Note: This web site is only kept up to date for OSG Software
1.2 (VDT 2.0.0). If you are looking for information for the most recent
release, the RPM-based OSG Software 3.0, please see
the OSG documentation web site
A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges.
This advisory affects the following VDT versions:
Java 1.4.2_05 and can allow untrusted applets to gain the privileges of a trusted one. This would include reading and writing files as the user running the applet. While applets are not used in the VDT, our install process puts the VDT's java ahead of any system java in your path. Because of this, applets from outside VDT may be run with the JDK that we distribute.
For more information see Sun's security alert.
Any concerned users are encouraged to upgrade to VDT 1.2.3 or later in order to obtain a patched JDK.
Please contact firstname.lastname@example.org
if you have any questions.