slesp2-java-1_4_2-ibm

Security update for IBM Java

Security update for IBM Java

IBM Java 1.4.2 SR12 fixes the following security problems: - CVE-2008-3104: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. - CVE-2008-3112: A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. - CVE-2008-3113: A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application. - CVE-2008-3114: A vulnerability in Java Web Start may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. IBM Java 1.4.2 SR12 fixes the following security problems: - CVE-2008-3104: Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. - CVE-2008-3112: A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. - CVE-2008-3113: A vulnerability in Java Web Start may allow an untrusted Java Web Start application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application. - CVE-2008-3114: A vulnerability in Java Web Start may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. security java-1_4_2-ibm x86_64 9f6c4a1e73a86876d1035212947edfe592677851 java-1_4_2-ibm-devel x86_64 a19ae8a388bac4ef44aa8a419d95f6f0681c37b0