Users of java-1.6.0-openjdk please be advised of an Important security bug fix update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RHSA-2010:0865-02: [RHSA-2010:0865-02] Important: java-1.6.0-openjdk security and bug fix update
Product: Red Hat Enterprise Linux
Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
defaultReadObject of the Serialization API could be tricked into setting a
volatile field multiple times, which could allow a remote attacker to
execute arbitrary code with the privileges of the user running the applet
or application. (CVE-2010-3569)
Race condition in the way objects were deserialized could allow an
untrusted applet or application to misuse the privileges of the user
running the applet or application. (CVE-2010-3568)
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/ce5ayw
No comments:
Post a Comment