CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2007/VULN521 _____________________________________________________________________ DATE : 17/12/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Mac OS X 10.4 running Java. ====================================================================== APPLE-SA-2007-12-14 Java Release 6 for Mac OS X 10.4 Java Release 6 for Mac OS X 10.4 is now available and addresses the following issues: Java CVE-ID: CVE-2007-5862 Available for: Mac OS X v10.4.10, Mac OS X v10.4.11, Mac OS X Server v10.4.10, Mac OS X Server v10.4.11 Impact: A malicious webpage can remove or insert keychain items Description: An access check may be bypassed for Keychain updates. A specially crafted Java applet may be able to add or remove items from a user's Keychain, without prompting the user. This update addresses the issue through an improved access check. This issue does not affect systems running Mac OS X v10.5 and later. Credit to Bruno Harbulot of the University of Manchester for reporting this issue. Java CVE-ID: CVE-2006-4339, CVE-2006-6731, CVE-2006-6736, CVE-2006-6745, CVE-2007-0243, CVE-2007-2435, CVE-2007-3004, CVE-2007-3005, CVE-2007-3504, CVE-2007-3698, CVE-2007-3922, CVE-2007-4381, CVE-2007-5232 Available for: Mac OS X v10.4.10, Mac OS X v10.4.11, Mac OS X Server v10.4.10, Mac OS X Server v10.4.11 Impact: Multiple vulnerabilities exist in Java 1.4 Description: Multiple vulnerabilities exist in Java 1.4, the most serious of which may lead to arbitrary code execution and privilege escalation. These are addressed by updating Java 1.4 to version 1.4.2_16. These issues are already addressed in systems running Mac OS X v10.5 and later. Java CVE-ID: CVE-2006-4339, CVE-2006-6731, CVE-2006-6745, CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789, CVE-2007-3004, CVE-2007-3005, CVE-2007-3503, CVE-2007-3504, CVE-2007-3655, CVE-2007-3698, CVE-2007-3922, CVE-2007-4381, CVE-2007-5232 Available for: Mac OS X v10.4.10, Mac OS X v10.4.11, Mac OS X Server v10.4.10, Mac OS X Server v10.4.11 Impact: Multiple vulnerabilities exist in J2SE 5.0 Description: Multiple vulnerabilities exist in J2SE 5.0, the most serious of which may lead to arbitrary code execution and privilege escalation. These are addressed by updating J2SE 5.0 to version 1.5.0_13. These issues are already addressed in systems running Mac OS X v10.5 and later. Java Release 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.4.10 and Mac OS X v10.4.11 The download file is named: "JavaForMacOSX10.4Release6.dmg" Its SHA-1 digest is: ee4e261070354b0f95f88a92a1b00f8cf39886c4 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnuma798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ ====================================================================== ========================================================= Les serveurs de re'fe'rence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================