US-CERT Warns of Java Vulnerabilities
US-CERT is warning users to upgrade their Java installations to protect against a number of serious security vulnerabilities.
Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
In total it's difficult to grasp how many seperate vulnerabilities there actually are in Java. According to US-CERT, Sun issued no less than 7 seperate alerts some of which detail multiple security vulnerabilities.
* 233321 Two Security Vulnerabilities in the Java Runtime
Environment Virtual Machine
* 233322 Security Vulnerability in the Java Runtime Environment With
the Processing of XSLT Transformations
* 233323 Multiple Security Vulnerabilities in Java Web Start May
Allow an Untrusted Application to Elevate Privileges
* 233324 A Security Vulnerability in the Java Plug-in May Allow an
Untrusted Applet to Elevate Privileges
* 233325 Vulnerabilities in the Java Runtime Environment image
* 233326 Security Vulnerability in the Java Runtime Environment May
* 233327 Buffer Overflow Vulnerability in Java Web Start May Allow
an Untrusted Application to Elevate its Privileges
At risk are multiple Sun Java Runtime Environment versions that US-CERT details in its alert. So if you're one of the many Java users that doesn't have automatic updates for Java - go get the latest version of Java now!