More JAVA Updates

We just finished rolling out Java 1.5 update 14. As we’ve come to expect with all updates, that means another update is right around the corner. SUN has not disappointed.
Sun JDK and JRE 5.0 Update 15
http://java.sun.com/javase/downloads/index_jdk5.jsp
Sun JDK and JRE 6 Update 5
http://java.sun.com/javase/downloads/index.jsp
SUN SDK and JRE 1.4.2_17
http://java.sun.com/j2se/1.4.2/download.html
Multiple vulnerabilities have been disclosed:

– Two privilege-escalation vulnerabilities affect Java Runtime
Environment Virtual Machine. An untrusted application downloaded from a
website may be able to elevate its privileges to read and write local
files or execute local applications.
– A privilege-escalation vulnerability affects Java Runtime Environment
(JRE) when processing XSLT transformations. An applet may be able to
exploit this to read unauthorized URI, potentially execute arbitrary
code, or cause denial-of-service conditions.
– Three buffer-overflow vulnerabilities affect Java Web Start. These
issues may be exploited by a malicious Java Web Start application to
elevate privileges and perform arbitrary actions as the currently
logged-in user.
– A privilege-escalation vulnerability affects Java Web Start. A
untrusted application may be able to grant read and write permission to
local files, or execute local application in the context of the currently
logged-in user.
– An unauthorized-access vulnerability affects Java Web Start. A
malicious Java Web Start application can exploit this issue to create
files on the vulnerable system. It may then be able to execute those
files to run arbitrary code in the context of the currently logged-in
user.
– A same-origin bypass vulnerability affects the Java Plug-in. An applet
may be able to exploit this issue to execute local applications that are
accessible to the user running the plugin.
– A privilege-escalation vulnerability affects Java Runtime Environment
in the image-parsing library. A malicious applet may be able to exploit
this to read and write to local scripts and execute local applications in
the context of the currently logged-in user.
– Two denial-of-service vulnerabilities affect the color management
library that may cause the Java Runtime Environment to crash.
– An unauthorized-access vulnerability affects the Java Runtime
Environment that may allow JavaScript code to make connections to network
services. This may aid in further attacks.
– A buffer-overflow vulnerability affects Java Web Start. A Java Web
Start application may be able to exploit this issue to elevate
privileges, read/write arbitrary files, and execute arbitrary local
applications in the context of the currently logged-in user.

(Symantec Deepsight Alert Service)