherry pick and get acquainted with the code base. Note that this is a great opportunity for prospective participants in the Season of KDE.

Xubuntu 17.10 Artful Aardvark - The winter is ... meh

I must say I'm a bit sad. Xubuntu 17.10 Artful Aardvark is nowhere near as good as its predecessor. It comes with a slew of bugs and regressions inherited from Ubuntu without any validations or checks. The experience is flawed, with middling hardware support, although the rest of the stack is quite reasonable. You get blazing performance, good looks, and decent overall out-of-the-box experience with media and gadgets. However, that on its own means nothing - because when you compare to Zingy Zorba, this is a release that does everything slightly less well, and it comes with problems and issues we did not have before. Do we really need these hope-killing releases that undo all that's gone before? Xubuntu was really doing well, and then, wham, regressions. Seriously? Why? Anyway, 6/10. Worth testing - better than Ubuntu or Kubuntu of the autumn stock, but still not as good as what we've seen, known and love. Take care, fellow Tuxians. Read more

today's howtos

Linux 4.14.2, 4.13.16, 4.9.65, 4.4.101, 4.4.102, and 3.18.84