-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA07-022A
Sun Updates for Multiple Vulnerabilities in Java
Original release date: January 22, 2007
Last revised: --
Source: US-CERT
Systems Affected
* Sun Java
* Most web browsers
Overview
In order to use certain web site features, you may have downloaded
and installed Sun Java software. Vulnerabilities in Sun Java could
allow an attacker to gain control of your computer.
Solution
Apply update
If you have Sun Java installed, then you should apply updates from
Sun to remedy these vulnerabilities. Follow these instructions to
update your version of Java:
1. From the Start menu, open the Control Panel.
2. Open the Java Control Panel by clicking the Java icon.
3. Select the Update tab and click the Update Now button. (If
you do not see an Update tab, your version of Java does not
support updates, or you must log in as an Administrator.)
We also recommend enabling Automatic Updates for Java. To enable
Automatic Updates for Java, select the Check for Updates
Automatically check box in the Update tab of the Java Control
Panel.
Note: Java version 1.3 does not provide Automatic Updates; you must
update manually. To manually update Java, refer to the Java
Downloads web page.
If you install the latest version of Java, older versions of Java
may remain installed on your computer. If these versions of Java
are not needed, you may wish to remove them. For instructions on
how to remove older versions of Java, refer to the following
instructions from Sun:
http://www.java.com/en/download/faq/5000070400.xml
Turn off Java in the Web Browser
Turning off Java in your web browser will prevent attackers from
using this vulnerability to take control of your computer. For
instructions on how to disable Java in your web browser, refer to
the Securing Your Web Browser document.
Description
Vulnerabilities in Sun Java may allow an attacker to access your
computer, install and run malicious software on your computer, or
cause it to crash. An attacker could exploit these vulnerabilities
by convincing you to view a malicious web document.
For more technical information, see US-CERT Technical Alert
TA07-022A.
References
* Technical Alert TA07-022A -
<http://www.us-cert.gov/cas/techalerts/TA07-022A.html>
* Vulnerability Notes for Sun Java Vulnerabilities -
<http://www.kb.cert.org/vuls/byid?searchview&query=VU%23388289,VU%23102289,VU%23149457,VU%23939609>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* Download Java Software - <http://java.com/download/index.jsp>
* Can I remove older versions of the JRE after installing a newer
version? - <http://www.java.com/en/download/faq/5000070400.xml>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA07-022A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA07-022A Feedback VU#388289" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
January 22, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRbUOGexOF3G+ig+rAQJP1QgAm6yjFQY3H9KSEKEbAjkMjqLv6A30awyE
JOScCXsfKDPFnR7qX7EK1nHNd+qNx2JSiMi39vjFRL1jwjLUxpSeS4xdHJkBZgn8
8oXFtsA/1oZEyIKM93PgnOqUASnYKYAIMCSfeFn1ainaGWA/UiuImoNnQrEmPWqv
hjRzHg2wAhJvkcz1ktMi8FiSTOfT08CbWHOiYdraMiXhqd9NHY4oASwFCpGENA6H
JedSRyQTpn7x0BBpGr4q6ANrPv1xT00HkIuquoR0zdu5FMAOGzK8kth49Ha8761y
FEwB1ugTAkFKfIaIkCojSPspvC63+Cds6DI09W/Py177F//k9yk7tA==
=nHLg
-----END PGP SIGNATURE-----
