----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Sun Java JDK / JRE Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA37255

VERIFY ADVISORY:
http://secunia.com/advisories/37255/

DESCRIPTION:
Multiple vulnerabilities have been reported in Sun Java, where some
have an unknown impact and others can be exploited by malicious
people to manipulate certain data, disclose potentially sensitive
information, cause a DoS (Denial of Service), or compromise a
vulnerable system.

1) An error in the implementation of the "HeadspaceSoundbank" class
can be exploited to cause a stack-based buffer overflow via a crafted
Soundbank file with an overly long name.

2) An error in the implementation of the "HeadspaceSoundbank" class
can be exploited to cause a heap-based buffer overflow via a crafted
Soundbank file with an overly long record.

3) An input validation error in the processing of image files can be
exploited to cause a heap-based buffer overflow, e.g. if a user
visits a web page containing a specially crafted java applet.

Successful exploitation of these vulnerabilities allows execution of
arbitrary code.

4) Unspecified vulnerabilities exist in the ImageIO, Java 2D, Java
Runtime Environment, Java Web Start, Java Plug-in, Pack200, Sound,
and HotSpot Server components.

5) An error in the JSSE component while handling TLS session
re-negotiations can be exploited to manipulate certain data.

For more information:
SA37291

5) An unspecified error in the Java Web Start, Java Plug-in component
can be exploited to manipulate certain data or cause a DoS.

6) Two unspecified errors in the Java Runtime Environment can be
exploited to disclose unspecified information.

7) An unspecified error in the Java Web Start, Java Plug-in component
can be exploited to cause a DoS.

SOLUTION:
Update to a fixed version.

JDK and JRE 6 Update 19:
http://java.sun.com/javase/downloads/index.jsp

JDK 5.0 Update 24 for Solaris (for Solaris Component Use Only):
http://sunsolve.sun.com/search/document.do?assetkey=1-61-255468-1

SDK 1.4.2_26 for Solaris (for Solaris Component Use Only):
http://sunsolve.sun.com/search/document.do?assetkey=1-61-255468-1

PROVIDED AND/OR DISCOVERED BY:
1, 2) Dyon Balding, Secunia Research.
3) regenrecht, reported via iDefense.

The vendor also credits:
* Steve Dispensa , PhoneFactor
* Stephen Fewer, iDefense
* Brian Graversen, Signaturgruppen
* Sami Koivu, TippingPoint's Zero Day Initiative
* Alexandre Pelletier and Sebastian Renaud of Vupen Security
* Marsh Ray, PhoneFactor
* Regenrecht, iDefense
* Regenrecht, TippingPoint's Zero Day Initiative#
* Marc Schoenefeld, Red Hat
* Peter Vreugendhil, TippingPoint's Zero Day Initiative

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2009-49/
http://secunia.com/secunia_research/2009-50/

Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=865

OTHER REFERENCES:
SA37291:
http://secunia.com/advisories/37291/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------