Published: 2008-12-07T15:08+00:00
Last Updated: 2008-12-07T15:08+00:00
TRTA08-340A
Sun Java Updates for Multiple Vulnerabilities
Overview
Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
Event Information
| Date (UTC) | Description |
| 2008-12-05 21:05 |
US-CERT TA08-340A: Sun Java Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2008-12-03 15:45 |
US-CERT Sun Releases Updates for Java SE US-CERT Current Activity Sun has released updates for Java SE. These updates address multiple security issues in Java Runtime Environment (JRE) and Java SE Development Kit (JDK). |
| 2008-12-03 07:23 |
SANS Internet Storm Center Sun Java 6.0 Update 11 is now available Sun Java 6.0 Update 11 is now available! |
| 2008-12-01 19:03 |
sun security community SECURITY BLOG Advance notification of Security Updates for Java SE On December 2, 2008, Sun will release the following security updates: JDK and JRE 6 Update 11, JDK and JRE 5.0 Update 17, SDK and JRE 1.4.2_19, SDK and JRE 1.3.1_24 |
| 2008-10-02 |
iDefense Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability Vulnerability Reported The vulnerability occurs when reading the Pack200 compressed Jar file during decompression. In order to calculate the size of a heap buffer, the code multiplies and adds several integers. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap based buffer overflow. |
| 2008-10-01 |
iDefense Sun Java Web Start GIF Decoding Memory Corruption Vulnerability Vulnerability Reported The vulnerability occurs when parsing this GIF file. The parsing code does not correctly validate several values in the GIF header. This lets an attacker write data outside of the bounds of an allocated heap buffer, which can lead to the execution of arbitrary code. |
| 2008-09-10 |
iDefense Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability Vulnerability Reported The vulnerability exists within the font parsing code in the JRE. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when processing TrueType font files. During parsing, improper bounds checking is performed, which can lead to a heap based buffer overflow. |
| 2008-07-31 |
iDefense Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability Vulnerability Reported The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when parsing various structures in TrueType font files. During parsing, values are taken from the file, and without being properly validated, used in operations that calculate the number of bytes to allocate for heap buffers. The calculations can overflow, resulting in a potentially exploitable heap overflow. |
| 2008-07-14 |
Zero Day Initiative (ZDI) ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerability Reported These vulnerabilities allow remote attackers to bypass sandbox restrictions on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. |
| 2008-04-16 |
Zero Day Initiative (ZDI) ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability Vulnerability Reported The specific flaw occurs within the Java AWT library. If a custom image model is used for the source 'Raster' during a conversion through a 'ConvolveOp' operation, the imaging library will calculate the size of the destination raster for the conversion incorrectly leading to a heap-based overflow. This can result in arbitrary code execution under the context of the current user. |
Other Information
| CVE |