slesp1-java-1_4_2-sunSecurity update for Sun Java 1.4.2Security update for Sun Java 1.4.2The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix
various bugs, including the following security bugs:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
079-1
CVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12
and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and
JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for
an applet's outbound connections via a DNS rebinding attack.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
073-1
CVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update
12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on
Windows does not properly enfor ce access restrictions for
untrusted applications, which allows user-assisted remote
attackers to read local files via an untrusted applica tion.
CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2
and earlier does not properly enforce access restrictions
for untrusted applications, which allows user-assisted
remote attackers to read and modify local files via an
untrusted application, aka "two vulnerabilities".
CVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2
and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK
and JRE 1.4.2_15 and earlier does not properly enforce
access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive
information (the Java Web Start cache location) via an
untrusted application, aka "three vulnerabilities."
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
072-1
CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2
and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and
JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and
earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows
user-assisted remote attackers to copy or rename arbitrary
files when local users perform drag-and-drop operations
from the untrusted application or applet window onto
certain types of desktop applications.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
071-1
CVE-2007-5240: Visual truncation vulnerability in the Java
Runtime Environment in Sun JDK and JRE 6 Update 2 and
earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE
1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier
allows remote attackers to circumvent display of the
untrusted-code warning banner by creating a window larger
than the workstation screen.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
078-1
CVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12
and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and
JRE 1.3.1_20 and earlier, when an HTTP proxy server is
used, allows remote attackers to violate the security model
for an applet's outbound connections via a multi-pin DNS
rebinding attack in which the applet download relies on DNS
resolution on the proxy server, but the applet's socket
operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274.
CVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12
and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and
JRE 1.3.1_20 and earlier, when Firefox or Opera is used,
allows remote attackers to violate the security model for
JavaScript outbound connections via a multi-pin DNS
rebinding attack dependent on the LiveConnect API, in which
JavaScript download relies on DNS resolution by the
browser, but JavaScript socket operations rely on separate
DNS resolution by a Java Virtual Machine (JVM), a different
issue than CVE-2007-5273.
The Sun JAVA JDK 1.4.2 was upgraded to release 16 to fix
various bugs, including the following security bugs:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
079-1
CVE-2007-5232: Sun Java Runtime Environment (JRE) in JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12
and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and
JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for
an applet's outbound connections via a DNS rebinding attack.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
073-1
CVE-2007-5236: Java Web Start in Sun JDK and JRE 5.0 Update
12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on
Windows does not properly enfor ce access restrictions for
untrusted applications, which allows user-assisted remote
attackers to read local files via an untrusted applica tion.
CVE-2007-5237: Java Web Start in Sun JDK and JRE 6 Update 2
and earlier does not properly enforce access restrictions
for untrusted applications, which allows user-assisted
remote attackers to read and modify local files via an
untrusted application, aka "two vulnerabilities".
CVE-2007-5238: Java Web Start in Sun JDK and JRE 6 Update 2
and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK
and JRE 1.4.2_15 and earlier does not properly enforce
access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive
information (the Java Web Start cache location) via an
untrusted application, aka "three vulnerabilities."
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
072-1
CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2
and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and
JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and
earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows
user-assisted remote attackers to copy or rename arbitrary
files when local users perform drag-and-drop operations
from the untrusted application or applet window onto
certain types of desktop applications.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
071-1
CVE-2007-5240: Visual truncation vulnerability in the Java
Runtime Environment in Sun JDK and JRE 6 Update 2 and
earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE
1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier
allows remote attackers to circumvent display of the
untrusted-code warning banner by creating a window larger
than the workstation screen.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103
078-1
CVE-2007-5273: Sun Java Runtime Environment (JRE) in JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12
and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and
JRE 1.3.1_20 and earlier, when an HTTP proxy server is
used, allows remote attackers to violate the security model
for an applet's outbound connections via a multi-pin DNS
rebinding attack in which the applet download relies on DNS
resolution on the proxy server, but the applet's socket
operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274.
CVE-2007-5274: Sun Java Runtime Environment (JRE) in JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12
and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and
JRE 1.3.1_20 and earlier, when Firefox or Opera is used,
allows remote attackers to violate the security model for
JavaScript outbound connections via a multi-pin DNS
rebinding attack dependent on the LiveConnect API, in which
JavaScript download relies on DNS resolution by the
browser, but JavaScript socket operations rely on separate
DNS resolution by a Java Virtual Machine (JVM), a different
issue than CVE-2007-5273.
securityjava-1_4_2-suni586d894109029b9bb1b233505e96df1777cb70e1f29java-1_4_2-sun-alsai586e63df9722720e84a52ea8d6a9c9448cada61faefjava-1_4_2-sun-develi586990bc89c0a0dbbba103f294bbb77a3f583de5345java-1_4_2-sun-jdbci586634e615494b3d5883e92c7bd7097b8df2fb8e3d8java-1_4_2-sun-plugini5868b3b04a1850d24fc35ae62115ae5a847aac597d7