Advance Notice: Security Updates for Java SE

I get a 404 at that link. Nothing new posted at Sun yet. Maybe a time zone issue.

NOW AVAILABLE:

Java Runtime Environment (JRE) 6 update 17

This release contains fixes for one or more security vulnerabilities.

http://java.com/en/download/manual.jsp

it's probably safest to go for the OFFLINE (15.9 Meg) update

Release Notes:  

http://java.sun.com/javase/6/webnotes/6u17.html

-----------

Please note:  

This update will automatically remove updates of JRE 6 numbered 10 and higher.

But any older versions of Java have to be uninstalled, separately, before or after the newest installation

Finally!  Thank you, ky331!

Concerning the Java update, please note:   If you are using:

• 32-bit Internet Explorer (IE), you need to download 32-bit Java 
• 64-bit IE, you need to download 64-bit Java 
• Both 32-bit and 64-bit IE, you need to download both 32-bit and 64-bit Java respectively

I was offered the Bing Toolbar with that one.   Although a Bing fan, I declined.

BB,

I was just about to make the same comment, about Java offering me the Bing Toolbar (for IE) on this machine... i did NOT have that happen earlier today on another system.

in reference to the Java update:

for those who run Spybot's TeaTimer, and have the updates dated 2009-10-28,

be advised there is  (apparently)  a false-positive there --- which was corrected the following day, 2009-10-29 ---

this F/P will intercept  zipper.exe , a component in the Java installation, as being fraud.softcop.

To fix this, before installing Java, you should:

1) Update Spybot again, to obtain updates dated 2009-10-29 (or later).

2) Reboot your system (so that TeaTimer will restart, and access the new update file).

3) And then, you should be able to install the new Java without TeaTimer interfering.

------------------

Since I was unaware about the F/P at the time I installed Java, and being unsure what TeaTimer's improper interaction might have done, I decided to play it safe, by uinstalling Java, and then applying the 3 steps above, to guarantee a clean installation.

My second computer I updated about an hour ago, but I used this link:
http://java.sun.com/javase/downloads/index.jsp

No toolbar offered from this one.

Here's more info on this Java update, as copied/pasted from http://secunia.com/advisories/37231/ :

Description:
A weakness and some [highly critical] vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system.

1) A weakness is caused by the update mechanism failing to update JRE to a new version when running on non-English Windows versions.

2) An error in the JRE Deployment Toolkit on Windows can be exploited to execute arbitrary code when viewing a specially crafted web page.

3) An error in the Java Web Start installer can be exploited to run a malicious Java Web Start application as trusted and executed arbitrary code.

4) An unspecified error when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet.

5) Another unspecified error when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet.

6) Two unspecified errors when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet.

7) Three unspecified errors when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet.

8) An unspecified error when processing audio or image files can be exploited to potentially execute arbitrary code via an untrusted applet.

9) An error when verifying HMAC digests can be exploited to potentially bypass authentication via a fake digital signature that is incorrectly accepted as valid by a Java application.

10) An error when decoding DER encoded data can be exploited to exhaust all available JRE memory.

11) An error when parsing HTTP headers can be exploited to exhaust all available JRE memory.

Solution:
Update to a fixed version.

JDK and JRE 6 Update 17:
http://java.sun.com/javase/downloads/index.jsp

--------------------------------------------------------------------------------------

for users of Win98/ME (or for users who, for whatever their reason, want to stick with version 5.0):  JDK and JRE 5.0 Update 22:
http://java.sun.com/javase/downloads/index_jdk5.jsp

Note:   Update 22 will be the last publicly available release of J2SE 5.0;  J2SE 5.0 has reached its End of Service Life

Hi ky 331.

Thank you for the heads up.

" Description:
A weakness and some [highly critical] vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system. "

-------------------------------------------

" Solution:
Update to a fixed version.

JDK and JRE 6 Update 17:
http://java.sun.com/javase/downloads/index.jsp "

I downloaded JRE 6 Update 17 from Java´s web page (Spanish version) and installed it off line last night and it came out as 1.6.0_17b04. Does that mean I do not need the update fix mentioned above by you ? Read this please:

http://java.sun.com/javase/6/webnotes/6u17.html

BTW I was not offered the Bing Toolbar either.

Edit: 17

Hernan wrote:  "it came out as 1.6.0_b04".

Please double check carefully, it should be 1.6.0_17-b04 ; if so, you're okay.

UUPSS.

My bad, mea culpa, I missed the 17. Thank you ky331.

You're welcome.