Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Scientific Linux: 2008-07-14 Critical Update for Java JDK 1.5.0

Scientific Large Esm H446
Critical: java (jdk 1.5.0) security update
Date: Wed, 30 Jul 2008 15:25:26 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Critical: java (jdk 1.5.0) security update
Issue date:	2008-07-14
CVE Names:	CVE-2008-1185 CVE-2008-1186 CVE-2008-1187
 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190
 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193
 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196
 CVE-2008-3103 CVE-2008-3104 CVE-2008-3107
 CVE-2008-3111 CVE-2008-3112 CVE-2008-3113
 CVE-2008-3114

Flaws in the JRE allowed an untrusted application or applet to elevate its
privileges. This could be exploited by a remote attacker to access local
files or execute local applications accessible to the user running the JRE
(CVE-2008-1185, CVE-2008-1186)

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files or execute local
applications accessible to the user running the JRE.
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)

A flaw was found in the Java Plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs. A remote attacker could use these
flaws to acesss local network services. (CVE-2008-1195)

A vulnerability was found in the Java Management Extensions (JMX)
management agent, when local monitoring is enabled. This allowed remote
attackers to perform illegal operations. (CVE-2008-3103)

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

A Java Runtime Environment (JRE) vulnerability could be triggered by an
untrusted application or applet. A remote attacker could grant an untrusted
applet extended privileges such as reading and writing local files, or
executing local programs. (CVE-2008-3107)

Several buffer overflow vulnerabilities in Java Web Start were reported.
These vulnerabilities may allow an untrusted Java Web Start application to
elevate its privileges and thereby grant itself permission to read and/or
write local files, as well as to execute local applications accessible to
the user running the untrusted application. (CVE-2008-3111)

Two file processing vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start application, was able to
create or delete arbitrary files with the permissions of the user running
the untrusted application. (CVE-2008-3112, CVE-2008-3113)

A vulnerability in Java Web Start when processing untrusted applications
was reported. An attacker was able to acquire sensitive information, such
as the cache location. (CVE-2008-3114)

SL 4.x

 SRPMS:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.src.rpm
 i386:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm
 x86_64:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm

SL 5.x

 SRPMS:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.src.rpm
 i386:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm
 x86_64:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm
jdk-1.5.0_16-fcs.x86_64.rpm

-Connie Sieh
-Troy Dawson
lastline