IBM's 1.4.2 SR12 Java release includes the IBM Java 2 Runtime Environmentand the IBM Java 2 Software Development Kit.Multiple vulnerabilities with unsigned applets were reported. A remoteattacker could misuse an unsigned applet to connect to localhost servicesrunning on the host running the applet. (CVE-2008-3104)Two file processing vulnerabilities in Java Web Start were found. Using anuntrusted Java Web Start application, a remote attacker was able to createor delete arbitrary files with the permissions of the user running theuntrusted application. (CVE-2008-3112, CVE-2008-3113)A vulnerability in Java Web Start when processing untrusted applicationswas reported. An attacker was able to acquire sensitive information, suchas the cache location. (CVE-2008-3114)All users of java-1.4.2-ibm are advised to upgrade to these updatedpackages, which contain IBM's 1.4.2 SR12 Java release which resolves theseissues.