Comment 3 for bug 659937

(Adding advisory information from @RISK: The Consensus Security Vulnerability Alert Vol. 9 No. 42)
(2) HIGH: Oracle Java Multiple Vulnerabilities
Affected:
JDK and JRE 6 Update 21 and earlier for Windows, Solaris, and Linux Java SE
JDK 5.0 Update 25 and earlier for Solaris Java SE
SDK 1.4.2_27 and earlier for Solaris Java SE
JDK and JRE 6 Update 21 and earlier for Windows, Solaris and Linux Java for Business
JDK and JRE 5.0 Update 25 and earlier for Windows, Solaris and Linux Java for Business
SDK and JRE 1.4.2_27 and earlier for Windows, Solaris and Linux Java for Business

Description: Oracle has recently released a critical update addressing
multiple security vulnerabilities. According to Oracle, the patch
addresses 29 vulnerabilities, 28 of which could lead to code execution.
Some of these vulnerabilities exist because of flaws in the low-level
implementation of the Java Runtime Environment (JRE). Although Java is
intended to be type safe, low-level code sometimes writes user-defined
strings to C buffers, giving an attacker the opportunity to overwrite
return addresses and execute code. Vulnerabilities like these allow Java
applets, which start without user interaction when a target navigates
to a malicious site, to execute with the permissions of the Java process
running them. Normally applets run with restricted privileges.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.oracle.com
Oracle Update Advisory - October 2010
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
SecurityFocus Bugtraq IDs
http://www.securityfocus.com/bid/36935
http://www.securityfocus.com/bid/40235
http://www.securityfocus.com/bid/43965
http://www.securityfocus.com/bid/43971
http://www.securityfocus.com/bid/43979
http://www.securityfocus.com/bid/43985
http://www.securityfocus.com/bid/43988
http://www.securityfocus.com/bid/43992
http://www.securityfocus.com/bid/43994
http://www.securityfocus.com/bid/43999
http://www.securityfocus.com/bid/44009
http://www.securityfocus.com/bid/44011
http://www.securityfocus.com/bid/44012
http://www.securityfocus.com/bid/44013
http://www.securityfocus.com/bid/44013
http://www.securityfocus.com/bid/44014
http://www.securityfocus.com/bid/44016
http://www.securityfocus.com/bid/44017
http://www.securityfocus.com/bid/44020
http://www.securityfocus.com/bid/44020
http://www.securityfocus.com/bid/44021
http://www.securityfocus.com/bid/44023
http://www.securityfocus.com/bid/44024
http://www.securityfocus.com/bid/44026
http://www.securityfocus.com/bid/44027
http://www.securityfocus.com/bid/44028
http://www.securityfocus.com/bid/44030
http://www.securityfocus.com/bid/44032
http://www.securityfocus.com/bid/44035
http://www.securityfocus.com/bid/44038
http://www.securityfocus.com/bid/44038
http://www.securityfocus.com/bid/44040
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-10-202/
http://www.zerodayinitiative.com/advisories/ZDI-10-203/
http://www.zerodayinitiative.com/advisories/ZDI-10-204/
http://www.zerodayinitiative.com/advisories/ZDI-10-205/
http://www.zerodayinitiative.com/advisories/ZDI-10-206/
http://www.zerodayinitiative.com/advisories/ZDI-10-207/
http://www.zerodayinitiative.com/advisories/ZDI-10-208/