[THIN] KB: CTX105845 - MetaFrame Presentation Server installs a JRE with a known security vulnerability
- From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Tue, 8 Mar 2005 09:37:39 -0800 (PST)
CTX105845 - MetaFrame Presentation Server installs a JRE with a known security
vulnerability
This document was published at:
http://support.citrix.com/kb/entry.jspa?externalID=CTX105845
Document ID: CTX105845, Created on: Feb 11, 2005, Updated: Mar 8, 2005
Products: Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix MetaFrame
XP 1.0 for Microsoft Windows 2003, Citrix MetaFrame Presentation Server 3.0 for
Microsoft Windows 2000, Citrix MetaFrame Presentation Server 3.0 for Microsoft
Windows 2003, Citrix MetaFrame XP 1.0 for Microsoft NT 4.0 Server Terminal
Server Edition
Severity: Medium
Description of Problem
Some versions of MetaFrame Presentation Server for Windows install a JRE with a
known security vulnerability. For more details on the JRE security
vulnerability please refer to the following document:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
This problem affects the following versions of MetaFrame Presentation Server
for Windows:
o 1.0 ? all languages / platforms.
o 1.0 FR1 ? all languages / platforms.
o 1.0 FR2 ? all languages / platforms.
o 1.0 FR3 ? all languages / platforms.
o 3.0 ? all languages / platforms.
What Customers Should Do
Citrix recommends that all customers using affected versions should follow the
instructions in the above document and upgrade the JRE to version 1.4.2_06.
If any third-party applications have a dependency on the existing JRE then
customers should consider performing an appropriate level of compatibility
testing with the new JRE before deploying it in a production environment.
What Citrix Is Doing
Citrix is proactively notifying customers and channel partners about this
potential security issue. An article containing the information in this
bulletin is available from the Citrix Knowledge Base at
http://support.citrix.com/.
Obtaining Support on this Issue
If you require technical assistance with this issue, please contact Citrix
Technical Support. Information for contacting Citrix Technical Support is
available at http://support.citrix.com/.
Reporting Security Vulnerabilities to Citrix
Citrix welcomes input regarding the security of its products and considers any
and all potential vulnerabilities very seriously. If you would like to report a
security issue to Citrix, please compose an e-mail to secure@xxxxxxxxxx
containing the exact version of the product in which the vulnerability was
found and steps to reproduce the vulnerability.
Other related posts:
