=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN421
_____________________________________________________________________

DATE                      : 22/10/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Mac OS versions 10.6, 10.5 running Java.

======================================================================
http://support.apple.com/kb/HT4417
http://support.apple.com/kb/HT4418
______________________________________________________________________

APPLE-SA-2010-10-20-1 Java for Mac OS X 10.6 Update 3

Java for Mac OS X 10.6 Update 3 is now available and addresses the
following:

Java
CVE-ID:  CVE-2009-3555, CVE-2010-1321
Available for:  Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  Multiple vulnerabilities in Java 1.6.0_20
Description:  Multiple vulnerabilities exist in Java 1.6.0_20, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_22.
Further information is available via the Java website at
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html

Java
CVE-ID:  CVE-2010-1826
Available for:  Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  A local user may be able to execute arbitrary code with the
privileges of another user who runs a Java application
Description:  A command injection issue exists in updateSharingD's
handling of Mach RPC messages. A local user may be able to execute
arbitrary code with the privileges of another user who runs a Java
application. This issue is addressed by implementing a per-user Java
shared archive. This issue only affects the Mac OS X implementation
of Java. Credit to Dino Dai Zovi for reporting this issue.

Java
CVE-ID:  CVE-2010-1827
Available for:  Mac OS X v10.6.4, Mac OS X Server v10.6.4
Impact:  Visiting a web page containing a maliciously crafted Java
applet tag may lead to an unexpected application termination or
arbitrary code execution with the privileges of the current user
Description:  A memory corruption issue exists in Java's handling of
applet window bounds. Visiting a web page containing a maliciously
crafted Java applet tag may lead to an unexpected application
termination or arbitrary code execution with the privileges of the
current user. This issue is addressed through improved validation of
window bounds. This issue only affects the Mac OS X implementation of
Java.


Java for Mac OS X 10.6 Update 3 may be obtained from the Software
Update pane in System Preferences, or Apple's Software Downloads
web site: http://www.apple.com/support/downloads/

The download file is named: JavaForMacOSX10.6Update3.dmg
Its SHA-1 digest is: f671f0443959fe7388dad23044bcc51bf1bf5eae

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

______________________________________________________________________


Java for Mac OS X 10.5 Update 8

    * Java

      CVE-ID: CVE-2009-3555, CVE-2010-1321

      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

      Impact: Multiple vulnerabilities in Java 1.6.0_20

      Description: Multiple vulnerabilities exist in Java 1.6.0_20,
the most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page containing
a maliciously crafted untrusted Java applet may lead to arbitrary code
execution with the privileges of the current user. These issues are
addressed by updating to Java version 1.6.0_22. Further information
is available via the Java website at
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html

    *Java

      CVE-ID: CVE-2009-3555, CVE-2010-1321

      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

      Impact: Multiple vulnerabilities in Java 1.5.0_24

      Description: Multiple vulnerabilities exist in Java 1.5.0_24,
the most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page containing
a maliciously crafted untrusted Java applet may lead to arbitrary code
execution with the privileges of the current user. These issues are
addressed by updating to Java version 1.5.0_26. Further information
is available via the Java website at
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

    *Java

      CVE-ID: CVE-2010-1826

      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

      Impact: A local user may be able to execute arbitrary code
with the privileges of another user who runs a Java application

      Description: A command injection issue exists in updateSharingD's
handling of Mach RPC messages. A local user may be able to execute arbitrary
code with the privileges of another user who runs a Java application. This
issue is addressed by implementing a per-user Java shared archive. This
issue only affects the Mac OS X implementation of Java. Credit to
Dino Dai Zovi for reporting this issue.

    *Java

      CVE-ID: CVE-2010-1827

      Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

      Impact: Visiting a web page containing a maliciously crafted
Java applet tag may lead to an unexpected application termination or
arbitrary code execution with the privileges of the current user

      Description: A memory corruption issue exists in Java's handling
of applet window bounds. Visiting a web page containing a maliciously
crafted Java applet tag may lead to an unexpected application termination
or arbitrary code execution with the privileges of the current user.
This issue is addressed through improved validation of window bounds.
This issue only affects the Mac OS X implementation of Java.

Important: Information about products not manufactured by Apple is
provided for information purposes only and does not constitute Apple’s
recommendation or endorsement. Please contact the vendor for additional
information.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================