[VIM] [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)
rkeith at securityfocus.com
rkeith at securityfocus.com
Wed Jul 4 16:46:46 UTC 2007
US-CERT seems to think Sun: 102934 relates to the CESA-2006-004 article.
The Sun advisory however only credits Chris Evans, but includes no
definitive link to the article. I am inclined to agree that it is
a duplicate.
http://www.kb.cert.org/vuls/id/138545 References:
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/jcp.html#update
# http://scary.beasts.org/security/CESA-2006-004.html
http://java.sun.com/j2se/1.4.2/download.html
http://java.com/en/download/help/testvm.xml
http://www.cert.org/tech_tips/securing_browser/
http://www.color.org/
--
Rob Keith
Symantec
----- Forwarded message from "George A. Theall" <theall at tenablesecurity.com> -----
From: "George A. Theall" <theall at tenablesecurity.com>
Subject: [VIM] Sun JDK Confusion
To: Vulnerability Information Managers <vim at attrition.org>
Reply-To: Vulnerability Information Managers <vim at attrition.org>
Date: Tue, 03 Jul 2007 07:17:21 -0400
User-Agent: Thunderbird 2.0.0.4 (X11/20070604)
Message-ID: <468A3041.5000008 at tenablesecurity.com>
Last May, there was an advisory published by Chris Evans about image
parsing library vulnerabilities in Sun's JDK:
http://scary.beasts.org/security/CESA-2006-004.html
This seems to have resulted in Bugtraq 24267 / CVE-2007-3004 duplicating
Bugtraq 24004 / CVE-2007-2788 and CVE-2007-2789. Steve, any ideas?
George
--
theall at tenablesecurity.com
----- End forwarded message -----
--
Dave McKinney
Symantec
keyID: E461AE4E
key fingerprint = F1FC 9073 09FA F0C7 500D D7EB E985 FAF3 E461 AE4E
More information about the VIM
mailing list