sdkp1-java-1_4_2-ibmSecurity update for IBM Java 1.4.2Security update for IBM Java 1.4.2IBM Java 1.4.2 was updated to SR10 to fix various security
issues:
- CVE-2008-1196: A buffer overflow vulnerability in Java
Web Start may allow an untrusted Java Web Start
application that is downloaded from a website to elevate
its privileges. For example, an untrusted Java Web Start
application may grant itself permissions to read and
write local files or execute local applications that are
accessible to the user running the untrusted application.
- CVE-2008-1195: A vulnerability in the Java Runtime
Environment may allow JavaScript(TM) code that is
downloaded by a browser to make connections to network
services on the system that the browser runs on, through
Java APIs, This may allow files (that are accessible
through these network services) or vulnerabilities (that
exist on these network services) which are not otherwise
normally accessible to be accessed or exploited.
- CVE-2008-1192: A vulnerability in the Java Plug-in may an
untrusted applet to bypass same origin policy and
leverage this flaw to execute local applications that are
accessible to the user running the untrusted applet.
- CVE-2008-1190: A vulnerability in Java Web Start may
allow an untrusted Java Web Start application to elevate
its privileges. For example, an application may grant
itself permissions to read and write local files or
execute local applications that are accessible to the
user running the untrusted application.
- CVE-2008-1189: A buffer overflow vulnerability in the
Java Runtime Environment may allow an untrusted applet or
application to elevate its privileges. For example, an
applet may grant itself permissions to read and write
local files or execute local applications that are
accessible to the user running the untrusted applet.
- CVE-2008-1187: A vulnerability in the Java Runtime
Environment with parsing XML data may allow an untrusted
applet or application to elevate its privileges. For
example, an applet may read certain URL resources (such
as some files and web pages).
- CVE-2007-5232: A vulnerability in the Java Runtime
Environment (JRE) with applet caching may allow an
untrusted applet that is downloaded from a malicious
website to make network connections to network services
on machines other than the one that the applet was
downloaded from. This may allow network resources (such
as web pages) and vulnerabilities (that exist on these
network services) which are not otherwise normally
accessible to be accessed or exploited.
- CVE-2007-5274: A vulnerability in the Java Runtime
Environment (JRE) may allow malicious Javascript code
that is downloaded by a browser from a malicious website
to make network connections, through Java APIs, to
network services on machines other than the one that the
Javascript code was downloaded from. This may allow
network resources (such as web pages) and vulnerabilities
(that exist on these network services) which are not
otherwise normally accessible to be accessed or exploited.
- CVE-2007-5273: A second vulnerability in the JRE may
allow an untrusted applet that is downloaded from a
malicious website through a web proxy to make network
connections to network services on machines other than
the one that the applet was downloaded from. This may
allow network resources (such as web pages) and
vulnerabilities (that exist on these network services)
which are not otherwise normally accessible to be
accessed or exploited.
- CVE-2007-5236: An untrusted Java Web Start application
may write arbitrary files with the privileges of the user
running the application.
- CVE-2007-5238: Three separate vulnerabilities may allow
an untrusted Java Web Start application to determine the
location of the Java Web Start cache.
- CVE-2007-5239: An untrusted Java Web Start application or
Java applet may move or copy arbitrary files by
requesting the user of the application or applet to drag
and drop a file from the Java Web Start application or
Java applet window.
- CVE-2007-5240: An untrusted applet may display an
over-sized window so that the applet warning banner is
not visible to the user running the untrusted
applet.
- CVE-2007-4381: A vulnerability in the font parsing code
in the Java Runtime Environment may allow an untrusted
applet to elevate its privileges. For example, an applet
may grant itself permissions to read and write local
files or execute local applications that are accessible
to the user running the untrusted applet.
- CVE-2007-3698: The Java Secure Socket Extension (JSSE)
that is included in various releases of the Java Runtime
Environment does not correctly process SSL/TLS handshake
requests. This vulnerability may be exploited to create a
Denial of Service (DoS) condition to the system as a
whole on a server that listens for SSL/TLS connections
using JSSE for SSL/TLS support.
