The Java Runtime Environment (JRE) contains the software and tools thatusers need to run applets and applications written using the Javaprogramming language. A vulnerability was found in the Java Management Extensions (JMX)management agent, when local monitoring is enabled. This allowed remoteattackers to perform illegal operations. (CVE-2008-3103)Multiple vulnerabilities with unsigned applets were reported. A remoteattacker could misuse an unsigned applet to connect to localhost servicesrunning on the host running the applet. (CVE-2008-3104)A Java Runtime Environment (JRE) vulnerability could be triggered by anuntrusted application or applet. A remote attacker could grant an untrustedapplet extended privileges such as reading and writing local files, orexecuting local programs. (CVE-2008-3107)Several buffer overflow vulnerabilities in Java Web Start were reported.These vulnerabilities may allow an untrusted Java Web Start application toelevate its privileges and thereby grant itself permission to read and/orwrite local files, as well as to execute local applications accessible tothe user running the untrusted application. (CVE-2008-3111)Two file processing vulnerabilities in Java Web Start were found. A remoteattacker, by means of an untrusted Java Web Start application, was able tocreate or delete arbitrary files with the permissions of the user runningthe untrusted application. (CVE-2008-3112, CVE-2008-3113)A vulnerability in Java Web Start when processing untrusted applicationswas reported. An attacker was able to acquire sensitive information, suchas the cache location. (CVE-2008-3114) Users of java-1.5.0-sun should upgrade to these updated packages, whichcorrect these issues.