slesp2-java-1_5_0-ibmSecurity update for IBM Java 5Security update for IBM Java 5The update brings IBM Java 5 to SR9-SSU.
It fixes a lot of security issues: CVE-2009-1100: A
vulnerability in the Java Runtime Environment (JRE) with
storing temporary font files may allow an untrusted applet
or application to consume a disproportionate amount of disk
space resulting in a denial-of-service condition.
CVE-2009-1100: A vulnerability in the Java Runtime
Environment (JRE) with processing temporary font files may
allow an untrusted applet or application to retain
temporary files resulting in a denial-of-service condition.
CVE-2009-1103: A vulnerability in the Java Plug-in with
deserializing applets may allow an untrusted applet to
escalate privileges. For example, an untrusted applet may
grant itself permissions to read and write local files or
execute local applications that are accessible to the user
running the untrusted applet.
CVE-2009-1104: The Java Plug-in allows Javascript code that
is loaded from the localhost to connect to any port on the
system. This may be leveraged together with XSS
vulnerabilities in a blended attack to access other
applications listening on ports other than the one where
the Javascript code was served from.
CVE-2009-1093: A vulnerability in the Java Runtime
Environment (JRE) with initializing LDAP connections may be
exploited by a remote client to cause a denial-of-service
condition on the LDAP service.
CVE-2009-1094: A vulnerability in Java Runtime Environment
LDAP client implementation may allow malicious data from an
LDAP server to cause malicious code to be unexpectedly
loaded and executed on an LDAP client.
CVE-2009-1107: The Java Plugin displays a warning dialog
for signed applets. A signed applet can obscure the
contents of the dialog and trick a user into trusting the
applet.
CVE-2009-1095 CVE-2009-1096: Buffer overflow
vulnerabilities in the Java Runtime Environment (JRE) with
unpacking applets and Java Web Start applications using the
unpack200 JAR unpacking utility may allow an untrusted
applet or application to escalate privileges. For example,
an untrusted applet may grant itself permissions to read
and write local files or execute local applications that
are accessible to the user running the untrusted applet.
CVE-2009-1098: A buffer overflow vulnerability in the Java
Runtime Environment with processing GIF images may allow an
untrusted applet or Java Web Start application to escalate
privileges. For example, an untrusted applet may grant
itself permissions to read and write local files or execute
local applications that are accessible to the user running
the untrusted applet.
CVE-2009-1099: A buffer overflow vulnerability in the Java
Runtime Environment with processing fonts may allow an
untrusted applet or Java Web Start application to escalate
privileges. For example, an untrusted applet may grant
itself permissions to read and write local files or execute
local applications that are accessible to the user running
the untrusted applet.
The update brings IBM Java 5 to SR9-SSU.
It fixes a lot of security issues: CVE-2009-1100: A
vulnerability in the Java Runtime Environment (JRE) with
storing temporary font files may allow an untrusted applet
or application to consume a disproportionate amount of disk
space resulting in a denial-of-service condition.
CVE-2009-1100: A vulnerability in the Java Runtime
Environment (JRE) with processing temporary font files may
allow an untrusted applet or application to retain
temporary files resulting in a denial-of-service condition.
CVE-2009-1103: A vulnerability in the Java Plug-in with
deserializing applets may allow an untrusted applet to
escalate privileges. For example, an untrusted applet may
grant itself permissions to read and write local files or
execute local applications that are accessible to the user
running the untrusted applet.
CVE-2009-1104: The Java Plug-in allows Javascript code that
is loaded from the localhost to connect to any port on the
system. This may be leveraged together with XSS
vulnerabilities in a blended attack to access other
applications listening on ports other than the one where
the Javascript code was served from.
CVE-2009-1093: A vulnerability in the Java Runtime
Environment (JRE) with initializing LDAP connections may be
exploited by a remote client to cause a denial-of-service
condition on the LDAP service.
CVE-2009-1094: A vulnerability in Java Runtime Environment
LDAP client implementation may allow malicious data from an
LDAP server to cause malicious code to be unexpectedly
loaded and executed on an LDAP client.
CVE-2009-1107: The Java Plugin displays a warning dialog
for signed applets. A signed applet can obscure the
contents of the dialog and trick a user into trusting the
applet.
CVE-2009-1095 CVE-2009-1096: Buffer overflow
vulnerabilities in the Java Runtime Environment (JRE) with
unpacking applets and Java Web Start applications using the
unpack200 JAR unpacking utility may allow an untrusted
applet or application to escalate privileges. For example,
an untrusted applet may grant itself permissions to read
and write local files or execute local applications that
are accessible to the user running the untrusted applet.
CVE-2009-1098: A buffer overflow vulnerability in the Java
Runtime Environment with processing GIF images may allow an
untrusted applet or Java Web Start application to escalate
privileges. For example, an untrusted applet may grant
itself permissions to read and write local files or execute
local applications that are accessible to the user running
the untrusted applet.
CVE-2009-1099: A buffer overflow vulnerability in the Java
Runtime Environment with processing fonts may allow an
untrusted applet or Java Web Start application to escalate
privileges. For example, an untrusted applet may grant
itself permissions to read and write local files or execute
local applications that are accessible to the user running
the untrusted applet.
securityjava-1_5_0-ibmx86_64b8ada43d72ba9cadf88c46d9c6e842aec964d2d5java-1_5_0-ibm-32bitx86_6418aaef8133f9b6bae8c20afbbc11164f68d6af40java-1_5_0-ibm-alsa-32bitx86_64e5df62927a00222039a4c4fc6b6f64ca145bccabjava-1_5_0-ibm-develx86_649396f75efd253006c74c038a20e44743c6ca60f3java-1_5_0-ibm-devel-32bitx86_64982bee4a7de4a56240bf89daf330c526ce859237java-1_5_0-ibm-fontsx86_64d2aa9eb7bf8b48af3f267f17c2da15c90b4e0089