sdkp1-java-1_4_2-ibmSecurity update for IBM Java 1.4.2Security update for IBM Java 1.4.2The IBM Java JRE/SDK has been brought to release 1.4.2 SR9,
containing several bugfixes, including the following
security fixes:
- CVE-2007-2788,CVE-2007-2789,CVE-2007-3004,CVE-2007-3005:
A buffer overflow vulnerability in the image parsing code
in the Java(TM) Runtime Environment may allow an
untrusted applet or application to elevate its
privileges. For example, an applet may grant itself
permissions to read and write local files or execute
local applications that are accessible to the user
running the untrusted applet.
A second vulnerability may allow an untrusted applet or
application to cause the Java Virtual Machine to hang.
- CVE-2007-3655: A buffer overflow vulnerability in the
Java Web Start URL parsing code may allow an untrusted
application to elevate its privileges. For example, an
application may grant itself permissions to read and
write local files or execute local applications with the
privileges of the user running the Java Web Start
application.
- CVE-2007-3922: A security vulnerability in the Java
Runtime Environment Applet Class Loader may allow an
untrusted applet that is loaded from a remote system to
circumvent network access restrictions and establish
socket connections to certain services running on the
local host, as if it were loaded from the system that the
applet is running on. This may allow the untrusted remote
applet the ability to exploit any security
vulnerabilities existing in the services it has connected
to.
For more information see:
http://www-128.ibm.com/developerworks/java/jdk/alerts/
The IBM Java JRE/SDK has been brought to release 1.4.2 SR9,
containing several bugfixes, including the following
security fixes:
- CVE-2007-2788,CVE-2007-2789,CVE-2007-3004,CVE-2007-3005:
A buffer overflow vulnerability in the image parsing code
in the Java(TM) Runtime Environment may allow an
untrusted applet or application to elevate its
privileges. For example, an applet may grant itself
permissions to read and write local files or execute
local applications that are accessible to the user
running the untrusted applet.
A second vulnerability may allow an untrusted applet or
application to cause the Java Virtual Machine to hang.
- CVE-2007-3655: A buffer overflow vulnerability in the
Java Web Start URL parsing code may allow an untrusted
application to elevate its privileges. For example, an
application may grant itself permissions to read and
write local files or execute local applications with the
privileges of the user running the Java Web Start
application.
- CVE-2007-3922: A security vulnerability in the Java
Runtime Environment Applet Class Loader may allow an
untrusted applet that is loaded from a remote system to
circumvent network access restrictions and establish
socket connections to certain services running on the
local host, as if it were loaded from the system that the
applet is running on. This may allow the untrusted remote
applet the ability to exploit any security
vulnerabilities existing in the services it has connected
to.
For more information see:
http://www-128.ibm.com/developerworks/java/jdk/alerts/
securityjava-1_4_2-ibmx86_644069b6ff730b3a5f6dee6b3884fd44bffa038beajava-1_4_2-ibm-develx86_64999d910ebe52d087da66b2d2084300179f017ff4