[wplug] java vulnerability question

Carl Benedict cbenedic at pittsburghtechs.com
Wed Dec 1 12:36:49 EST 2004


On Wed, 2004-12-01 at 12:18, John Harrold wrote:
> My boss sent the following to me yesterday and wondered how it affects us.
> 
> http://www.eweek.com/article2/0,1759,1731437,00.asp?kc=EWRSS03119TX1K000059
> 
> I must admit that there is so much stuff with java in the name (javascript,
> jdk, jre, etc.), that I'm not really sure how this affects us. I believe
> all of the machines have the gnu version of java installed (part of gcc).
> Te article above said the third party stuff is ok. I'm not really sure
> where to look to confirm this.

Well, this article says:

"The vulnerability affects JRE (Java Runtime Environment) Versions 1.4.2_05 
and prior, Versions 1.4.1 and 1.4.0, and Version 1.3.1_12 and prior, running
 on Windows, Solaris and Linux. JRE Versions 1.4.2_06 and 1.3.1_13 and later
 are unaffected..."

JRE == Java Run-time Environment (basic environment to interpret java .class files)
JDK == Java Developers Kit (JRE + tools to write and/or compile java .class files)
JavaScript == A Scripting language not related to Java (although this article 
states that this vunerability uses JavaScript to initiate the weakness)

The article recommends that you upgrade your JRE to v1.4.2_06 or greater.  

It doesn't sound like it effects anything outside of Suns Java plug-in/JRE/SDK, thus
the GNU java compiler should not be an issue.

HTH

-- 
Carl Benedict
Pittsburgh Techs
Main:  724-741-0233
http://www.pittsburghtechs.com
cbenedic at pittsburghtechs.com



More information about the wplug mailing list