Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Sun JDK 5.0 Update 10 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sun JDK 5.0 Update 10
Roseman wrote to tell us that a new update for Sun JDK 5.0 has been released. Amongst a variety of bugs that have been fixed (and some of which seem to be ancient - check bug 4744057; "Potential deadlock between Selector and SelectableChannel", submitted in 2002!), one thing that caught my eye is the bug 6437047.

This "bug" was present with previous versions of Sun's JDK and is related to the Java plugin for Internet Explorer. Previous versions of the JDK were not properly signed which means that they were listed as (Not verified) in Internet Explorer (you can check this by opening the Manage add-ons tools in Internet Explorer: Tools -> Manage Add-ons -> Enable or Disable Add-ons).
This didn't prevent JDK from working, but definitely isn't best practice in security, where we're trying to educate our users to deny any non signed applets/applications/components. Sun finally fixed this (signed the plugin properly) so now the "(Not verified)"  warning is not there any more.

As JDK has automatic updates this should pop up on your machine some time soon (by default, if I'm not wrong, it will check for new updates only once per month). Once you install the new update version, and are happy with it, remember that Sun has a weird habit of *not* removing older versions from your machine, so you might want to do that manually.

New update is available from http://java.sun.com/javase/downloads/index_jdk5.jsp.

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS London February 2019

Bojan

375 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!