Sun Java - Security Release for critical vulnerabilities (07 Feb-06)

[Randy Knobloch]

Thanks to, MVP, Robear Dyer, aka PA Bear for posting this elsewhere.
<quote>
Sun Java - Security Release for critical vulnerabilities (07 Feb-06)
http://www.dozleng.com/updates/index.php?&showtopic=8095
http://www.frsirt.com/english/advisories/2006/0467

<QP>
Note: It is recommended that affected versions be removed from your system.
For more information, please see the installation notes on the respective
java.sun.com download pages.
</QP>
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1
</quote>

Randy


--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.

 

[Guest]

Hello Randy,

//java.com/en/download/installed.jsp[/url]

downloaded the J2SE Runtime Environmente 5.0 Update 6

Now, where I can download any fix, the mentionaded URL said to me, I'm OK
updated.

Thank you

Eиgel

 

[Bill Sanderson]

Excellent post.

The issue of removing the older versions really doesn't get much help in
Sun's advisory.

For Windows, go down the list in add or remove programs, and look for Sun,
or Java, and remove all but the highest numbered version. They've used
different naming conventions over time, so they don't all come out together
in the listing.

And each of them is in excess of 100 megabytes of your disk space, so
particularly on old space-constrained machines, you'll get some welcome
breathing room.

 

[Bill Sanderson]

What you need to do now, is go through the list in add or remove programs,
and remove the older versions. They haven't always used the same naming
convention, so they are not all in a group, but all will mention Java with a
version number.

--

Hello Randy,

//java.com/en/download/installed.jsp[/url]

downloaded the J2SE Runtime Environmente 5.0 Update 6

Now, where I can download any fix, the mentionaded URL said to me, I'm OK
updated.

Thank you

E?gel

Thanks to, MVP, Robear Dyer, aka PA Bear for posting this elsewhere.
<quote>
Sun Java - Security Release for critical vulnerabilities (07 Feb-06)
http://www.dozleng.com/updates/index.php?&showtopic=8095
http://www.frsirt.com/english/advisories/2006/0467

<QP>
Note: It is recommended that affected versions be removed from your
system.
For more information, please see the installation notes on the respective
java.sun.com download pages.
</QP>
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1
</quote>

Randy


--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.

 

[Guest]

On December I deleted the olders versions.

That means i'm OK up to date?

Eиgel

 

[Randy Knobloch]

On December I deleted the olders versions.

That means i'm OK up to date?

Borrowing from a URL that you posted earlier, Engel...
(must accept cookies)
http://java.com/en/download/installed.jsp

Post back the findings URL.

Once done - assuming that you *may* need to update, proceed to this
URL; http://java.com/en/download/index.jsp

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.

 

[Guest]

Thank you Randy, thank you Bill.

Жж(¯`·._.·Eиçel·._.·´¯)жЖ

 

[Bill Sanderson]

That URL verifies whether the current default version is the latest version.

There's a very specific meaning to that "default" however.

Sun additionally recommends uninstalling the older versions--no tool that
they provide gives any information about whether any older versions are
remaining on your system.

As far as I know, the only way to determine this is to manually check the
list of programs in add or remove programs to see what older versions
remain. Each time you install an updated version, the previous version is
left in place.

Additionally, there may well be older versions installed with specific
applications--some Netscape versions, and some HP Jetadmin software include
such captive versions--I don't have clear information about whether these
constitute a vulnerability.


--

 

[Bill Sanderson]

You're welcome, E?çel!

--

Thank you Randy, thank you Bill.

??(¯`·._.·E?çel·._.·´¯)??

 

[Guest]

FYI Hi Bill,

This is the post, wich make me from your advice, tu update the Java.

Subject: Finding out what updates U got
12/2/2005 6:19 PM PST
By: JJ
In: microsoft.private.security.spyware.announcements

жЕиçеlж

 

[Bill Sanderson]

Thanks for the reminder--the real credit for raising awareness of this issue
goes to Steve Wechsler/Mow Green who has really stuck with this question of
whether leaving the old versions in place constitutes a vulnerability. I've
still not seen incontrovertable evidence that the older versions in place
are in fact being exploited in the wild, but given that Sun now agrees that
there is a vulnerability involved, I think it is quite possible. For the
overwhelming majority--particularly of home users, there's no downside to
removing the old versions. It is possible for a given java-based
application to require a specific version. I would hope that most such apps
have done what HP and Netscape have done, and placed their required versions
in their own "space" under \program files.
(And that thread also reminds me that there was some snow earlier this
winter in the middle of the east coast of the U.S. even though it has been
almost shirt-sleeve weather for some parts of January!)

--

 

[Jim Byrd]

Randy - FYI, to suppliment your post, these are from my "standard" Java
post:

You can test whether Java is working on your machine at the following sites:

http://www.pocoso.de/pocoso052.html
http://www.clan.lib.ri.us/clan/javatest.html (This one may be down)
http://www.fitwise.com/testjava.asp (both 1.0 and 1.1 and what's installed)
http://coglab.wadsworth.com/support/browsercheck.html
http://www.ces.clemson.edu/webct/browser_detect.html

and you can test Javascript here:
http://www.dancespots.net/browsertest.htm

 

[Randy Knobloch]

Randy - FYI, to suppliment your post, these are from my "standard" Java
post:

You can test whether Java is working on your machine at the following sites:

http://www.pocoso.de/pocoso052.html
http://www.clan.lib.ri.us/clan/javatest.html (This one may be down)
http://www.fitwise.com/testjava.asp (both 1.0 and 1.1 and what's installed)
http://coglab.wadsworth.com/support/browsercheck.html
http://www.ces.clemson.edu/webct/browser_detect.html

and you can test Javascript here:
http://www.dancespots.net/browsertest.htm

Hey Jim!
Thanks for the addendum and links, our posters will certainly find them useful.

Amen...for now~

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.

 

[Guest]

Hello Jim,

Good news, this one is Ñunning фк.
http://www.fitwise.com/testjava.asp (both 1.0 and 1.1 and what's installed)

Eиçel

 

[Guest]

Hi Jim,

CoÑÑection, you aÑe Ñight
http://www.clan.lib.ri.us/clan/javatest.html ; (This one may be down)

жЕиçеlж