Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2008-09-24 Java for Mac OS X 10.4, Release 7
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2008-09-24 Java for Mac OS X 10.4, Release 7



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-09-24 Java for Mac OS X 10.4, Release 7

Java for Mac OS X 10.4, Release 7 is now available and addresses the
following issues:

Java
CVE-ID:  CVE-2008-3637
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Visiting a maliciously crafted website may lead to arbitrary
code execution
Description:  An error checking issue leading to the use of an
uninitialized variable exists in the Hash-based Message
Authentication Code (HMAC) provider used for generating MD5 and SHA-1
hashes. Visiting a website containing a maliciously crafted Java
applet may lead to arbitrary code execution. This update addresses
the issue through improved error handling. This is an Apple-specific
issue. Credit to Radim Marek for reporting this issue.

Java
CVE-ID:  CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188,
CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192,
CVE-2008-1195, CVE-2008-1196, CVE-2008-3104, CVE-2008-3107,
CVE-2008-3108, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113,
CVE-2008-3114
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Multiple vulnerabilities in Java 1.4.2_16
Description:  Multiple vulnerabilities exist in Java 1.4.2_16, the
most serious of which may allow untrusted Java applets to obtain
elevated privileges. Visiting a web page containing a maliciously
crafted Java applet may lead to arbitrary code execution. These
issues are addressed by updating Java 1.4 to version 1.4.2_18.
Further information is available via the Sun Java website at
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html

Java
CVE-ID:  CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188,
CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192,
CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196,
CVE-2008-3103, CVE-2008-3104, CVE-2008-3107, CVE-2008-3111,
CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115
Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact:  Multiple vulnerabilities in Java 1.5.0_13
Description:  Multiple vulnerabilities exist in Java 1.5.0_13, the
most serious of which may allow untrusted Java applets to obtain
elevated privileges. Visiting a web page containing a maliciously
crafted Java applet may lead to arbitrary code execution. These
issues are addressed by updating Java 1.5 to version 1.5.0_16.
Further information is available via the Sun Java website at
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Java for Mac OS X 10.4, Release 7 may be obtained from the Software
Update pane in System Preferences, or Apple's Software Downloads
web site: http://www.apple.com/support/downloads/

The download file is named:  "JavaForMacOSX10.4Release7.dmg"
Its SHA-1 digest is:  67d17ba3e854101d890633f507b4c02e031b3a05

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

wsBVAwUBSNqB2XkodeiKZIkBAQhswAf9HjX4OrjGRfffZXnu0JXOuXxQ39mOCV+3
89Bm8A5P7dthlYdD3dV3d3qlxZ9lg33XE9n+900X0JkBMKF6RSzMBiEo2+Alhi/d
LrsDlyDyQke4MkuoRmqT/TglUBfaYVAZt8RAMwRH6hyDMzXSnFBTpwbxQQg09weB
jwpuPVaucUZ9sNkYlY1qKXnLojPRNFJhmcpd2RZvZme7cCbosdGwnkagF6vRZOhl
jtFvA868zXlu2T2ygIlA9iARb03sgh9v9kSY9ovKP0mgpL8pEK+VgAIz6PPn/kU/
NfuAGNN733wsMsInmHvouvI1rba9I11MkyMjoqZtEX+I1DhKXH0ydA==
=r2fK
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.