[VIM] [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)

rkeith at securityfocus.com rkeith at securityfocus.com
Wed Jul 4 16:46:46 UTC 2007


US-CERT seems to think Sun: 102934 relates to the CESA-2006-004 article. 
The Sun advisory however only credits Chris Evans, but includes no 
definitive link to the article. I am inclined to agree that it is 
a duplicate.

http://www.kb.cert.org/vuls/id/138545 References:

http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/jcp.html#update
# http://scary.beasts.org/security/CESA-2006-004.html
http://java.sun.com/j2se/1.4.2/download.html
http://java.com/en/download/help/testvm.xml
http://www.cert.org/tech_tips/securing_browser/
http://www.color.org/


--
Rob Keith
Symantec

----- Forwarded message from "George A. Theall" <theall at tenablesecurity.com> -----

From: "George A. Theall" <theall at tenablesecurity.com>
Subject: [VIM] Sun JDK Confusion
To: Vulnerability Information Managers <vim at attrition.org>
Reply-To: Vulnerability Information Managers <vim at attrition.org>
Date: Tue, 03 Jul 2007 07:17:21 -0400
User-Agent: Thunderbird 2.0.0.4 (X11/20070604)
Message-ID: <468A3041.5000008 at tenablesecurity.com>

Last May, there was an advisory published by Chris Evans about image
parsing library vulnerabilities in Sun's JDK:

   http://scary.beasts.org/security/CESA-2006-004.html

This seems to have resulted in Bugtraq 24267 / CVE-2007-3004 duplicating
Bugtraq 24004 / CVE-2007-2788 and CVE-2007-2789. Steve, any ideas?


George
-- 
theall at tenablesecurity.com

----- End forwarded message -----

-- 
Dave McKinney
Symantec

keyID: E461AE4E
key fingerprint = F1FC 9073 09FA F0C7 500D  D7EB E985 FAF3 E461 AE4E


More information about the VIM mailing list