(RHSA-2008:0594) Critical: java-1.6.0-sun security update

ID RHSA-2008:0594
Type redhat
Reporter RedHat
Modified 2017-07-27T07:15:47


The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language.

A vulnerability was found in the Java Management Extensions (JMX) management agent, when local monitoring is enabled. This allowed remote attackers to perform illegal operations. (CVE-2008-3103)

Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104)

Several vulnerabilities in the Java API for XML Web Services (JAX-WS) client and service implementation were found. A remote attacker who caused malicious XML to be processed by a trusted or untrusted application was able access URLs or cause a denial of service. (CVE-2008-3105, CVE-2008-3106)

A JRE vulnerability could be triggered by an untrusted application or applet. A remote attacker could grant an untrusted applet or application extended privileges such as being able to read and write local files, or execute local programs. (CVE-2008-3107)

Several vulnerabilities within the JRE scripting support were reported. A remote attacker could grant an untrusted applet extended privileges such as reading and writing local files, executing local programs, or querying the sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110)

A vulnerability in Java Web Start was found. A remote attacker was able to create arbitrary files with the permissions of the user running the untrusted Java Web Start application. (CVE-2008-3112)

Another vulnerability in Java Web Start when processing untrusted applications was reported. An attacker was able to acquire sensitive information, such as the cache location. (CVE-2008-3114)

Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues.