M
MEB
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA08-193A
Sun Updates for Multiple Vulnerabilities
Original release date: July 11, 2008
Last revised: --
Source: US-CERT
Systems Affected
Sun Java Runtime Environment versions
* JDK and JRE 6 Update 6 and earlier
* JDK and JRE 5.0 Update 16 and earlier
* SDK and JRE 1.4.2_17 and earlier
* SDK and JRE 1.3.1_22 and earlier
Overview
By convincing you to visit a malicious website, an attacker could use a
vulnerability in Sun Java to gain control of your computer. You may
have
Java on your computer without even realizing it.
Solution
Apply an update from Sun
Sun has released updates that fix these vulnerabilities. As illustrated
on
the Java website, follow these instructions to update your version of
Java:
1. From the Start menu, open the Control Panel.
2. Click the Java icon to open the Java Control Panel. (If you do not
see
the icon, Java is probably not installed on your computer.)
3. Select the Update tab and click the Update Now button. (If you do not
see an Update tab, your version of Java does not support updates, or
you
must log in as an Administrator.)
We also recommend enabling Automatic Updates for Java. To enable
Automatic
Updates, go to the Update tab of the Java Control Panel and select the
Check for Updates Automatically check box.
Leaving older versions of Java on your computer after the update could
expose you to security risks. You may want to remove the older versions
by
following Sun's instructions.
Disable Java
We recommend that users disable Java in their web browser. Disabling
Java
in your web browser will not fix the vulnerability, but it may prevent
an
attacker from being able to take advantage of it. Instructions for
disabling Java are available in the Securing Your Web Browser document.
Description
Vulnerabilities in Sun Java may allow an attacker to access your
computer,
install and run malicious software on your computer, or cause your
computer to crash. An attacker could exploit these vulnerabilities by
convincing you to view a malicious web document.
For more technical information, see US-CERT Technical Alert TA08-193A.
References
* US-CERT Technical Cyber Security Alert TA08-193A -
<http://www.us-cert.gov/cas/techalerts/TA08-193A.html>
* What is Java Update? -
<http://www.java.com/en/download/help/5000020700.xml>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA08-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA08-193A Feedback VU#827003" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
July 11, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSHemb3IHljM+H4irAQJ5HwgAqWZcrPPp7RRgjuS7iosvv38U8cr6oS+N
vv8JQqaL5W4kpBmR9W1Vg8YkwV0nZBxj4tiVRR4FsnwVr+9s18FYs3OwVO1sH1/9
ju2F97c9cN8Sw6GythcfvxO6OYMMerf2+EJm/qh/3LzUspAAsADB76rolqjNiqd1
jKP587EBz1ToTyLkqwFPvfFvTO/S9fAS6Y95ySJSnzEV14HImWQYthx7UojSD7h7
jAoT9PX/8D1WOc9+gxGb4nsBHgU9ddgNrNGr62MbjIfLC0QWkCPGD9xBBY5b4P8P
TZqEWuDXkfHcr2WJw1AFy9s0QJKA9/PNxxyVw/DDkEhIObBueGaa0A==
=C+tr
-----END PGP SIGNATURE
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA08-193A
Sun Updates for Multiple Vulnerabilities
Original release date: July 11, 2008
Last revised: --
Source: US-CERT
Systems Affected
Sun Java Runtime Environment versions
* JDK and JRE 6 Update 6 and earlier
* JDK and JRE 5.0 Update 16 and earlier
* SDK and JRE 1.4.2_17 and earlier
* SDK and JRE 1.3.1_22 and earlier
Overview
By convincing you to visit a malicious website, an attacker could use a
vulnerability in Sun Java to gain control of your computer. You may
have
Java on your computer without even realizing it.
Solution
Apply an update from Sun
Sun has released updates that fix these vulnerabilities. As illustrated
on
the Java website, follow these instructions to update your version of
Java:
1. From the Start menu, open the Control Panel.
2. Click the Java icon to open the Java Control Panel. (If you do not
see
the icon, Java is probably not installed on your computer.)
3. Select the Update tab and click the Update Now button. (If you do not
see an Update tab, your version of Java does not support updates, or
you
must log in as an Administrator.)
We also recommend enabling Automatic Updates for Java. To enable
Automatic
Updates, go to the Update tab of the Java Control Panel and select the
Check for Updates Automatically check box.
Leaving older versions of Java on your computer after the update could
expose you to security risks. You may want to remove the older versions
by
following Sun's instructions.
Disable Java
We recommend that users disable Java in their web browser. Disabling
Java
in your web browser will not fix the vulnerability, but it may prevent
an
attacker from being able to take advantage of it. Instructions for
disabling Java are available in the Securing Your Web Browser document.
Description
Vulnerabilities in Sun Java may allow an attacker to access your
computer,
install and run malicious software on your computer, or cause your
computer to crash. An attacker could exploit these vulnerabilities by
convincing you to view a malicious web document.
For more technical information, see US-CERT Technical Alert TA08-193A.
References
* US-CERT Technical Cyber Security Alert TA08-193A -
<http://www.us-cert.gov/cas/techalerts/TA08-193A.html>
* What is Java Update? -
<http://www.java.com/en/download/help/5000020700.xml>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA08-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA08-193A Feedback VU#827003" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
July 11, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSHemb3IHljM+H4irAQJ5HwgAqWZcrPPp7RRgjuS7iosvv38U8cr6oS+N
vv8JQqaL5W4kpBmR9W1Vg8YkwV0nZBxj4tiVRR4FsnwVr+9s18FYs3OwVO1sH1/9
ju2F97c9cN8Sw6GythcfvxO6OYMMerf2+EJm/qh/3LzUspAAsADB76rolqjNiqd1
jKP587EBz1ToTyLkqwFPvfFvTO/S9fAS6Y95ySJSnzEV14HImWQYthx7UojSD7h7
jAoT9PX/8D1WOc9+gxGb4nsBHgU9ddgNrNGr62MbjIfLC0QWkCPGD9xBBY5b4P8P
TZqEWuDXkfHcr2WJw1AFy9s0QJKA9/PNxxyVw/DDkEhIObBueGaa0A==
=C+tr
-----END PGP SIGNATURE