Users of Red Hat Enterprise Linux please be advised of an Important java-1.6.0-openjdk security and bug fix update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RHSA-2010:0768-01: Important: java-1.6.0-openjdk security and bug fix update
Product: Red Hat Enterprise Linux
Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
defaultReadObject of the Serialization API could be tricked into setting a
volatile field multiple times, which could allow a remote attacker to
execute arbitrary code with the privileges of the user running the applet
or application. (CVE-2010-3569)
Race condition in the way objects were deserialized could allow an
untrusted applet or application to misuse the privileges of the user
running the applet or application. (CVE-2010-3568)
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aCrY1s

No comments:
Post a Comment