Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #18495

Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out

From Fredrik Jonson <fredrik@jonson.org>
Newsgroups comp.lang.java.programmer
Subject Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out
Date 2012-09-01 06:38 +0000
Message-ID <slrnk43bba.pfm.fredrik@scout.jonson.org> (permalink)
References (2 earlier) <k1p1fp$24v$1@dont-email.me> <ei604819trie2avefhs4punmav31tmibuo@4ax.com> <slrnk40ksb.mg5.fredrik@scout.jonson.org> <k1plkf$r9n$1@dont-email.me> <slrnk4275r.olb.fredrik@scout.jonson.org>

Show all headers | View raw

Hmm,

There are now reports of another sandbox-breaking exploit, that has not been
patched in the Java 7u7 release.

  "As in the case of the earlier vulnerabilities, Gowdiak says, this flaw
   allows an attacker to bypass the Java security sandbox completely [...]

   Unlike the earlier vulnerabilities, no known exploit of the new flaw has yet
   been found in the wild, but Gowdiak says he included proof-of-concept code
   with the report to demonstrate that an exploit is indeed possible.

   Oracle has not acknowledged that the new vulnerability actually exists, but
   it has confirmed that it has received Security Explorations' vulnerability
   report and is analyzing it."

http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/

--
Fredrik Jonson

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-08-30 16:44 -0700
  Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-30 20:41 -0400
    Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out markspace <-@.> - 2012-08-30 17:45 -0700
      Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-30 20:52 -0400
      Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-08-30 19:16 -0700
        Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Fredrik Jonson <fredrik@jonson.org> - 2012-08-31 06:02 +0000
          Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out markspace <-@.> - 2012-08-30 23:29 -0700
            Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-31 15:38 -0400
            Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Fredrik Jonson <fredrik@jonson.org> - 2012-08-31 20:20 +0000
              Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Fredrik Jonson <fredrik@jonson.org> - 2012-09-01 06:38 +0000
                Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-09-02 02:15 -0700
          Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Roedy Green <see_website@mindprod.com.invalid> - 2012-08-31 15:21 -0700
            Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-31 19:53 -0400
        Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out Arne Vajhøj <arne@vajhoej.dk> - 2012-08-31 15:36 -0400

csiph-web