Technical FAQs

Ask a Question

Sun Java Updates for Multiple Vulnerabilities – InfraStruXure Manager 4.7

"Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. The InfraStruXure Manager installer relies on the JRE installed on the client machine.

Sun Java Runtime Environment versions affected:
• JDK and JRE 6 Update 6 and earlier
• JDK and JRE 5.0 Update 15 and earlier
• SDK and JRE 1.4.2_17 and earlier
• SDK and JRE 1.3.1_22 and earlier


Alert Information
• 238628 Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data
• 238666 A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges
• 238687 Security Vulnerabilities in the Java Runtime Environment Scripting Language Support
• 238905 Multiple Security Vulnerabilities in Java Web Start may allow Privileges to be Elevated
• 238965 Security Vulnerability in Java Management Extensions (JMX)
• 238966 Security Vulnerability in JDK/JRE Secure Static Versioning
• 238967 Security Vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted Application or Applet to Elevate Privileges
• 238968 Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed

Severity Risk
Critical for a vulnerable system installed JRE

Recommendations and workarounds:

1. Update all vulnerable system installed JREs to a patched version according to Sun’s recommendations [1].
2. Uninstall InfraStruXure Manager client
3. Reinstall InfraStruXure Manager client.

Exploitation and Public Announcements
APC is not aware of any malicious use of the vulnerabilities described in this advisory.


THIS IS AN ACTIVE ADVISORY. ALTHOUGH APC CANNOT GUARANTEE THE ACCURACY OF ALL STATEMENTS IN THIS NOTICE, ALL OF THE FACTS HAVE BEEN CHECKED TO THE BEST OF OUR ABILITY. APC DOES NOT ANTICIPATE ISSUING UPDATED VERSIONS OF THIS ADVISORY UNLESS THERE IS SOME MATERIAL CHANGE IN THE FACTS. SHOULD THERE BE A SIGNIFICANT CHANGE IN THE FACTS, APC MAY UPDATE THIS ADVISORY. A STAND-ALONE COPY OR PARAPHRASE OF THE TEXT OF THIS SECURITY ADVISORY THAT OMITS THE DISTRIBUTION URL IN THE FOLLOWING SECTION IS AN UNCONTROLLED COPY, AND MAY LACK IMPORTANT INFORMATION OR CONTAIN FACTUAL ERRORS.

IN NO EVENT SHALL EITHER APC, ITS OFFICERS, DIRECTORS, AFFILIATES OR EMPLOYEES, BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND INCLUDING, BUT NO LIMITED TO, LOSS OF PROFITS ARISING OUT OF THE USE OR IMPLEMENTATION OF THE INFORMATION CONTAINED HEREIN HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN AN ACTION FOR CONTRACT, STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, WHETHER OR NOT APC HAS BEEN ADVISED OR THE POSSIBILITY OF SUCH DAMAGE AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY.


References
[1] http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
http://www.us-cert.gov/cas/techalerts/TA08-193A.html


Copyright
This notice is Copyright 2008 by American Power Conversion Corporation. This notice may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, and include all date and version information
"
Was this helpful?
What can we do to improve the information ?