Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java 6 update 14 released

Published: 2009-06-10
Last Updated: 2009-06-11 08:25:06 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

Sun has updated Java to 6u14. Details can be found here:

Do note that while the list of bugs fixes is impressive, they also state: "This feature release does not contain any new fixes for security vulnerabilities to its previous release".

Many thanks to Roseman for providing the link to the details.


Jerry sent in the observation that there are is despite there being no security bug fixes, interesting security news in the release notes:

Blocklist Jar Feature

Support for blocklisting signed jar files has been added to 6u14. A blocklist is a list of signed jars that contain serious security vulnerabilities that can be exploited by untrusted applets or applications. A system-wide blocklist will be distributed with each JRE release. Java Plugin and Web Start will consult this blocklist and refuse to load any class or resource contained in a jar file that's on the blocklist. By default, blocklist checking is enabled. The deployment configuration property can be used to toggle this behavior.

The blocklist entries are the union of the blocklist files pointed to by the and properties. By default, points to the blocklist file in the jre/lib/security directory, and points to a blocklist file that contains additional entries added by a user


Swa Frantzen -- Section 66

Keywords: java Sun update
0 comment(s)

SysInternals Survey

Published: 2009-06-10
Last Updated: 2009-06-10 02:42:23 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Hands-down the best tools for determining what is going on on a Windows system are Mark Russinovich's and Bryce Cogswell's Sysinternals Tools.  Frequent contributor Roseman has pointed out that Microsoft is asking for your help improving the Sysinternals tools. Over at the Microsoft Technet blog they are requesting Sysinternals users to take a short survey.

If you are a Sysinternals user please consider taking five minutes to contribute to their future.

-- Rick Wanner - rwanner at isc dot sans dot org

0 comment(s)
Diary Archives