
Bugs of trouble...
By Joris Evers
Published: 30 November 2005 09:00 GMT
Sun Microsystems has fixed five security bugs in Java that expose computers running Linux, Solaris and Windows to hacker attack.
The flaws are "highly critical", according to an advisory from Secunia posted on Tuesday. Vulnerabilities which get that ranking - one notch below "extremely critical", the security monitoring company's most severe rating - typically open the door to a remote intruder and to full compromise of the system.
All the flaws affect the Java Runtime Environment, or JRE, in computers loaded with Linux, Microsoft Windows or Sun's own Solaris operating system. This is the software many computer owners have on their system to run Java applications. The bugs could allow an intruder to use a Java application to inappropriately read and write files, or to run code on a victim's computer, Sun said in three separate security advisories released late on Monday.
The vulnerabilities also affect specific versions of the Sun Java Software Development Kit SDK and Java Development Kit (JDK), according to those advisories.
The French Security Incident Response Team, or FrSIRT, rated the issues "critical" in an alert posted on Tuesday.
There have been no reported cases of the flaws being exploited by hackers, Sun said in a statement.
Three of the bugs lie in application programming interface parts of the Java Runtime Environment (JRE). Another vulnerability lies in the Java Management Extensions implementation in the software. The fifth flaw is in an unspecified part of the JRE.
Sun is urging people to install updated software to protect their systems. It has released updates to address the issues, including JDK and JRE 5.0 Update 4, which was actually delivered on 23 June. A newer version, Update 5, was issued in September but Sun would not say if additional security problems were fixed in that release. The software can be downloaded from the Sun Java website.
Joris Evers writes for CNET News.com
The candidate will require a good understanding of the access capabilities including Terminal Emulation, Browser including Mobile Code, low-level Sun ...
Managing legacy moving to new kit - Thinking in structured/analytical manner - Server configuration - anything associated with messaging - Extract ...
Experience in Javascript (especially jQuery) and technologies such as Django, Debian, Fogbugz & Git would be an advantage.You should also be full of ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business