On November 3, 2009, Sun will release the following security updates:

• JDK and JRE 6 Update 17
• JDK and JRE 5.0 Update 22
• SDK and JRE 1.4.2_24
• SDK and JRE 1.3.1_27

The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

• 269868
• 269869
• 269870
• 270474
• 270475
• 270476

tags: java security

Permalink | Comments [1]

A security vulnerability in Solaris Trusted Extensions may result in a condition that prevents XScreenSaver (xscreensaver(1)) from running. The screen may not lock if a user chooses to lock the screen from the JDS menu or if the screen is left unattended. This condition occurs when trying to restart XScreenSaver using "xscreensaver-demo".

Permalink |

A security vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with webservices component of Sun GlassFish Enterprise Server may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this issue.

This issue is also described in the following documents:

CERT VU#466161 at:

• http://www.kb.cert.org/vuls/id/466161

CVE-2009-0217 at:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217

Sun acknowledges, with thanks, Thomas Roessler from the W3C for bringing this issue to our attention.

Permalink |

A security weakness in Solaris Trusted Extensions Policy configuration
may allow a remote unprivileged user who has authorized or unauthorized
access to the X server, to leverage an additional vulnerability which could
lead to arbitrary code execution as a local privileged or unprivileged user.

Permalink |

Multiple integer overflow vulnerabilities in the FreeType 2 Font Library
(libfreetype) may affect applications that make use of this library. Depending
on the application, this vulnerability may allow a local or remote unprivileged
user to crash the application through a specially crafted font file, resulting in
a Denial of service(DOS) or to execute arbitrary code with the privileges of
the user running that application.

These issues are also described in the following document CVE-2009-0946 at :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946



Permalink |

Multiple security vulnerabilities in Adobe Reader versions 9.x before 9.1.4, 8.x before 8.1.7 and 7.x before 7.1.4 may allow remote unprivileged users to execute arbitrary code or crash the Adobe Reader application, thereby causing a Denial of Service (DoS) condition. These vulnerabilities may be exploited via specially crafted PDF files.

The following resources document these issues in more detail:

Permalink |

A regression introduced in the Solaris 10 XScreenSaver(see xscreensaver(1))
patches 120094-27 for the SPARC platform and 120095-27 for the x86 platform
may allow pop-up windows to appear through XScreenSaver when the accessibility
feature is turned on.

Permalink |

A security vulnerability in the ZFS file system in OpenSolaris and Solaris 10 systems with patches 137137-09 (SPARC) or 137138-09 (x86) installed may allow a local unprivileged user with the 'file_chown_self' privilege to take ownership of files belonging to another user.

Permalink |

Certain Sun products (including some bundled third party products) may be vulnerable to an RSA(1) Signature Verification vulnerability that allows unauthorized forged certificates to be validated. This may result in a number of different types of remote exploits.

The specific impact will vary from product to product. Please see the "Contributing Factors" section for further details.

More details of the issue are available from CERT Vulnerability VU#845620 at http://www.kb.cert.org/vuls/id/845620 which is also mentioned at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Permalink |

Permalink | Comments [0]

Multiple security vulnerabilities in the JBIG2 decoding feature in the Poppler PDF Rendering Library (libpoppler) may allow a local or remote unprivileged user to cause the OpenSolaris GNOME PDF Viewer (Evince) to crash and potentially execute arbitrary code with the privileges of the user running the application, when the user has loaded a specially crafted PDF file.

These issues are also referenced in the following documents:

CVE-2009-0165 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
CVE-2009-0146 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
CVE-2009-0147 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
CVE-2009-0166 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
CVE-2009-1187 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1187
CVE-2009-1188 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188

Sun acknowledges with thanks, Braden Thomas and Drew Yao of Apple Product Security for bringing the issues described in CVE-2009-0165, CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166 to our attention.

Permalink |

Multiple security vulnerabilities with varying impacts affect Firefox (see firefox(1)) versions prior to 3.5.3 as shipped with OpenSolaris. These vulnerabilities may allow an unprivileged remote user to crash the Firefox application or possibly execute arbitrary code on the system where Firefox is being run, resulting in a Denial of service (DoS). Further vulnerabilities may allow a remote user to mislead a Firefox user into incorrectly trusting a site by providing a URL in the location bar which may appear to be another URL, or to compromise the cryptography features that are active within the browser application.

The following Mozilla advisories describe the vulnerabilities:

The following are the CVE identifiers that pertain to these security issues:

Permalink |

A heap overflow vulnerability in Network Security Services (NSS) may allow a remote SSL server to cause a Denial of Service (DoS) to SSL client applications or to possibly execute arbitrary code with the privileges of the SSL client application, via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the "cert_TestHostName" function.

Firefox, Thunderbird, Pidgin and Evolution are examples of vulnerable SSL client applications.

This issue is also described in the following document:

    CVE-2009-2404 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404

Permalink |

A heap-based buffer overflow vulnerability in the MSN protocol handler of libpurple(3), the shared library that adds support for various instant messaging networks to the pidgin(1) Instant Messaging client (previously known as Gaim), may allow remote unprivileged users to execute arbitrary code or cause a Denial of Service (DoS) through an application crash.

Additional information on this issue can be found in the following document:

    CVE-2009-2694 at:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2694
Permalink |

Security vulnerabilities in thunderbird(1) related to handling of SSL server certificates
may allow remote SSL servers with crafted server certificates to compromise an encrypted
communication or cause arbitrary code execution with the privileges of a Thunderbird user.

The following Mozilla advisories describe the vulnerabilities:
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html

http://www.mozilla.org/security/announce/2009/mfsa2009-43.html

Additional references:

CVE-2009-2404 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404

CVE-2009-2408 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408

Permalink |