sledp2-java-1_5_0-ibmSecurity update for IBM Java 1.5.0Security update for IBM Java 1.5.0IBM Java 5 was updated to SR8 to fix various security
issues:
CVE-2008-3104: Multiple vulnerabilities with unsigned
applets were reported. A remote attacker could misuse an
unsigned applet to connect to localhost services running on
the host running the applet.
CVE-2008-3106: A vulnerability in the XML processing API
was found. A remote attacker who caused malicious XML to be
processed by an untrusted applet or application was able to
elevate permissions to access URLs on a remote host.
CVE-2008-3108: A buffer overflow vulnerability was found in
the font processing code. This allowed remote attackers to
extend the permissions of an untrusted applet or
application, allowing it to read and/or write local files,
as well as to execute local applications accessible to the
user running the untrusted application.
CVE-2008-3111: Several buffer overflow vulnerabilities in
Java Web Start were reported. These vulnerabilities
allowed an untrusted Java Web Start application to elevate
its privileges, allowing it to read and/or write local
files, as well as to execute local applications accessible
to the user running the untrusted application.
CVE-2008-3112, CVE-2008-3113: Two file processing
vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start
application, was able to create or delete arbitrary files
with the permissions of the user running the untrusted
application.
CVE-2008-3114: A vulnerability in Java Web Start when
processing untrusted applications was reported. An attacker
was able to acquire sensitive information, such as the
cache location.
IBM Java 5 was updated to SR8 to fix various security
issues:
CVE-2008-3104: Multiple vulnerabilities with unsigned
applets were reported. A remote attacker could misuse an
unsigned applet to connect to localhost services running on
the host running the applet.
CVE-2008-3106: A vulnerability in the XML processing API
was found. A remote attacker who caused malicious XML to be
processed by an untrusted applet or application was able to
elevate permissions to access URLs on a remote host.
CVE-2008-3108: A buffer overflow vulnerability was found in
the font processing code. This allowed remote attackers to
extend the permissions of an untrusted applet or
application, allowing it to read and/or write local files,
as well as to execute local applications accessible to the
user running the untrusted application.
CVE-2008-3111: Several buffer overflow vulnerabilities in
Java Web Start were reported. These vulnerabilities
allowed an untrusted Java Web Start application to elevate
its privileges, allowing it to read and/or write local
files, as well as to execute local applications accessible
to the user running the untrusted application.
CVE-2008-3112, CVE-2008-3113: Two file processing
vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start
application, was able to create or delete arbitrary files
with the permissions of the user running the untrusted
application.
CVE-2008-3114: A vulnerability in Java Web Start when
processing untrusted applications was reported. An attacker
was able to acquire sensitive information, such as the
cache location.
securityjava-1_5_0-ibmi586facafb09a789b091a0550816761b19445703ddc7java-1_5_0-ibm-alsai586f68f376586822d70c8fbaeb92288e568b1643392java-1_5_0-ibm-demoi5869066ad3b2d0506f7fe1554bfd27172a4cdb64a89java-1_5_0-ibm-develi58654cbe2bec7d51dfa09114b8458c3bd077ea87646java-1_5_0-ibm-jdbci5864fab75e0c18884c77bc0f7810a479ccde714e2b4java-1_5_0-ibm-plugini58604e64db78a6b88cf4d81dfd08b3bbaea3cbfc316java-1_5_0-ibm-srci58603acacb0b9f1991c59b6eb416d6d9cac4e0551a7