Sun released the Java 6 Update 17, which among other fixes several security bugs. These include various types of buffer overflow vulnerabilities and exceeded the scope of integers, provoked by an appropriately crafted audio and video files. Thanks to a Java applet or Java Web Start programs may have higher access privileges to the system, and then infect it.

Issues

Due to a bug in the installer, Java Web Start may happen that programs using this technology, which are not trustworthy, they can still be run as trusted, thereby generating a higher power. In turn, a gap in the Java Runtime Environment Deployment Toolkit leads to the appropriate Web site may be manipulative to smuggle in and execute malicious code system.

Sun also removed a gap in verifying the data HMAC-Digest, by which one could falsify digital signatures. Besides JRE Update feature updates in the future will also update the runtime when the version of Windows will be different than the English.

Solution

Install the latest package eliminates these issues.

Some of the vulnerabilities can also be found in versions of Java 5.0, 1.4.xi 1.3.x In their situation Sun recommends updating to release 5.0 Update 22, 1.4.2_24 and 1.3.1_27. It is worth noting that all three editions have already reached or exceeded the point of End of Life (EOL).

Line 5 to update the package 22 is the last update. Therefore, Sun recommends that all users go to line 6, to continue to receive security updates.