Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java 6 update 14 released

Published: 2009-06-10
Last Updated: 2009-06-11 08:25:06 UTC
by Swa Frantzen (Version: 2)
0 comment(s)

Sun has updated Java to 6u14. Details can be found here:

http://java.sun.com/javase/6/webnotes/6u14.html

Do note that while the list of bugs fixes is impressive, they also state: "This feature release does not contain any new fixes for security vulnerabilities to its previous release".

Many thanks to Roseman for providing the link to the details.

UPDATE:

Jerry sent in the observation that there are is despite there being no security bug fixes, interesting security news in the release notes:

Blacklist Jar Feature

Support for blacklisting signed jar files has been added to 6u14. A blacklist is a list of signed jars that contain serious security vulnerabilities that can be exploited by untrusted applets or applications. A system-wide blacklist will be distributed with each JRE release. Java Plugin and Web Start will consult this blacklist and refuse to load any class or resource contained in a jar file that's on the blacklist. By default, blacklist checking is enabled. The deployment.security.blacklist.check deployment configuration property can be used to toggle this behavior.

The blacklist entries are the union of the blacklist files pointed to by the deployment.system.security.blacklist and deployment.user.security.blacklist properties. By default, deployment.system.security.blacklist points to the blacklist file in the jre/lib/security directory, and deployment.user.security.blacklist points to a blacklist file that contains additional entries added by a user
.

 

--
Swa Frantzen -- Section 66

Keywords: java Sun update
0 comment(s)

SysInternals Survey

Published: 2009-06-10
Last Updated: 2009-06-10 02:42:23 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Hands-down the best tools for determining what is going on on a Windows system are Mark Russinovich's and Bryce Cogswell's Sysinternals Tools.  Frequent contributor Roseman has pointed out that Microsoft is asking for your help improving the Sysinternals tools. Over at the Microsoft Technet blog they are requesting Sysinternals users to take a short survey.

If you are a Sysinternals user please consider taking five minutes to contribute to their future.

-- Rick Wanner - rwanner at isc dot sans dot org

0 comment(s)
Diary Archives