SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008:025

Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
IBM Java 1.4.2 was updated to SR10 and IBM Java 1.5.0 was updated to SR7 to fix various security issues: - CVE-2008-1196: A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. - CVE-2008-1195: A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. - CVE-2008-1192: A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. - CVE-2008-1190: A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. - CVE-2008-1189: A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. - CVE-2008-1187: A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). - CVE-2007-5232: A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections ... Description truncated, for more information please check the Reference URL
Affected
IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm on SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1
References