Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Java Security Update

Published: 2009-08-04
Last Updated: 2009-08-05 17:55:52 UTC
by donald smith (Version: 2)
0 comment(s)

Sun has released a new version of Java (6u15).
Thanks go out to TommyB and DavidF who wrote in to tell us of the new java update.

This release addresses 7 SUN security alerts and a ton of bugs.
http://java.sun.com/javase/6/webnotes/6u15.html

Of special note for those of you who compile things from scratch is the Garbage Collector. SUN advises people to use "-XX:+UseParallelGC" to ensure debugging breakpoints are reliable.

Several readers wrote in about the java update.
Their concerns included the fact that there is always a pre-checked piggyback application when you download java from SUN. I was offered Microsoft's bling tool bar for IE. Others were offered Carbonite Online Backup.
The fact that updates usually modifies your current configuration so if you have your check for updates set to daily you may find has been modified to once a month after the update.
You may find the java tray icon is enabled even if you have disabled it in the past.

So after you update check your configuration and if you don't want the
pre-checked software uncheck the check box.
 

0 comment(s)

Firefox Updates

Published: 2009-08-04
Last Updated: 2009-08-04 13:27:29 UTC
by Mark Hofman (Version: 1)
2 comment(s)

Many of you have let us know that there is a new firefox version out that addresses a few issues.

Fixed in Firefox 3.5.2 & 3.0.13:
MFSA 2009-43 Heap overflow in certificate regexp parsing
MFSA 2009-42 Compromise of SSL-protected communication
MFSA 2009-38 Data corruption with SOCKS5 reply containing DNS name longer than 15 characters
 

Upgrading is recommended.

Mark H - Shearwater

 

Keywords: firefox
2 comment(s)
Diary Archives