New Java update (1.5.0u11) and a Microsoft Word 2000 vulnerability

Published: 2007-02-12
Last Updated: 2007-02-14 03:29:42 UTC
by Bojan Zdrnja (Version: 2)
0 comment(s)
Sun recently released (another) update for Java 1.5.0, Update 11. There are a bunch of bug fixes and I didn’t see anything serious related to security.
However, it is worth noting that this update contains time zone data that incorporates Day Light Saving changes for 2007 (we wrote about this previously, http://isc.sans.org/diary.html?storyid=2142, but will use another opportunity to remind you about the changes).
Java update should be available automatically now as well – just remember to remove the old update revisions if you don’t need them any more (after you’ve thoroughly tested all your applications, of course).

McAfee published information about a new 0-day exploit for Word. They’ve notified Microsoft and it looks like the vulnerability is limited to Denial of Service. We’ve updated the list of 0-days in Microsoft products which you can find here: http://isc.sans.org/diary.html?storyid=1940.

UPDATE

Just couple of things:
  • The time zone data part of the update is not related to the changes in the USA - that was covered by a previous update. The current time zone data covers some other countries (you can get the whole list by checking the release notes at http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_11). Thanks Toby.
  • Jeff wrote to remind us that if you have installed the unlimited cryptography JARs that you will need to do that again.
Keywords:
0 comment(s)
Diary Archives