slesp1-java-1_4_2-sunSecurity update for Sun JavaSecurity update for Sun JavaSun Java was updated to 1.4.2u17 to fix following security
vulnerabilities:
- CVE-2008-1158: Unspecified vulnerability in the Virtual
Machine for Sun Java Runtime Environment (JRE) and JDK 6
Update 4 and earlier, 5.0 Update 14 and earlier, and
SDK/JRE 1.4.2_16 and earlier allows remote attackers
should gain privileges via an untrusted application or
applet, a different issue than CVE-2008-1186.
- CVE-2008-1186: Unspecified vulnerability in the Virtual
Machine for Sun Java Runtime Environment (JRE) and JDK
5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and
earlier, allows remote attackers to gain privileges via
an untrusted application or applet, a different issue
than CVE-2008-1185.
- CVE-2008-1187: Unspecified vulnerability in Sun Java
Runtime Environment (JRE) and JDK 6 Update 4 and earlier,
5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and
earlier allows remote attackers to cause a denial of
service (JRE crash) and possibly execute arbitrary code
via unknown vectors related to XSLT transforms.
- CVE-2008-1189: Buffer overflow in Java Web Start in Sun
JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and
earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
attackers to execute arbitrary code via unknown vectors,
a different issue than CVE-2008-1188.
- CVE-2008-1190: Unspecified vulnerability in Java Web
Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0
Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier
allows remote attackers to gain privileges via an
untrusted application, a different issue than
CVE-2008-1191.
- CVE-2008-1192: Unspecified vulnerability in the Java
Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and
5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and
earlier, and 1.3.1_21 and earlier; allows remote
attackers to bypass the same origin policy and "execute
local applications" via unknown vectors.
- CVE-2008-1195: Unspecified vulnerability in Sun JDK and
Java Runtime Environment (JRE) 6 Update 4 and earlier and
5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and
earlier; allows remote attackers to access arbitrary
network services on the local host via unspecified
vectors related to JavaScript and Java APIs.
- CVE-2008-1196: Stack-based buffer overflow in Java Web
Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and
earlier and 5.0 Update 14 and earlier; and SDK and JRE
1.4.2_16 and earlier; allows remote attackers to execute
arbitrary code via a crafted JNLP file.
Sun Java was updated to 1.4.2u17 to fix following security
vulnerabilities:
- CVE-2008-1158: Unspecified vulnerability in the Virtual
Machine for Sun Java Runtime Environment (JRE) and JDK 6
Update 4 and earlier, 5.0 Update 14 and earlier, and
SDK/JRE 1.4.2_16 and earlier allows remote attackers
should gain privileges via an untrusted application or
applet, a different issue than CVE-2008-1186.
- CVE-2008-1186: Unspecified vulnerability in the Virtual
Machine for Sun Java Runtime Environment (JRE) and JDK
5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and
earlier, allows remote attackers to gain privileges via
an untrusted application or applet, a different issue
than CVE-2008-1185.
- CVE-2008-1187: Unspecified vulnerability in Sun Java
Runtime Environment (JRE) and JDK 6 Update 4 and earlier,
5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and
earlier allows remote attackers to cause a denial of
service (JRE crash) and possibly execute arbitrary code
via unknown vectors related to XSLT transforms.
- CVE-2008-1189: Buffer overflow in Java Web Start in Sun
JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and
earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
attackers to execute arbitrary code via unknown vectors,
a different issue than CVE-2008-1188.
- CVE-2008-1190: Unspecified vulnerability in Java Web
Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0
Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier
allows remote attackers to gain privileges via an
untrusted application, a different issue than
CVE-2008-1191.
- CVE-2008-1192: Unspecified vulnerability in the Java
Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and
5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and
earlier, and 1.3.1_21 and earlier; allows remote
attackers to bypass the same origin policy and "execute
local applications" via unknown vectors.
- CVE-2008-1195: Unspecified vulnerability in Sun JDK and
Java Runtime Environment (JRE) 6 Update 4 and earlier and
5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and
earlier; allows remote attackers to access arbitrary
network services on the local host via unspecified
vectors related to JavaScript and Java APIs.
- CVE-2008-1196: Stack-based buffer overflow in Java Web
Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and
earlier and 5.0 Update 14 and earlier; and SDK and JRE
1.4.2_16 and earlier; allows remote attackers to execute
arbitrary code via a crafted JNLP file.
securityjava-1_4_2-suni586eadf251e3e72f4617371734cd1ee34695eae9d7fjava-1_4_2-sun-alsai5869d4f705fea32f675b4f5e6d590348f462d239091java-1_4_2-sun-develi58645e46c138aba3e10c4d1fbcc0af18da6e2abf30ajava-1_4_2-sun-jdbci586ea1dec98901846e74a75ba30b5e925342b8ce1fcjava-1_4_2-sun-plugini586557ab7cd1b47e606672112650ff5993926d8d5d6