Gentoo Linux Security Advisory 201401-30 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.
72f2aefba431a697c1d570fbb434eb79207fb4a72606cbe6c7ddb60e387613d9
HP Security Bulletin HPSBUX02784 SSRT100871 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
c8cd23f3678147e9687ce204ce5796798aa365b0cbd0273a21667ba087d2b32d
Red Hat Security Advisory 2012-0514-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
c68d983985bbac883534803d400c741a3bcffae537b924190a690eefdff3d8de
HP Security Bulletin HPSBUX02757 SSRT100779 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.
c5a0e87798a83e3a26479d57dc941d9529228666687065183c587e8f64dae163
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
9b2491e0649107046854a66362922281cb8a88f0446d805f1131dd3c839681ab
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
81161207244c8e7484b4277932284c0018d20eb38ceb3a2c62bd1e994ede6a05
Mandriva Linux Security Advisory 2012-021 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). The updated packages provides icedtea6-1.10.6 which is not vulnerable to these issues.
5b2fd88e8a9ff6a537fe564785369fae1a0e6c2783336b7003b1192898240b20
Red Hat Security Advisory 2012-0139-01 - The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
59b1b1771497372d96df83e9b666267326a847cc6eb7bd98422eeda63449205d
A Java Web Start vulnerability exists in Oracle Java. The vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on a vulnerable system.
a9f20f8af75e64dcb02cb2bdaa029132cb9ba5d1cd5919657bca7c33647845c5