-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-10-20-1 Java for Mac OS X 10.6 Update 3
Java for Mac OS X 10.6 Update 3 is now available and addresses the following: Java CVE-ID: CVE-2009-3555, CVE-2010-1321 Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: Multiple vulnerabilities in Java 1.6.0_20 Description: Multiple vulnerabilities exist in Java 1.6.0_20, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_22. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html Java CVE-ID: CVE-2010-1826 Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: A local user may be able to execute arbitrary code with the privileges of another user who runs a Java application Description: A command injection issue exists in updateSharingD's handling of Mach RPC messages. A local user may be able to execute arbitrary code with the privileges of another user who runs a Java application. This issue is addressed by implementing a per-user Java shared archive. This issue only affects the Mac OS X implementation of Java. Credit to Dino Dai Zovi for reporting this issue. Java CVE-ID: CVE-2010-1827 Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4 Impact: Visiting a web page containing a maliciously crafted Java applet tag may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user Description: A memory corruption issue exists in Java's handling of applet window bounds. Visiting a web page containing a maliciously crafted Java applet tag may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user. This issue is addressed through improved validation of window bounds. This issue only affects the Mac OS X implementation of Java. Java for Mac OS X 10.6 Update 3 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: JavaForMacOSX10.6Update3.dmg Its SHA-1 digest is: f671f0443959fe7388dad23044bcc51bf1bf5eae Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJMv1P9AAoJEGnF2JsdZQee4VAH/302c+B+77tTRtit7LlYpbHg ZalRS2TxR6Bg6+91gtWqdKidoaEdT96w5U0ITp9FMHZ5J/qR4mFrcrzLAbrUOyYJ DgG5bHD/dEwb0yWySxbeIZ+2bZV7gvPF6g0LVG6oZ106+lpv7TRt9ENyWnQ6C8Yc nCd3E+PdMXZNqSZolyIXLO9D2kFxxW6zj6F8GHMtZkDB6yO75/NyKyOalapEWkZ9 B+PH3X7bJEm3i9AiWqH8nIiNr50ebmqcw1K4dkhFkNxUGH8wzYuoi6eUtUsY7PIS W0nLAuBBvdC2doFb8aNLzT/zzbb/XSuats1zTtl1LCqrOJH7dvXF1zAX7Jbq9xU= =Qctw -----END PGP SIGNATURE----- _______________________________________________ Medianews mailing list Medianews@etskywarn.net http://lists.etskywarn.net/mailman/listinfo/medianews
