Hi,
I believe that LCG uses Java 1.4.2_xx primarily and according to the
note of this vul.:
"Note: SDK and JRE 1.4.2_xx and earlier, and 1.3.1_xx releases for
Windows, Solaris and Linux are not affected by this issue."
To the non-1.5.x users it wouldn't be an issue. Due to some other
vulnerabilities and plain bugs I would (personaly) say that a version
of >= 1.4.2.08 should be used.
cheers,
Oscar
Y.Lyublev wrote:
>Dear All.
>On http://www.securitylab.ru/vulnerability/source/242495.php
>I see
>Document Audience: PUBLIC
>Document ID: 102050
>Title: Security Vulnerability With Java Runtime Environment May Allow
>Untrusted Applet to Elevate Privileges
>Copyright Notice: Copyright © 2005 Sun Microsystems, Inc. All Rights
>Reserved
>Update Date: Mon Nov 28 00:00:00 MST 2005
>
>My question.
>Can update of JAVA packets to spoil work LCG?
>Best regards. Yevgeniy.
>
>
|