[Micronet] Java Update

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Java Update

John Ives
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Everyone,

On Tuesday, Oracle released its latest updates for Java (Java 6 Update
24). That update included fixes for 21 issues, including 19 that could
be used by attackers to remotely install software on a system. Over the
past several months, System and Network Security, has seen an increasing
number of systems exploited as a result of out-of-date Java
installations. As a result, I would like to urge everyone to test and
deploy this patch as soon as possible.

Information on the updates and the issues it  can be found at
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html.

Yours,

John Ives

- --
- -------------------------------------------------------------------------
John Ives
System & Network Security    Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNXirjAAoJEJkidK6qbywsNPAIAMP1ZcWQFElQ0p9cEWDWoVqL
4IkFUyxFgyVNJjWg4IAUYPhuv3FLuckzsKyCXIo8K4tEVf0xJ2wtOTnhN978EQqe
d5KI8gOmohl6JWHDFcuze5tD7CBEb17OuanfVa92n1t7nfiCJRl9sf2G4Ug0TN75
nr+cQ5il9KkIHvg284e/VwnGu7c4Ln3jOk0wQm6XuzDf7NIORSi3zqKnu2HI2GDx
+rjU4g6Y5PbkgOOlzbH+9YZbOPs0myMGxTxpHgt5J6XvmQihrlogP45oxcdocal0
jTmBM/lvBwXHn15Jq6faDybIoa/Ngpzdn3GT3p9R3FEltg6/nNzJdiqNBMIBxPg=
=QhBZ
-----END PGP SIGNATURE-----

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java Update

Jonathan Loran

What are OSX users to do about this?  There's no sign at all of an OSX Java patch to address these vulnerabilities.  Traditionally Apple has re-bundled Java, and many other open source packages, to suit Darwin, but they tend to be quite behind.  The Java vulnerabilities are quite serious and being exploited in the wild, and OSX is not immune, so my (probably false) sense of security using my Mac is rapidly evaporating.  I know Apple is now tasking Oracle to support Java on OSX more directly, but still, we need to apply pressure on Apple to get a fix delivered through software update ASAP. 

Jon

On Feb 18, 2011, at 12:16 AM, John Ives wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Everyone,

On Tuesday, Oracle released its latest updates for Java (Java 6 Update
24). That update included fixes for 21 issues, including 19 that could
be used by attackers to remotely install software on a system. Over the
past several months, System and Network Security, has seen an increasing
number of systems exploited as a result of out-of-date Java
installations. As a result, I would like to urge everyone to test and
deploy this patch as soon as possible.

Information on the updates and the issues it  can be found at
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html.

Yours,

John Ives

- --
- -------------------------------------------------------------------------
John Ives
System & Network Security    Phone (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNXirjAAoJEJkidK6qbywsNPAIAMP1ZcWQFElQ0p9cEWDWoVqL
4IkFUyxFgyVNJjWg4IAUYPhuv3FLuckzsKyCXIo8K4tEVf0xJ2wtOTnhN978EQqe
d5KI8gOmohl6JWHDFcuze5tD7CBEb17OuanfVa92n1t7nfiCJRl9sf2G4Ug0TN75
nr+cQ5il9KkIHvg284e/VwnGu7c4Ln3jOk0wQm6XuzDf7NIORSi3zqKnu2HI2GDx
+rjU4g6Y5PbkgOOlzbH+9YZbOPs0myMGxTxpHgt5J6XvmQihrlogP45oxcdocal0
jTmBM/lvBwXHn15Jq6faDybIoa/Ngpzdn3GT3p9R3FEltg6/nNzJdiqNBMIBxPg=
=QhBZ
-----END PGP SIGNATURE-----


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



-     _____/     _____/      /           - Jonathan Loran -           -
-    /          /           /                IT Officer               -
-  _____  /   _____  /     /     Space Sciences Laboratory, UC Berkeley
-        /          /     /      (510) 643-5146 [hidden email]
- ______/    ______/    ______/           AST:7731^29u18e3
                                 





 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java Update

Jonathan Felder
Your best bet until apple issues a fix is to disable java in the browser.

On 2/21/2011 11:57 PM, Jonathan Loran wrote:

>
> What are OSX users to do about this? There's no sign at all of an OSX
> Java patch to address these vulnerabilities. Traditionally Apple has
> re-bundled Java, and many other open source packages, to suit Darwin,
> but they tend to be quite behind. The Java vulnerabilities are quite
> serious and being exploited in the wild, and OSX is not immune, so my
> (probably false) sense of security using my Mac is rapidly evaporating.
> I know Apple is now tasking Oracle to support Java on OSX more directly,
> but still, we need to apply pressure on Apple to get a fix delivered
> through software update ASAP.
>
> Jon
>
> On Feb 18, 2011, at 12:16 AM, John Ives wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Everyone,
>>
>> On Tuesday, Oracle released its latest updates for Java (Java 6 Update
>> 24). That update included fixes for 21 issues, including 19 that could
>> be used by attackers to remotely install software on a system. Over the
>> past several months, System and Network Security, has seen an increasing
>> number of systems exploited as a result of out-of-date Java
>> installations. As a result, I would like to urge everyone to test and
>> deploy this patch as soon as possible.
>>
>> Information on the updates and the issues it can be found at
>> http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html.
>>
>> Yours,
>>
>> John Ives
>>
>> - --
>> -
>> -------------------------------------------------------------------------
>> John Ives
>> System & Network SecurityPhone (510) 229-8676
>> University of California, Berkeley
>> -
>> -------------------------------------------------------------------------
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iQEcBAEBAgAGBQJNXirjAAoJEJkidK6qbywsNPAIAMP1ZcWQFElQ0p9cEWDWoVqL
>> 4IkFUyxFgyVNJjWg4IAUYPhuv3FLuckzsKyCXIo8K4tEVf0xJ2wtOTnhN978EQqe
>> d5KI8gOmohl6JWHDFcuze5tD7CBEb17OuanfVa92n1t7nfiCJRl9sf2G4Ug0TN75
>> nr+cQ5il9KkIHvg284e/VwnGu7c4Ln3jOk0wQm6XuzDf7NIORSi3zqKnu2HI2GDx
>> +rjU4g6Y5PbkgOOlzbH+9YZbOPs0myMGxTxpHgt5J6XvmQihrlogP45oxcdocal0
>> jTmBM/lvBwXHn15Jq6faDybIoa/Ngpzdn3GT3p9R3FEltg6/nNzJdiqNBMIBxPg=
>> =QhBZ
>> -----END PGP SIGNATURE-----
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or
>> unsubscribe from its mailing list and how to find out about upcoming
>> meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable,
>> and the list's archives can be browsed and searched on the Internet.
>> This means these messages can be viewed by (among others) your bosses,
>> prospective employers, and people who have known you in the past.
>
>
>
> - _____/ _____/ / - Jonathan Loran - -
> - / / / IT Officer -
> - _____ / _____ / / Space Sciences Laboratory, UC Berkeley
> - / / / (510) 643-5146 [hidden email]
> <mailto:[hidden email]>
> - ______/ ______/ ______/ AST:7731^29u18e3
>
>
>
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java Update

Greg Paschall
In reply to this post by Jonathan Loran
Jon,

I wouldn't worry for long. Apple posted to the Apple Developer site on 2/16:
Java for Mac OS X 10.6 Update 4 Developer Preview (10M3321)
Java for Mac OS X 10.5 Update 9 Developer Preview (9M3321)

Both "delivers improved reliability, security, and compatibility by
updating Java SE 6 to 1.6.0_24."

Greg

Jonathan Loran wrote, on 2/21/11 11:57 PM:

>
> What are OSX users to do about this? There's no sign at all of an OSX
> Java patch to address these vulnerabilities. Traditionally Apple has
> re-bundled Java, and many other open source packages, to suit Darwin,
> but they tend to be quite behind. The Java vulnerabilities are quite
> serious and being exploited in the wild, and OSX is not immune, so my
> (probably false) sense of security using my Mac is rapidly evaporating.
> I know Apple is now tasking Oracle to support Java on OSX more directly,
> but still, we need to apply pressure on Apple to get a fix delivered
> through software update ASAP.
>
> Jon
>
> On Feb 18, 2011, at 12:16 AM, John Ives wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Everyone,
>>
>> On Tuesday, Oracle released its latest updates for Java (Java 6 Update
>> 24). That update included fixes for 21 issues, including 19 that could
>> be used by attackers to remotely install software on a system. Over the
>> past several months, System and Network Security, has seen an increasing
>> number of systems exploited as a result of out-of-date Java
>> installations. As a result, I would like to urge everyone to test and
>> deploy this patch as soon as possible.
>>
>> Information on the updates and the issues it can be found at
>> http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html.
>>
>> Yours,
>>
>> John Ives
>>
>> - --
>> -
>> -------------------------------------------------------------------------
>> John Ives
>> System & Network SecurityPhone (510) 229-8676
>> University of California, Berkeley
>> -
>> -------------------------------------------------------------------------
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iQEcBAEBAgAGBQJNXirjAAoJEJkidK6qbywsNPAIAMP1ZcWQFElQ0p9cEWDWoVqL
>> 4IkFUyxFgyVNJjWg4IAUYPhuv3FLuckzsKyCXIo8K4tEVf0xJ2wtOTnhN978EQqe
>> d5KI8gOmohl6JWHDFcuze5tD7CBEb17OuanfVa92n1t7nfiCJRl9sf2G4Ug0TN75
>> nr+cQ5il9KkIHvg284e/VwnGu7c4Ln3jOk0wQm6XuzDf7NIORSi3zqKnu2HI2GDx
>> +rjU4g6Y5PbkgOOlzbH+9YZbOPs0myMGxTxpHgt5J6XvmQihrlogP45oxcdocal0
>> jTmBM/lvBwXHn15Jq6faDybIoa/Ngpzdn3GT3p9R3FEltg6/nNzJdiqNBMIBxPg=
>> =QhBZ
>> -----END PGP SIGNATURE-----
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or
>> unsubscribe from its mailing list and how to find out about upcoming
>> meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable,
>> and the list's archives can be browsed and searched on the Internet.
>> This means these messages can be viewed by (among others) your bosses,
>> prospective employers, and people who have known you in the past.
>
>
>
> - _____/ _____/ / - Jonathan Loran - -
> - / / / IT Officer -
> - _____ / _____ / / Space Sciences Laboratory, UC Berkeley
> - / / / (510) 643-5146 [hidden email]
> <mailto:[hidden email]>
> - ______/ ______/ ______/ AST:7731^29u18e3
>
>
>
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Java Update

