What Are You Looking For?

Sign Up
Date:         Wed, 30 Jul 2008 15:25:26 -0500
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Critical: java (jdk 1.5.0) security update
Issue date:	2008-07-14
CVE Names:	CVE-2008-1185 CVE-2008-1186 CVE-2008-1187
                 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190
                 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193
                 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196
                 CVE-2008-3103 CVE-2008-3104 CVE-2008-3107
                 CVE-2008-3111 CVE-2008-3112 CVE-2008-3113
                 CVE-2008-3114

Flaws in the JRE allowed an untrusted application or applet to elevate its
privileges. This could be exploited by a remote attacker to access local
files or execute local applications accessible to the user running the JRE
(CVE-2008-1185, CVE-2008-1186)

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files or execute local
applications accessible to the user running the JRE.
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)

A flaw was found in the Java Plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)

A flaw was found in the JRE color management library.  An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs.  A remote attacker could use these
flaws to acesss local network services. (CVE-2008-1195)

A vulnerability was found in the Java Management Extensions (JMX)
management agent, when local monitoring is enabled. This allowed remote
attackers to perform illegal operations. (CVE-2008-3103)

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

A Java Runtime Environment (JRE) vulnerability could be triggered by an
untrusted application or applet. A remote attacker could grant an untrusted
applet extended privileges such as reading and writing local files, or
executing local programs. (CVE-2008-3107)

Several buffer overflow vulnerabilities in Java Web Start were reported.
These vulnerabilities may allow an untrusted Java Web Start application to
elevate its privileges and thereby grant itself permission to read and/or
write local files, as well as to execute local applications accessible to
the user running the untrusted application. (CVE-2008-3111)

Two file processing vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start application, was able to
create or delete arbitrary files with the permissions of the user running
the untrusted application. (CVE-2008-3112, CVE-2008-3113)

A vulnerability in Java Web Start when processing untrusted applications
was reported. An attacker was able to acquire sensitive information, such
as the cache location. (CVE-2008-3114)

SL 4.x

     SRPMS:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.src.rpm
     i386:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm
     x86_64:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm

SL 5.x

     SRPMS:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.src.rpm
     i386:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm
     x86_64:
java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.noarch.rpm
jdk-1.5.0_16-fcs.i586.rpm
jdk-1.5.0_16-fcs.x86_64.rpm

-Connie Sieh
-Troy Dawson
lastline

SciLinux: CVE-2008-1185 java (jdk 1.5.0) SL4.x, SL5.x i386/x86_64

Critical: java (jdk 1.5.0) security update

Summary

Date:         Wed, 30 Jul 2008 15:25:26 -0500Reply-To:     Troy Dawson Sender:       Security Errata for Scientific Linux              From:         Troy Dawson Subject:      Security ERRATA for java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov"          Synopsis:	Critical: java (jdk 1.5.0) security updateIssue date:	2008-07-14CVE Names:	CVE-2008-1185 CVE-2008-1186 CVE-2008-1187                 CVE-2008-1188 CVE-2008-1189 CVE-2008-1190                 CVE-2008-1191 CVE-2008-1192 CVE-2008-1193                 CVE-2008-1194 CVE-2008-1195 CVE-2008-1196                 CVE-2008-3103 CVE-2008-3104 CVE-2008-3107                 CVE-2008-3111 CVE-2008-3112 CVE-2008-3113                 CVE-2008-3114Flaws in the JRE allowed an untrusted application or applet to elevate itsprivileges. This could be exploited by a remote attacker to access localfiles or execute local applications accessible to the user running the JRE(CVE-2008-1185, CVE-2008-1186)A flaw was found in the Java XSLT processing classes. An untrustedapplication or applet could cause a denial of service, or execute arbitrarycode with the permissions of the user running the JRE. (CVE-2008-1187)Several buffer overflow flaws were found in Java Web Start (JWS). Anuntrusted JNLP application could access local files or execute localapplications accessible to the user running the JRE.(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)A flaw was found in the Java Plug-in. A remote attacker could bypass thesame origin policy, executing arbitrary code with the permissions of theuser running the JRE. (CVE-2008-1192)A flaw was found in the JRE image parsing libraries. An untrustedapplication or applet could cause a denial of service, or possible executearbitrary code with the permissions of the user running the JRE.(CVE-2008-1193)A flaw was found in the JRE color management library.  An untrustedapplication or applet could trigger a denial of service (JVM crash).(CVE-2008-1194)The JRE allowed untrusted JavaScript code to create local networkconnections by the use of Java APIs.  A remote attacker could use theseflaws to acesss local network services. (CVE-2008-1195)A vulnerability was found in the Java Management Extensions (JMX)management agent, when local monitoring is enabled. This allowed remoteattackers to perform illegal operations. (CVE-2008-3103)Multiple vulnerabilities with unsigned applets were reported. A remoteattacker could misuse an unsigned applet to connect to localhost servicesrunning on the host running the applet. (CVE-2008-3104)A Java Runtime Environment (JRE) vulnerability could be triggered by anuntrusted application or applet. A remote attacker could grant an untrustedapplet extended privileges such as reading and writing local files, orexecuting local programs. (CVE-2008-3107)Several buffer overflow vulnerabilities in Java Web Start were reported.These vulnerabilities may allow an untrusted Java Web Start application toelevate its privileges and thereby grant itself permission to read and/orwrite local files, as well as to execute local applications accessible tothe user running the untrusted application. (CVE-2008-3111)Two file processing vulnerabilities in Java Web Start were found. A remoteattacker, by means of an untrusted Java Web Start application, was able tocreate or delete arbitrary files with the permissions of the user runningthe untrusted application. (CVE-2008-3112, CVE-2008-3113)A vulnerability in Java Web Start when processing untrusted applicationswas reported. An attacker was able to acquire sensitive information, suchas the cache location. (CVE-2008-3114)SL 4.x     SRPMS:java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.src.rpm     i386:java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.noarch.rpmjdk-1.5.0_16-fcs.i586.rpm     x86_64:java-1.5.0-sun-compat-1.5.0.16-1.1.sl.jpp.noarch.rpmjdk-1.5.0_16-fcs.i586.rpmSL 5.x     SRPMS:java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.src.rpm     i386:java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.noarch.rpmjdk-1.5.0_16-fcs.i586.rpm     x86_64:java-1.5.0-sun-compat-1.5.0.16-1.1.sl5.jpp.noarch.rpmjdk-1.5.0_16-fcs.i586.rpmjdk-1.5.0_16-fcs.x86_64.rpm-Connie Sieh-Troy Dawsonlastline



Security Fixes

Severity

Related News

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo