Security update for Sun Java
Knowledgebase
(Last modified: 28MAR2008)
solutions Security update for Sun Java SuSE Linux Maintenance Web (574223d1ffcde352dd063081d2f81f3e)
java-1_4_2-sun-alsa
java-1_4_2-sun-demo
java-1_4_2-sun-devel
java-1_4_2-sun-jdbc
java-1_4_2-sun-plugin
java-1_4_2-sun-src
Product(s): SUSE Linux Enterprise Desktop 10 SP1 for x86
SUSE Linux Enterprise Desktop 10 SP1 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP1 for x86
SUSE Linux Enterprise Server 10 SP1 for IPF
SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T
Zypp-Patch-Number: 5131
Release: 20080328
Obsoletes: none
- CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186.
- CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185.
- CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
- CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188.
- CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191.
- CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.
- CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
- CVE-2008-1196: Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.
rpm -Fhv java-1_4_2-sun.rpm java-1_4_2-sun-alsa.rpm java-1_4_2-sun-demo.rpm java-1_4_2-sun-devel.rpm java-1_4_2-sun-jdbc.rpm java-1_4_2-sun-plugin.rpm java-1_4_2-sun-src.rpm
Download Source Packages
Download the source code of the patches for maintained products.
Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.