sledp2-java-1_5_0-ibmSecurity update for IBM Java 1.5.0Security update for IBM Java 1.5.0IBM Java 5 was updated to SR8 to fix various security
issues:
CVE-2008-3104: Multiple vulnerabilities with unsigned
applets were reported. A remote attacker could misuse an
unsigned applet to connect to localhost services running on
the host running the applet.
CVE-2008-3106: A vulnerability in the XML processing API
was found. A remote attacker who caused malicious XML to be
processed by an untrusted applet or application was able to
elevate permissions to access URLs on a remote host.
CVE-2008-3108: A buffer overflow vulnerability was found in
the font processing code. This allowed remote attackers to
extend the permissions of an untrusted applet or
application, allowing it to read and/or write local files,
as well as to execute local applications accessible to the
user running the untrusted application.
CVE-2008-3111: Several buffer overflow vulnerabilities in
Java Web Start were reported. These vulnerabilities
allowed an untrusted Java Web Start application to elevate
its privileges, allowing it to read and/or write local
files, as well as to execute local applications accessible
to the user running the untrusted application.
CVE-2008-3112, CVE-2008-3113: Two file processing
vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start
application, was able to create or delete arbitrary files
with the permissions of the user running the untrusted
application.
CVE-2008-3114: A vulnerability in Java Web Start when
processing untrusted applications was reported. An attacker
was able to acquire sensitive information, such as the
cache location.
IBM Java 5 was updated to SR8 to fix various security
issues:
CVE-2008-3104: Multiple vulnerabilities with unsigned
applets were reported. A remote attacker could misuse an
unsigned applet to connect to localhost services running on
the host running the applet.
CVE-2008-3106: A vulnerability in the XML processing API
was found. A remote attacker who caused malicious XML to be
processed by an untrusted applet or application was able to
elevate permissions to access URLs on a remote host.
CVE-2008-3108: A buffer overflow vulnerability was found in
the font processing code. This allowed remote attackers to
extend the permissions of an untrusted applet or
application, allowing it to read and/or write local files,
as well as to execute local applications accessible to the
user running the untrusted application.
CVE-2008-3111: Several buffer overflow vulnerabilities in
Java Web Start were reported. These vulnerabilities
allowed an untrusted Java Web Start application to elevate
its privileges, allowing it to read and/or write local
files, as well as to execute local applications accessible
to the user running the untrusted application.
CVE-2008-3112, CVE-2008-3113: Two file processing
vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start
application, was able to create or delete arbitrary files
with the permissions of the user running the untrusted
application.
CVE-2008-3114: A vulnerability in Java Web Start when
processing untrusted applications was reported. An attacker
was able to acquire sensitive information, such as the
cache location.
securityjava-1_5_0-ibmx86_648664f3aee2755705d3bb5fa4abb5202fd52f03b3java-1_5_0-ibm-32bitx86_647eda3de1de4109c8e5870b439edcb6ed0beaacc2java-1_5_0-ibm-alsa-32bitx86_64595d8c2a8226dc628d0b3f1bfdd6b54fbb6ea831java-1_5_0-ibm-demox86_640fabdae9de12783c20e9cd8d57d7cbcedc68f392java-1_5_0-ibm-develx86_64a34e95ac1483753abd98f02e9fc1d128cbb95184java-1_5_0-ibm-devel-32bitx86_64ea19b895108e44cbe14c816da21a7447a4318a0djava-1_5_0-ibm-srcx86_645e6eb90e6881607bda32fae3b9723ca691480362