[THIN] Re: KB: CTX105845 - MetaFrame Presentation Server installs a JRE with a known security vulnerability
- From: "Matthew Shrewsbury" <MShrewsbury@xxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Tue, 8 Mar 2005 15:32:27 -0500
Is there any reason not to use the latest version 1.5.0? Has anyone used
1.5.0?
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Network Administrator
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Kenzig http://thethin.net
Sent: Tuesday, March 08, 2005 12:38 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] KB: CTX105845 - MetaFrame Presentation Server installs a
JRE with a known security vulnerability
CTX105845 - MetaFrame Presentation Server installs a JRE with a known
security vulnerability
This document was published at:
http://support.citrix.com/kb/entry.jspa?externalID=CTX105845
Document ID: CTX105845, Created on: Feb 11, 2005, Updated: Mar 8, 2005
Products: Citrix MetaFrame XP 1.0 for Microsoft Windows 2000, Citrix
MetaFrame XP 1.0 for Microsoft Windows 2003, Citrix MetaFrame
Presentation Server 3.0 for Microsoft Windows 2000, Citrix MetaFrame
Presentation Server 3.0 for Microsoft Windows 2003, Citrix MetaFrame XP
1.0 for Microsoft NT 4.0 Server Terminal Server Edition
Severity: Medium
Description of Problem
Some versions of MetaFrame Presentation Server for Windows install a JRE
with a known security vulnerability. For more details on the JRE
security vulnerability please refer to the following document:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1>
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
This problem affects the following versions of MetaFrame Presentation
Server for Windows:
o 1.0 - all languages / platforms.
o 1.0 FR1 - all languages / platforms.
o 1.0 FR2 - all languages / platforms.
o 1.0 FR3 - all languages / platforms.
o 3.0 - all languages / platforms.
What Customers Should Do
Citrix recommends that all customers using affected versions should
follow the instructions in the above document and upgrade the JRE to
version 1.4.2_06.
If any third-party applications have a dependency on the existing JRE
then customers should consider performing an appropriate level of
compatibility testing with the new JRE before deploying it in a
production environment.
What Citrix Is Doing
Citrix is proactively notifying customers and channel partners about
this potential security issue. An article containing the information in
this bulletin is available from the Citrix Knowledge Base at
<http://support.citrix.com/> http://support.citrix.com/.
Obtaining Support on this Issue
If you require technical assistance with this issue, please contact
Citrix Technical Support. Information for contacting Citrix Technical
Support is available at <http://support.citrix.com/>
http://support.citrix.com/.
Reporting Security Vulnerabilities to Citrix
Citrix welcomes input regarding the security of its products and
considers any and all potential vulnerabilities very seriously. If you
would like to report a security issue to Citrix, please compose an
e-mail to secure@xxxxxxxxxx containing the exact version of the product
in which the vulnerability was found and steps to reproduce the
vulnerability.
Other related posts:
