-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nasty bug: http://www.securityfocus.com/bid/8879/info/
"A vulnerability has been identified in the Sun Java Virtual Machine packaged
with JRE and SDK. This issue results in the circumvention of the Java
Security Model, and can permit an attacker to execute arbitrary code on
vulnerable hosts."
Hushmail warns about this on their site - possible arbitrary code execution by
browsing hostile site with java enabled.
Upgrade to dev-java/sun-jdk-1.4.2.06 and clean - there is a downgrade exploit
as well.
I found it in bugzilla as well:
http://bugs.gentoo.org/show_bug.cgi?id=72172
So I guess a GLSA is pending.
Best regards,
- ---Venkat.
- ----------------------------------------------------------------------------
Venkat Manakkal Tel:+1-607-546-7300 Fax: +1-607-546-7387
venkat@rayservers.com http://www.rayservers.com/
rayservers@hushmail.com Computers. Installed Secure. Wholesale Prices.
PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc
- ----------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBp6kIWdkW/RJDBSIRAmLfAJ9YxDMojMawcV7gobzZ97wsjuqUCACfVUfn
OyZjkHIPQzIM3WR2qH3eeLM=
=6NmW
-----END PGP SIGNATURE-----
--
gentoo-security@gentoo.org mailing list
Hash: SHA1
Nasty bug: http://www.securityfocus.com/bid/8879/info/
"A vulnerability has been identified in the Sun Java Virtual Machine packaged
with JRE and SDK. This issue results in the circumvention of the Java
Security Model, and can permit an attacker to execute arbitrary code on
vulnerable hosts."
Hushmail warns about this on their site - possible arbitrary code execution by
browsing hostile site with java enabled.
Upgrade to dev-java/sun-jdk-1.4.2.06 and clean - there is a downgrade exploit
as well.
I found it in bugzilla as well:
http://bugs.gentoo.org/show_bug.cgi?id=72172
So I guess a GLSA is pending.
Best regards,
- ---Venkat.
- ----------------------------------------------------------------------------
Venkat Manakkal Tel:+1-607-546-7300 Fax: +1-607-546-7387
venkat@rayservers.com http://www.rayservers.com/
rayservers@hushmail.com Computers. Installed Secure. Wholesale Prices.
PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc
- ----------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBp6kIWdkW/RJDBSIRAmLfAJ9YxDMojMawcV7gobzZ97wsjuqUCACfVUfn
OyZjkHIPQzIM3WR2qH3eeLM=
=6NmW
-----END PGP SIGNATURE-----
--
gentoo-security@gentoo.org mailing list