java-1_4_2-sun-alsa: ALSA support for java-1.4.2-sun
----------------------------------------------------------------------
File: java-1_4_2-sun-alsa-1.4.2.17-0.2.i586.rpm
Patchrpm: java-1_4_2-sun-alsa-1.4.2.17-0.2.i586.patch.rpm
Version: 1.4.2.17-0.2
Size: 24 kB
Patchsize: 24 kB
Date: Thu 27 Mar 2008 15:8:0 CET
Source: java-1_4_2-sun-1.4.2.17-0.2.nosrc.rpm
Security: Yes
----------------------------------------------------------------------
Description: Sun Java was updated to 1.4.2u17 to fix following security vulnerabilities:

- CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for
  Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0
  Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote
  attackers should gain privileges via an untrusted application or applet, a
  different issue than CVE-2008-1186.
- CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for
  Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier,
  and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain
  privileges via an untrusted application or applet, a different issue
  than CVE-2008-1185.
- CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime
  Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and
  earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to
  cause a denial of service (JRE crash) and possibly execute arbitrary
  code via unknown vectors related to XSLT transforms.
- CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE
  6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE
  1.4.2_16 and earlier allows remote attackers to execute arbitrary code
  via unknown vectors, a different issue than CVE-2008-1188.
- CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun
  JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and
  SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain
  privileges via an untrusted application, a different issue than
  CVE-2008-1191.
- CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun
  JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and
  SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows
  remote attackers to bypass the same origin policy and "execute local
  applications" via unknown vectors.
- CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime
  Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and
  earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers
  to access arbitrary network services on the local host via unspecified
  vectors related to JavaScript and Java APIs.
- CVE-2008-1196: Stack-based buffer overflow in Java Web Start
  (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update
  14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote
  attackers to execute arbitrary code via a crafted JNLP file.