It fixes several security issues, seven of which were found by me in May.
There will be some post on this blog describing the issues and an impact analysis.
In particular the issues are in order of impact the following:
- Information Disclosure:
- 17364779 NETWORKINTERFACE HASHCODE PROBLEM
- 17322679 JAVA APPLET DNS IP DISCLOSURE
- User Assisted Arbitrary Execution:
- 17322757 ZERO TERMINATOR ALLOWS JNLP SHORTCUTS
- 17322755 NEW LINES IN JNLP TITLE ARE COPIED INTO LNK FILES
- Network and WEB Attacks:
20th Apr - 6 May 2010: Advisories sent to Oracle
25th June 2010: Oracle Confirms all issues
12 Oct 2010: Java update 22 released which fixes 7 out of 10 issues.
11-20 Oct 2010: Minded Security Advisories publicly disclosed.
All the issues were found by Stefano Di Paola of Minded Security