jws vuln - please update

oNyx · June 15, 2005, 3:20am

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1

“A vulnerability in Java Web Start may allow an untrusted application to elevate its privileges. For example an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the Java Web Start application.”

Ooops.

“Note: Java Web Start in J2SE releases prior to 5.0 for Windows, Solaris and Linux, and Java Web Start 1.0.1_02 and earlier are not affected by this issue.”

Either way… here you go:
http://java.sun.com/j2se/1.5.0/download.jsp

blahblahblahh · June 15, 2005, 8:37am

* blahblahblahh smugly notes that he was right all along not to "up"grade to java 5…

Markus_Persson · June 15, 2005, 9:40am

By that logic, nobody should ever upgrade to anything ever, as the exploits are always added in some upgrade.

kevglass · June 15, 2005, 9:45am

Yes, you’re right Markus, no one should upgrade anything.

Kev

Markus_Persson · June 15, 2005, 10:20am

That’s what I said!

* Markus_Persson hugs C64

nonnus29 · June 15, 2005, 12:07pm

L.O.L

;D

Alan_W · June 15, 2005, 5:47pm

Does that mean Java 1.5 on the Mac is borked too? :’(

/Edit Hum, that’s based on Update 2

[quote]This release of Java for Mac OS X introduces support for J2SE 5.0 onMac OS X. It features Apple’s implementation of Sun’s Java 2 Platform, Standard Edition Version 1.5.0_02
[/quote]
The Sun announcement says

[quote]This issue is addressed in the following releases:

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 Update 2 and later for Windows, Solaris and Linux
[/quote]
Hopefully that means it’s Ok