sledp3-java-1_5_0-ibm

Security update for IBM Java 1.5.0

Security update for IBM Java 1.5.0

IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). CVE-2009-3876 / CVE-2009-3877: A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3868: A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3872: An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3873: A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3875: A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. CVE-2009-3869: A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3871: A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3874: An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. CVE-2009-2493: The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. Please also see http://www.ibm.com/developerworks/java/jdk/alerts/ IBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). CVE-2009-3876 / CVE-2009-3877: A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3868: A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3872: An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3873: A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3875: A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. CVE-2009-3869: A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3871: A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. CVE-2009-3874: An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. CVE-2009-2493: The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. Please also see http://www.ibm.com/developerworks/java/jdk/alerts/ security java-1_5_0-ibm i586 6a511e63b971f87d4002fe54f05802eee032adb9 java-1_5_0-ibm-demo i586 5c62e8f26efd9a239dee980fb13e282f0733d9b1 java-1_5_0-ibm-devel i586 5524ce248218620786f6df326b2e5f1b88d0edc7 java-1_5_0-ibm-fonts i586 0fc82d185a1bd59c569806609fdc0d087b9d3358 java-1_5_0-ibm-jdbc i586 c1d2040ca14960a6ced01b143bdb2049d30df337 java-1_5_0-ibm-plugin i586 3144aa79d6229a7afd60f68c39fbaa0e413c0743 java-1_5_0-ibm-src i586 3e828287153f1f5c8f5c7a1f710f98bd54b6aee3