SillyDog701

Message Centre 3.0

Skip to content

Sun JRE 1.4.2_06 Released - fixes a vuln in sandbox model

For all tech/computer related or even internet related discussions not covered in other sections. Also iPad, iPhone, iPod and multimedia discussions.

Moderators: profman, Josh, Don_HH2K

Post a reply

Sun JRE 1.4.2_06 Released - fixes a vuln in sandbox model

Postby J-M » Tue 23 Nov, 2004 6:24 pm

Sun has just released JRE (Java Runtime Environment) 1.4.2_06 revision on Tuesday 23rd November.
The following security advisories has been published:
http://secunia.com/advisories/13271/
http://www.kb.cert.org/vuls/id/760344

An original advisory can be read at
http://sunsolve.sun.com/search/document ... 26-57591-1

Download link to a new package is http://java.sun.com/j2se/1.4.2/download.html
Select Download J2SE JRE at section J2SE v 1.4.2_06 JRE (includes the JVM technology).


Installed version can be checked for example by gemal.dk's BrowserSpy test page;
http://gemal.dk/browserspy/java.html

I just updated my JVM and it works fine with Suite 1.7.3 and Firefox 1.0 in Windows XP Professional. It is recommended to close your browser before the installation process, and reboot is recommended after this as well.

- Juha-Matti
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.5) Gecko/20041108 Firefox/1.0
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby J-M » Tue 23 Nov, 2004 6:38 pm

Supported browsers ('Browser Registration') must be selected during the setup process:

Browser Registration dialog box:
Select the browsers you want to register with Java(TM) Plug-in.

[x] Microsoft Internet Explorer
[x] Netscape 6 or later
[x] Mozilla 1.1 or later

By default, all three browsers mentioned are selected. Mozilla 1.1 includes Firefox, of course.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.5) Gecko/20041108 Firefox/1.0
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby Mandrake » Tue 23 Nov, 2004 6:44 pm

Why not use 1.5? It was never effected by this issue and has been out for a while now.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Core i7 920 | ASUS P6T Deluxe v2 | 3TB+ HDD | 12GB Corsair DDR3 | Radeon 4890 Xfire | X-Fi Titanium Fatal1ty | Logitech Z-5500 Speakers | Dell 3008WFP | Seven RC1
User avatar
Mandrake
Moderator
Moderator
 
Posts: 4193
Joined: Fri 13 Sep, 2002 6:35 am
Top

Postby Antony » Tue 23 Nov, 2004 7:55 pm

Mandrake wrote:Why not use 1.5? It was never effected by this issue and has been out for a while now.
Are you so sure?
So the new vulnerability is due to the new feature added in 1.6?
UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.5.5 (KHTML, like Gecko) Safari/125.11
User avatar
Antony
diamond member
diamond member
 
Posts: 14510
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Postby Mandrake » Tue 23 Nov, 2004 8:39 pm

Eh? This thread talks about version 1.4.2_06 being released, I'm saying that the latest version, 1.5, has been out for a while now.

Image
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Core i7 920 | ASUS P6T Deluxe v2 | 3TB+ HDD | 12GB Corsair DDR3 | Radeon 4890 Xfire | X-Fi Titanium Fatal1ty | Logitech Z-5500 Speakers | Dell 3008WFP | Seven RC1
User avatar
Mandrake
Moderator
Moderator
 
Posts: 4193
Joined: Fri 13 Sep, 2002 6:35 am
Top

Postby Edward » Tue 23 Nov, 2004 9:06 pm

I updated the Java VM on my PC last night, the version that downloaded was 1.4.2_05.
UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i586) Opera 7.54 [en]
SillyDog701 Moderator
debian 6 - iceape - iceweasel - icedove - seamonkey
User avatar
Edward
Moderator
Moderator
 
Posts: 3584
Joined: Sun 01 Dec, 2002 7:15 pm
Top

Postby Fulvio » Tue 23 Nov, 2004 11:46 pm

Mandrake means 1.5.0, which I got, as well. Is it more secure? May be there is no Sandbox!
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041108 Firefox/1.0
A minority may be right, and a majority is always wrong
~ Henrik Ibsen
WinXP, SP3, 512 MB, SM2.9.1, FF12, TB12.0.1, IE8.0, Google Chrome18, Ghostwall , Avast 7.x, JRE1.7_04. Testing FF13b4
User avatar
Fulvio
Moderator
Moderator
 
Posts: 11916
Joined: Wed 19 Jun, 2002 10:08 am
Top

Postby Edward » Wed 24 Nov, 2004 6:53 pm

I just downloaded 1.5.0 now and will install it.
UserAgent: Opera/7.60 (Windows NT 5.1; U; en)
SillyDog701 Moderator
debian 6 - iceape - iceweasel - icedove - seamonkey
User avatar
Edward
Moderator
Moderator
 
Posts: 3584
Joined: Sun 01 Dec, 2002 7:15 pm
Top

Postby Andrew T. » Sun 28 Nov, 2004 2:29 pm

Although Sun Microsystems only officially supports running version 1.4.2 of the Java Runtime Environment on Windows 98, ME, NT 4.0 SP6a, 2000, XP, and Server 2003, I decided to download and install the v. 1.4.2_06 JRE on my Windows 95 OSR2 system nevertheless just to see what would happen. Surprisingly, it seems to run fine!

JRE 1.4.x compatibility on Win95 may be system-specific and dependent on the presence of library updates, however; Sun hasn't officially supported this OS version since JRE v. 1.4.0, and directs the few remaining Windows 95 users to use v. 1.3.1 instead.

Image
UserAgent: Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
User avatar
Andrew T.
diamond member
diamond member
 
Posts: 1228
Joined: Fri 14 Mar, 2003 11:37 pm
Location: Somewhere beyond the sea
Top

Postby Edward » Sun 28 Nov, 2004 3:37 pm

1.5.0 under Windows XP has run fine, no problems to report.
UserAgent: Opera/7.54 (X11; Linux i586; U) [en]
SillyDog701 Moderator
debian 6 - iceape - iceweasel - icedove - seamonkey
User avatar
Edward
Moderator
Moderator
 
Posts: 3584
Joined: Sun 01 Dec, 2002 7:15 pm
Top

Postby J-M » Mon 29 Nov, 2004 3:36 pm

[Edit by profman. Deleted duplicate post. 11/29/04]
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.5) Gecko/20041108 Firefox/1.0
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top

Postby J-M » Mon 29 Nov, 2004 3:38 pm

New information published recently:
A previous installation, for example 1.4.2_03 should be uninstalled before installing version 1.4.2_06, or 1.5.0.

A new advisory published by SecurityFocus today:
http://www.securityfocus.com/bid/11757/solution/

From SF's site:
Workaround:
When upgrading a Java installation on a host computer, all previous versions should be uninstalled to prevent them being accessed to run a malicious applet that may exploit latent vulnerabilities that may exist in those other previous versions.


This is not solution to this issue, only a workaround. If you have updated the new JRE without uninstalling previous version first, you should uninstall your recent JRE installation, and then install it again.
Is it time to disable Java from Preferences is another question in this context.
Related versions available at http://www.securityfocus.com/bid/11757/info/ .
Windows and Linux platforms are vulnerable.

[Edit by profman: deleted duplicate post. 11/29/04]
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.5) Gecko/20041108 Firefox/1.0
User avatar
J-M
diamond member
diamond member
 
Posts: 815
Joined: Sun 25 Jul, 2004 9:16 am
Location: Helsinki, Finland
Top
Post a reply

Return to General Computing and Tech

Who is online

Registered users: Google [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac