RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2008:0906)
Critical Nessus Plugin ID 40728
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
A flaw was found in the Java Management Extensions (JMX) management agent. When local monitoring is enabled, remote attackers could use this flaw to perform illegal operations. (CVE-2008-3103)
Several flaws involving the handling of unsigned applets were found. A remote attacker could misuse an unsigned applet in order to connect to services on the host running the applet. (CVE-2008-3104)
Several flaws in the Java API for XML Web Services (JAX-WS) client and the JAX-WS service implementation were found. A remote attacker who could cause malicious XML to be processed by an application could access URLs, or cause a denial of service. (CVE-2008-3105, CVE-2008-3106)
Several flaws within the Java Runtime Environment (JRE) scripting support were found. A remote attacker could grant an untrusted applet extended privileges, such as reading and writing local files, executing local programs, or querying the sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110)
A flaw in Java Web Start was found. Using an untrusted Java Web Start application, a remote attacker could create or delete arbitrary files with the permissions of the user running the untrusted application.
A flaw in Java Web Start when processing untrusted applications was found. An attacker could use this flaw to acquire sensitive information, such as the location of the cache. (CVE-2008-3114)
All users of java-1.6.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.6.0 SR2 Java release, which resolves these issues.
SolutionUpdate the affected packages.