Feeds

Sun and VMWare updates keep sysadmins busy

Patched quilt

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Security updates from Sun and VMware make it a busy day for patching on Thursday.

Sun Java 6.0 Update 11 addresses multiple security and performance bugs in Java Runtime Environment and Java SE Development software, as explained in release notes from Sun here. The one-line descriptions of the 18 bugs addressed by the update, published on Wednesday, make drawing too many conclusions about their seriousness tricky.

Some of the descriptions link to more details which show that the most severe "high-risk" flaws involve "serious rendering issues on Nvidia boards with driver version 178.13 on Vista", as well as bugs in JTree, JFileChooser and IM Candidate, among other components. Multiple bugs in Java plugins also earn the high-risk badge.

The release notes from Sun make for a dense read but are the best reference point on the update. Summaries from US-CERT and the Internet Storm Centre published thus far simply link back to Sun's advisory.

VMWare separately published a security advisory on Tuesday that addresses two potentially serious security vulnerabilities affecting a range of products from the virtualisation vendor. The first bug involves a critical memory corruption flaw in virtual device hardware, while the other concerns flaws in bzip2, a service console package. Bugs in the package mean applications that use it are liable to crash when decompressing malformed archives. The two flaws affect various versions of VMware Workstation, Player, Server, ESX and ESX(i). Patches for affected versions are largely available, with a couple of exceptions. The patching matrix is fairly complicated and best explained by reference to VMWare's advisory here.

VMWare also, on Tuesday, revised a security advisory first published in October. Updated ESX packages for libxml2, ucd-snmp, libtiff are now available for version 3.5 of the enterprise virtualisation product, it said. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.