« Sun Alert 243786... | Main | Sun Alert 240365... »
03 Dec 2008 Sun Alert 244989 The Java Runtime Environment (JRE) "Java Update" Mechanism Does Not Check the Digital Signature of the JRE that it Downloads
posted by security in Alerts
Product: Java Platform, Standard Edition (Java SE)

The Java Runtime Environment (JRE) "Java Update" mechanism does not check the digital signature of the JRE that it downloads. This may allow a malicious file to be downloaded and installed if the DNS information that the JRE uses when checking for updates is compromised.

Sun acknowledges with thanks, Francisco Amato for bringing this issue to our attention.

State: Resolved
First released: 03-Dec-2008
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 243786... | Main | Sun Alert 240365... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« December 2009
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.