Home / mailingsPDF  

APPLE-SA-2008-09-24 Java for Mac OS X 10.4, Release 7

Posted on 24 September 2008
Apple Security-announce

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-09-24 Java for Mac OS X 10.4, Release 7

Java for Mac OS X 10.4, Release 7 is now available and addresses the
following issues:

Java
CVE-ID: CVE-2008-3637
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An error checking issue leading to the use of an
uninitialized variable exists in the Hash-based Message
Authentication Code (HMAC) provider used for generating MD5 and SHA-1
hashes. Visiting a website containing a maliciously crafted Java
applet may lead to arbitrary code execution. This update addresses
the issue through improved error handling. This is an Apple-specific
issue. Credit to Radim Marek for reporting this issue.

Java
CVE-ID: CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188,
CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192,
CVE-2008-1195, CVE-2008-1196, CVE-2008-3104, CVE-2008-3107,
CVE-2008-3108, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113,
CVE-2008-3114
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in Java 1.4.2_16
Description: Multiple vulnerabilities exist in Java 1.4.2_16, the
most serious of which may allow untrusted Java applets to obtain
elevated privileges. Visiting a web page containing a maliciously
crafted Java applet may lead to arbitrary code execution. These
issues are addressed by updating Java 1.4 to version 1.4.2_18.
Further information is available via the Sun Java website at
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html

Java
CVE-ID: CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188,
CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192,
CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196,
CVE-2008-3103, CVE-2008-3104, CVE-2008-3107, CVE-2008-3111,
CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in Java 1.5.0_13
Description: Multiple vulnerabilities exist in Java 1.5.0_13, the
most serious of which may allow untrusted Java applets to obtain
elevated privileges. Visiting a web page containing a maliciously
crafted Java applet may lead to arbitrary code execution. These
issues are addressed by updating Java 1.5 to version 1.5.0_16.
Further information is available via the Sun Java website at
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Java for Mac OS X 10.4, Release 7 may be obtained from the Software
Update pane in System Preferences, or Apple's Software Downloads
web site: http://www.apple.com/support/downloads/

The download file is named: "JavaForMacOSX10.4Release7.dmg"
Its SHA-1 digest is: 67d17ba3e854101d890633f507b4c02e031b3a05

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

 

TOP