site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2009-06-15-2 Java for Mac OS X 10.4 Release 9 Java for Mac OS X 10.4 Release 9 is now available and addresses the following: Java CVE-ID: CVE-2009-1107, CVE-2008-5352, CVE-2008-5356, CVE-2008-5353, CVE-2008-5354, CVE-2008-5357, CVE-2008-5359, CVE-2009-1104, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2009-1103, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5348, CVE-2009-1101, CVE-2009-1100, CVE-2009-1100, CVE-2009-1099, CVE-2009-1098, CVE-2009-1095, CVE-2009-1096, CVE-2009-1094, CVE-2009-1093, CVE-2008-5341, CVE-2008-5339, CVE-2008-5360 Available for: Mac OS X v10.4.11 with Java for Mac OS X 10.4 Release 8, Mac OS X Server v.10.4.11 with Java for Mac OS X 10.4 Release 8 Impact: Multiple vulnerabilities in Java 1.5.0_16 Description: Multiple vulnerabilities exist in Java 1.5.0_16, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.5 to version 1.5.0_19. Further information is available via the Sun Java website at http://java.sun.com/j2se/1.5.0/ReleaseNotes.html Java CVE-ID: CVE-2008-5342, CVE-2008-5356, CVE-2008-5353, CVE-2008-5354, CVE-2008-5357, CVE-2008-5340, CVE-2008-5359, CVE-2009-1104, CVE-2008-5360, CVE-2008-5344, CVE-2008-5345, CVE-2008-2086, CVE-2008-5346, CVE-2009-1103, CVE-2008-5350, CVE-2008-5351, CVE-2008-5348, CVE-2009-1100, CVE-2009-1100, CVE-2009-1098, CVE-2009-1094, CVE-2009-1093, CVE-2008-5343, CVE-2008-5339 Available for: Mac OS X v10.4.11 with Java for Mac OS X 10.4 Release 8, Mac OS X Server v.10.4.11 with Java for Mac OS X 10.4 Release 8 Impact: Multiple vulnerabilities in Java 1.4.2_18 Description: Multiple vulnerabilities exist in Java 1.4.2_18, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating Java 1.4 to version 1.4.2_21. Further information is available via the Sun Java website at http://java.sun.com/j2se/1.4.2/ReleaseNotes.html Java for Mac OS X 10.4 Release 9 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The download file is named: JavaForMacOSX10.4Release9.dmg Its SHA-1 digest is: cc470c07eb67f66b4980cea2a6566a7b0e4bf755 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJKNopyAAoJEHkodeiKZIkBQTgH/jgtmho0SjvzX93WpoNUfjQ6 xZJElEjdkRqxDAK6ittRfo4JPsf/tOkG8ZLP3hzuj6SPKN+XlRorxdd9jyu6ZGKC dkege0Xvs9Gx6HEOGsY1P/j/349q/4WP/z5DZxK5ostoWttwNlSMLmnM+dxmxG3Y gNYV0fwIrB50WCZwwPECyAnQrwkfAdwdKSwhxNSfnl3qlvVf2F532Kc2BcS3KK1X iimy4u7QhAhqbuMe0mjpXums+bXHzi0DV/n96jgqMpzqBa7/bVKS3xOFJ/oC1mJf 9OgDrBqxT3e9SxnTKzSMNRIMhPK2GsrtrES9GuzonyGme9sekpmPQPEF83+V6aQ= =1WtD -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com