-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2009-06-15-1 Java for Mac OS X 10.5 Update 4
Java for Mac OS X 10.5 Update 4 is now available and addresses the following: Java CVE-ID: CVE-2009-1106, CVE-2009-1107, CVE-2008-5352, CVE-2008-5356, CVE-2008-5353, CVE-2008-5354, CVE-2008-5357, CVE-2008-5339, CVE-2009-1104, CVE-2008-5360, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2009-1103, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2009-1100, CVE-2009-1100, CVE-2009-1101, CVE-2009-1099, CVE-2009-1098, CVE-2009-1097, CVE-2009-1097, CVE-2009-1095, CVE-2009-1096, CVE-2009-1094, CVE-2009-1093, CVE-2008-5341, CVE-2008-5339 Available for: Mac OS X v10.5.7 and later, Mac OS X Server v10.5.7 and later Impact: Multiple vulnerabilities in Java 1.6.0_07 Description: Multiple vulnerabilities exist in Java 1.6.0_07, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.6 to version 1.6.0_13. Further information is available via the Sun Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html Java CVE-ID: CVE-2009-1107, CVE-2008-5352, CVE-2008-5356, CVE-2008-5353, CVE-2008-5354, CVE-2008-5357, CVE-2008-5359, CVE-2009-1104, CVE-2008-5360, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2009-1103, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5348, CVE-2009-1101, CVE-2009-1100, CVE-2009-1100, CVE-2009-1099, CVE-2009-1098, CVE-2009-1095, CVE-2009-1096, CVE-2009-1094, CVE-2009-1093, CVE-2008-5341, CVE-2008-5339 Available for: Mac OS X v10.5.7 and later, Mac OS X Server v10.5.7 and later Impact: Multiple vulnerabilities in Java 1.5.0_16 Description: Multiple vulnerabilities exist in Java 1.5.0_16, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.5 to version 1.5.0_19. Further information is available via the Sun Java website at http://java.sun.com/j2se/1.5.0/ReleaseNotes.html Java CVE-ID: CVE-2008-5342, CVE-2008-5356, CVE-2008-5353, CVE-2008-5354, CVE-2008-5357, CVE-2008-5340, CVE-2008-5339, CVE-2009-1104, CVE-2008-5360, CVE-2008-5344, CVE-2008-5345, CVE-2008-2086, CVE-2008-5346, CVE-2009-1103, CVE-2008-5351, CVE-2008-5348, CVE-2009-1100, CVE-2009-1098, CVE-2009-1095, CVE-2009-1096, CVE-2009-1094, CVE-2009-1093, CVE-2008-5343, CVE-2008-5339, CVE-2008-5350 Available for: Mac OS X v10.5.7 and later, Mac OS X Server v10.5.7 and later Impact: Multiple vulnerabilities in Java 1.4.2_18 Description: Multiple vulnerabilities exist in Java 1.4.2_18, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.4 to version 1.4.2_21. Further information is available via the Sun Java website at http://java.sun.com/j2se/1.4.2/ReleaseNotes.html Java CVE-ID: CVE-2009-1719 Available for: Mac OS X v10.5.7 and later, Mac OS X Server v10.5.7 and later Impact: Untrusted Java applets may obtain elevated privileges Description: Multiple vulnerabilities in the "Aqua Look and Feel for Java" implementation may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with elevated privileges. This update addresses the issues by denying access to internal details of Aqua Look and Feel for untrusted Java applets. This issue only affects Java 1.5 on Mac OS X v10.5 systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue. Java for Mac OS X 10.5 Update 4 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: JavaForMacOSX10.5Update4.dmg Its SHA-1 digest is: 1e873214b23561e49dce37c163abf87d53f968f6 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJKNopiAAoJEHkodeiKZIkBqwUIAMPlUmmtipj/7OQGfe6JSgrT vQbq958KShezy7IXEKjyxh4YbDFnC1e7e+IhwOmJqcOM95z9iAtUJnW24r0Q6QUK JrzSVX9UCEVYksXcE7zEo1R19F6rGP1Tlmnengm4rrJTCo1UatSLRbW//6lkou5a 18rjcmPELrlpOyDTdNabcCr3RMHVR7hsOiKriDehtOKlgkRw9hQ2uDfL2wgHfE3D hoPNw0iaxjt5C+oyHPbU28d/pV+QLbNG42+3IMZMXqzAK5/vtXRLHtCnxAdXppVi oPee4DWFbWAZp3Ec9mzgnx0a2Ke8JWSWoMtTPrYq0EKuxeknvFD10i/iyw663T4= =Qb9W -----END PGP SIGNATURE----- *********************************** * POST TO MEDIANEWS@ETSKYWARN.NET * *********************************** Medianews mailing list Medianews@etskywarn.net http://lists.etskywarn.net/mailman/listinfo/medianews
