sledp2-java-1_5_0-ibmSecurity update for IBM Java 1.5Security update for IBM Java 1.5IBM Java 5 was updated to SR8 to fix various security
issues:
CVE-2008-3104: Multiple vulnerabilities with unsigned
applets were reported. A remote attacker could misuse an
unsigned applet to connect to localhost services running on
the host running the applet.
CVE-2008-3106: A vulnerability in the XML processing API
was found. A remote attacker who caused malicious XML to be
processed by an untrusted applet or application was able to
elevate permissions to access URLs on a remote host.
CVE-2008-3108: A buffer overflow vulnerability was found in
the font processing code. This allowed remote attackers to
extend the permissions of an untrusted applet or
application, allowing it to read and/or write local files,
as well as to execute local applications accessible to the
user running the untrusted application.
CVE-2008-3111: Several buffer overflow vulnerabilities in
Java Web Start were reported. These vulnerabilities
allowed an untrusted Java Web Start application to elevate
its privileges, allowing it to read and/or write local
files, as well as to execute local applications accessible
to the user running the untrusted application.
CVE-2008-3112, CVE-2008-3113: Two file processing
vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start
application, was able to create or delete arbitrary files
with the permissions of the user running the untrusted
application.
CVE-2008-3114: A vulnerability in Java Web Start when
processing untrusted applications was reported. An attacker
was able to acquire sensitive information, such as the
cache location.
This release also reinstates previous Crypto Export policy
jars lost between SR3 and SR8.
IBM Java 5 was updated to SR8 to fix various security
issues:
CVE-2008-3104: Multiple vulnerabilities with unsigned
applets were reported. A remote attacker could misuse an
unsigned applet to connect to localhost services running on
the host running the applet.
CVE-2008-3106: A vulnerability in the XML processing API
was found. A remote attacker who caused malicious XML to be
processed by an untrusted applet or application was able to
elevate permissions to access URLs on a remote host.
CVE-2008-3108: A buffer overflow vulnerability was found in
the font processing code. This allowed remote attackers to
extend the permissions of an untrusted applet or
application, allowing it to read and/or write local files,
as well as to execute local applications accessible to the
user running the untrusted application.
CVE-2008-3111: Several buffer overflow vulnerabilities in
Java Web Start were reported. These vulnerabilities
allowed an untrusted Java Web Start application to elevate
its privileges, allowing it to read and/or write local
files, as well as to execute local applications accessible
to the user running the untrusted application.
CVE-2008-3112, CVE-2008-3113: Two file processing
vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start
application, was able to create or delete arbitrary files
with the permissions of the user running the untrusted
application.
CVE-2008-3114: A vulnerability in Java Web Start when
processing untrusted applications was reported. An attacker
was able to acquire sensitive information, such as the
cache location.
This release also reinstates previous Crypto Export policy
jars lost between SR3 and SR8.
securityjava-1_5_0-ibmi58652f9df4c426ea2a15b050f47e2790146101a6100java-1_5_0-ibm-alsai586992b8d2594bb69729da256452e9bb6e8036882acjava-1_5_0-ibm-demoi5862a02ea5a9a603d9a1bc01548530af70b1296e70fjava-1_5_0-ibm-develi58689d18c47be6f2cb33240f85c0a813579e702bd9cjava-1_5_0-ibm-jdbci586281bcf714ad6238cedf05f14a496ff69e2fe4405java-1_5_0-ibm-plugini58699710b0caf8246627365212ee569a18ed6c27b75java-1_5_0-ibm-srci586509ec8740fd497002b77a54f5b7a67afb41fdc24