RHSA-2008:0594: java-1.6.0-sun security update

Description

The Java Runtime Environment (JRE) contains the software and tools thatusers need to run applets and applications written using the Javaprogramming language. A vulnerability was found in the Java Management Extensions (JMX)management agent, when local monitoring is enabled. This allowed remoteattackers to perform illegal operations. (CVE-2008-3103)Multiple vulnerabilities with unsigned applets were reported. A remoteattacker could misuse an unsigned applet to connect to localhost servicesrunning on the host running the applet. (CVE-2008-3104)Several vulnerabilities in the Java API for XML Web Services (JAX-WS)client and service implementation were found. A remote attacker who causedmalicious XML to be processed by a trusted or untrusted application wasable access URLs or cause a denial of service. (CVE-2008-3105, CVE-2008-3106)A JRE vulnerability could be triggered by an untrusted application orapplet. A remote attacker could grant an untrusted applet or applicationextended privileges such as being able to read and write local files, orexecute local programs. (CVE-2008-3107)Several vulnerabilities within the JRE scripting support were reported. Aremote attacker could grant an untrusted applet extended privileges such asreading and writing local files, executing local programs, or querying thesensitive data of other applets. (CVE-2008-3109, CVE-2008-3110)A vulnerability in Java Web Start was found. A remote attacker was able tocreate arbitrary files with the permissions of the user running theuntrusted Java Web Start application. (CVE-2008-3112)Another vulnerability in Java Web Start when processing untrustedapplications was reported. An attacker was able to acquire sensitiveinformation, such as the cache location. (CVE-2008-3114)Users of java-1.6.0-sun should upgrade to these updated packages, whichcorrect these issues.