Jonathan Loran

Thanks Greg.  I forgot to check the developers site.  It will be a relief getting those updates in.

Jon

On Feb 22, 2011, at 11:12 AM, Greg Paschall wrote:

Jon,

I wouldn't worry for long. Apple posted to the Apple Developer site on 2/16:
Java for Mac OS X 10.6 Update 4 Developer Preview (10M3321)
Java for Mac OS X 10.5 Update 9 Developer Preview (9M3321)

Both "delivers improved reliability, security, and compatibility by updating Java SE 6 to 1.6.0_24."

Greg

Jonathan Loran wrote, on 2/21/11 11:57 PM:

What are OSX users to do about this? There's no sign at all of an OSX
Java patch to address these vulnerabilities. Traditionally Apple has
re-bundled Java, and many other open source packages, to suit Darwin,
but they tend to be quite behind. The Java vulnerabilities are quite
serious and being exploited in the wild, and OSX is not immune, so my
(probably false) sense of security using my Mac is rapidly evaporating.
I know Apple is now tasking Oracle to support Java on OSX more directly,
but still, we need to apply pressure on Apple to get a fix delivered
through software update ASAP.

Jon

On Feb 18, 2011, at 12:16 AM, John Ives wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Everyone,

On Tuesday, Oracle released its latest updates for Java (Java 6 Update
24). That update included fixes for 21 issues, including 19 that could
be used by attackers to remotely install software on a system. Over the
past several months, System and Network Security, has seen an increasing
number of systems exploited as a result of out-of-date Java
installations. As a result, I would like to urge everyone to test and
deploy this patch as soon as possible.

Information on the updates and the issues it can be found at
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html.

Yours,

John Ives

- --
-
-------------------------------------------------------------------------
John Ives
System & Network SecurityPhone (510) 229-8676
University of California, Berkeley
-
-------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNXirjAAoJEJkidK6qbywsNPAIAMP1ZcWQFElQ0p9cEWDWoVqL
4IkFUyxFgyVNJjWg4IAUYPhuv3FLuckzsKyCXIo8K4tEVf0xJ2wtOTnhN978EQqe
d5KI8gOmohl6JWHDFcuze5tD7CBEb17OuanfVa92n1t7nfiCJRl9sf2G4Ug0TN75
nr+cQ5il9KkIHvg284e/VwnGu7c4Ln3jOk0wQm6XuzDf7NIORSi3zqKnu2HI2GDx
+rjU4g6Y5PbkgOOlzbH+9YZbOPs0myMGxTxpHgt5J6XvmQihrlogP45oxcdocal0
jTmBM/lvBwXHn15Jq6faDybIoa/Ngpzdn3GT3p9R3FEltg6/nNzJdiqNBMIBxPg=
=QhBZ
-----END PGP SIGNATURE-----


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or
unsubscribe from its mailing list and how to find out about upcoming
meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable,
and the list's archives can be browsed and searched on the Internet.
This means these messages can be viewed by (among others) your bosses,
prospective employers, and people who have known you in the past.



- _____/ _____/ / - Jonathan Loran - -
- / / / IT Officer -
- _____ / _____ / / Space Sciences Laboratory, UC Berkeley
- / / / (510) 643-5146 [hidden email]
<[hidden email]>
- ______/ ______/ ______/ AST:7731^29u18e3







-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.



-     _____/     _____/      /           - Jonathan Loran -           -
-    /          /           /                IT Officer               -
-  _____  /   _____  /     /     Space Sciences Laboratory, UC Berkeley
-        /          /     /      (510) 643-5146 [hidden email]
- ______/    ______/    ______/           AST:7731^29u18e3
                                 





 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.