Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2007-12-14 Java Release 6 for Mac OS X 10.4
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2007-12-14 Java Release 6 for Mac OS X 10.4



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-12-14 Java Release 6 for Mac OS X 10.4

Java Release 6 for Mac OS X 10.4 is now available and addresses the
following issues:

Java
CVE-ID:  CVE-2007-5862
Available for:  Mac OS X v10.4.10, Mac OS X v10.4.11,
Mac OS X Server v10.4.10, Mac OS X Server v10.4.11
Impact:  A malicious webpage can remove or insert keychain items
Description:  An access check may be bypassed for Keychain updates. A
specially crafted Java applet may be able to add or remove items from
a user's Keychain, without prompting the user. This update addresses
the issue through an improved access check. This issue does not
affect systems running Mac OS X v10.5 and later. Credit to Bruno
Harbulot of the University of Manchester for reporting this issue.

Java
CVE-ID:  CVE-2006-4339, CVE-2006-6731, CVE-2006-6736, CVE-2006-6745,
CVE-2007-0243, CVE-2007-2435, CVE-2007-3004, CVE-2007-3005,
CVE-2007-3504, CVE-2007-3698, CVE-2007-3922, CVE-2007-4381,
CVE-2007-5232
Available for:  Mac OS X v10.4.10, Mac OS X v10.4.11,
Mac OS X Server v10.4.10, Mac OS X Server v10.4.11
Impact:  Multiple vulnerabilities exist in Java 1.4
Description:  Multiple vulnerabilities exist in Java 1.4, the most
serious of which may lead to arbitrary code execution and privilege
escalation. These are addressed by updating Java 1.4 to version
1.4.2_16. These issues are already addressed in systems running Mac
OS X v10.5 and later.

Java
CVE-ID:  CVE-2006-4339, CVE-2006-6731, CVE-2006-6745, CVE-2007-0243,
CVE-2007-2435, CVE-2007-2788, CVE-2007-2789, CVE-2007-3004,
CVE-2007-3005, CVE-2007-3503, CVE-2007-3504, CVE-2007-3655,
CVE-2007-3698, CVE-2007-3922, CVE-2007-4381, CVE-2007-5232
Available for:  Mac OS X v10.4.10, Mac OS X v10.4.11,
Mac OS X Server v10.4.10, Mac OS X Server v10.4.11
Impact:  Multiple vulnerabilities exist in J2SE 5.0
Description:  Multiple vulnerabilities exist in J2SE 5.0, the most
serious of which may lead to arbitrary code execution and privilege
escalation. These are addressed by updating J2SE 5.0 to version
1.5.0_13. These issues are already addressed in systems running Mac
OS X v10.5 and later.

Java Release 6 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.10 and Mac OS X v10.4.11
The download file is named:  "JavaForMacOSX10.4Release6.dmg"
Its SHA-1 digest is:  ee4e261070354b0f95f88a92a1b00f8cf39886c4

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.0.867

wsBVAwUBR2LK18gAoqu4Rp5tAQgG8gf/UCD9npaJL3to97F+On2L7AUmEXgKh7N0
mrT0GErNHmUiXaLHrAJ5GH2e/SYVGpfV9PlyV2iNAx4d1lXhM0hXAwINZfTDy0nm
ZpBBvwRjWeZSRaJk6saM0vIYt+tCQMREFR7m5qBrnteo2wA3bUuFBZmwJMyWz3ls
boTozFrbr9mDzk/mTnTxHvEDZAAEbH21aqyZPEuFK8FwGbrCffIKl+EmUPiMxjhe
SxqUl4eGep+WcwosOdsxqwlo9ia9UcO21zGlgr75Ibu5W/xvoHO+yAHHufm6CI4b
JpU3/tDvdyPUMFDJayNik622GlbZUNEIfDoasOfKPiyHv93gCValtg==
=CNOz
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.