IBM Java 1.4.2 was updated to SR10 to fix various security
issues:
- CVE-2008-1196: A buffer overflow vulnerability in Java
Web Start may allow an untrusted Java Web Start
application that is downloaded from a website to elevate
its privileges. For example, an untrusted Java Web Start
application may grant itself permissions to read and
write local files or execute local applications that are
accessible to the user running the untrusted application.
- CVE-2008-1195: A vulnerability in the Java Runtime
Environment may allow JavaScript(TM) code that is
downloaded by a browser to make connections to network
services on the system that the browser runs on, through
Java APIs, This may allow files (that are accessible
through these network services) or vulnerabilities (that
exist on these network services) which are not otherwise
normally accessible to be accessed or exploited.
- CVE-2008-1192: A vulnerability in the Java Plug-in may an
untrusted applet to bypass same origin policy and
leverage this flaw to execute local applications that are
accessible to the user running the untrusted applet.
- CVE-2008-1190: A vulnerability in Java Web Start may
allow an untrusted Java Web Start application to elevate
its privileges. For example, an application may grant
itself permissions to read and write local files or
execute local applications that are accessible to the
user running the untrusted application.
- CVE-2008-1189: A buffer overflow vulnerability in the
Java Runtime Environment may allow an untrusted applet or
application to elevate its privileges. For example, an
applet may grant itself permissions to read and write
local files or execute local applications that are
accessible to the user running the untrusted applet.
- CVE-2008-1187: A vulnerability in the Java Runtime
Environment with parsing XML data may allow an untrusted
applet or application to elevate its privileges. For
example, an applet may read certain URL resources (such
as some files and web pages).
- CVE-2007-5232: A vulnerability in the Java Runtime
Environment (JRE) with applet caching may allow an
untrusted applet that is downloaded from a malicious
website to make network connections to network services
on machines other than the one that the applet was
downloaded from. This may allow network resources (such
as web pages) and vulnerabilities (that exist on these
network services) which are not otherwise normally
accessible to be accessed or exploited.
- CVE-2007-5274: A vulnerability in the Java Runtime
Environment (JRE) may allow malicious Javascript code
that is downloaded by a browser from a malicious website
to make network connections, through Java APIs, to
network services on machines other than the one that the
Javascript code was downloaded from. This may allow
network resources (such as web pages) and vulnerabilities
(that exist on these network services) which are not
otherwise normally accessible to be accessed or exploited.
- CVE-2007-5273: A second vulnerability in the JRE may
allow an untrusted applet that is downloaded from a
malicious website through a web proxy to make network
connections to network services on machines other than
the one that the applet was downloaded from. This may
allow network resources (such as web pages) and
vulnerabilities (that exist on these network services)
which are not otherwise normally accessible to be
accessed or exploited.
- CVE-2007-5236: An untrusted Java Web Start application
may write arbitrary files with the privileges of the user
running the application.
- CVE-2007-5238: Three separate vulnerabilities may allow
an untrusted Java Web Start application to determine the
location of the Java Web Start cache.
- CVE-2007-5239: An untrusted Java Web Start application or
Java applet may move or copy arbitrary files by
requesting the user of the application or applet to drag
and drop a file from the Java Web Start application or
Java applet window.
- CVE-2007-5240: An untrusted applet may display an
over-sized window so that the applet warning banner is
not visible to the user running the untrusted
applet.
- CVE-2007-4381: A vulnerability in the font parsing code
in the Java Runtime Environment may allow an untrusted
applet to elevate its privileges. For example, an applet
may grant itself permissions to read and write local
files or execute local applications that are accessible
to the user running the untrusted applet.
- CVE-2007-3698: The Java Secure Socket Extension (JSSE)
that is included in various releases of the Java Runtime
Environment does not correctly process SSL/TLS handshake
requests. This vulnerability may be exploited to create a
Denial of Service (DoS) condition to the system as a
whole on a server that listens for SSL/TLS connections
using JSSE for SSL/TLS support.
securityjava-1_4_2-ibmi586b917e6359b051b0f47be3d2ca5c42346d6532131java-1_4_2-ibm-develi5863d14075e10b2e36eb9703cf7cd13e240a2c4421ajava-1_4_2-ibm-jdbci5868f7d058aef9b962a477698541ebba9b559ffe90ajava-1_4_2-ibm-plugini58628eacf6730dabf400c2a4fb2e0cdcfca0253116e