Security Advisory Critical: java-1.5.0-ibm security update

Advisory: RHSA-2007:0167-5
Type: Security Advisory
Severity: Critical
Issued on: 2007-04-25
Last updated on: 2007-04-25
Affected Products: RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 4)
OVAL: com.redhat.rhsa-20070167.xml
CVEs (cve.mitre.org): CVE-2007-0243

Details

java-1.5.0-ibm packages that correct a security issue are available for Red
Hat Enterprise Linux 5 Supplementary and Enterprise Linux 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A flaw in GIF image handling was found in the SUN Java Runtime Environment
that has now been reported as also affecting IBM Java 2. An untrusted
applet or application could use this flaw to elevate its privileges and
potentially execute arbitrary code. (CVE-2007-0243)

This update also resolves the following issues:

* The java-1.5.0-ibm-plugin sub-package conflicted with the new
java-1.5.0-sun-plugin sub-package.

* The java-1.5.0-ibm-plugin package had incorrect dependencies. The
java-1.5.0-ibm-alsa package has been merged into the java-1.5.0-ibm package
to resolve this issue.

All users of java-ibm-1.5.0 should upgrade to these packages, which contain
IBM's 1.5.0 SR4 Java release which resolves these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

RHEL Supplementary (v. 5 server)
IA-32:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     dbd828f7090bdd3fba290f7ac1fb09dc
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     5cd4a507db7f5fda5ef7eff6ccf1ddbd
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     8bf3a410ff1b74e750efc6666e3eae1a
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     5d1526e01b38b377cea5a941e388e3b8
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     9c4faa2a25ce85c74e247fbb8c045fcb
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     69c8ad6857e9e23802d62a35bea92f35
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     7c9baae9b7ad1c943e3237f0eb549554
 
PPC:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2008:0790		     e1174ad5c8f5ceaf2f014c66a57c845d
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2008:0790		     3dfe1d4672eac020f59cded037e6ff1f
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2008:0790		     1e5b3c700bdc2dd8830dd64f051da9f2
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2008:0790		     92693b273ca80e3c2e64ae77ffc998b4
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2008:0790		     982126fd7fe1828935e46e69402d9a8b
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2008:0790		     b61e3c444482fb58d8596a9c5e2c62dd
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2008:0790		     4345df9c7d754fd084bec67b556d3644
 
s390x:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2008:0790		     e5e1ee24f6afd48180d6cde8ac4f5429
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2008:0790		     fc3a2e7aedd828a647cdab142b7356e7
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2008:0790		     520b319f172a5b424e6eaecd591225a3
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2008:0790		     5a43aaf47f327655030aad464364e021
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2008:0790		     b39cc9a975dea83fcc77d54114bc93d7
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2008:0790		     ddc58078f413e5ab1f156bb0577ffe0b
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2008:0790		     44cfd2c55b54b44209f5e2cf03511006
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2008:0790		     b48b4d78e567a63b0e025b523ff7ddee
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2008:0790		     ea59de0f929b876ee0d6b398c4604151
 
x86_64:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     dbd828f7090bdd3fba290f7ac1fb09dc
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2008:0790		     b6a02279ee90333160031de73abc2b50
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     5cd4a507db7f5fda5ef7eff6ccf1ddbd
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2008:0790		     c841470242d09e0be886362953d78747
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     8bf3a410ff1b74e750efc6666e3eae1a
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2008:0790		     3f975a9cd9353a3cd8f964350b5b81b4
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     5d1526e01b38b377cea5a941e388e3b8
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2008:0790		     d7b9ef47c336f0cf71cfe21374a21db2
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     9c4faa2a25ce85c74e247fbb8c045fcb
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     69c8ad6857e9e23802d62a35bea92f35
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2008:0790		     7c9baae9b7ad1c943e3237f0eb549554
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2008:0790		     e39189c5480464ffe159e8af0cf00e66
 
Red Hat Enterprise Linux Extras (v. 4)
IA-32:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     38ff038ce167616812f5358966b37ccc
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     38ff038ce167616812f5358966b37ccc
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     38ff038ce167616812f5358966b37ccc
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     38ff038ce167616812f5358966b37ccc
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f08e9be3a54794f05b2736f87a73913a
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f08e9be3a54794f05b2736f87a73913a
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f08e9be3a54794f05b2736f87a73913a
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f08e9be3a54794f05b2736f87a73913a
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c180126eb4cc496bbcc8500b3a935046
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c180126eb4cc496bbcc8500b3a935046
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c180126eb4cc496bbcc8500b3a935046
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c180126eb4cc496bbcc8500b3a935046
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     822575c557d2a1b9cf7e5c7a83a89a52
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     822575c557d2a1b9cf7e5c7a83a89a52
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     822575c557d2a1b9cf7e5c7a83a89a52
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     822575c557d2a1b9cf7e5c7a83a89a52
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     bc6907c64649848d1724e7eff9efba81
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     bc6907c64649848d1724e7eff9efba81
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     bc6907c64649848d1724e7eff9efba81
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     bc6907c64649848d1724e7eff9efba81
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c9583a7dffd5f9cfebe30fac9de8e45a
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c9583a7dffd5f9cfebe30fac9de8e45a
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c9583a7dffd5f9cfebe30fac9de8e45a
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     c9583a7dffd5f9cfebe30fac9de8e45a
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f4dca5cf8fcba96f0c2f9ef17154096c
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f4dca5cf8fcba96f0c2f9ef17154096c
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f4dca5cf8fcba96f0c2f9ef17154096c
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2008:0790		     f4dca5cf8fcba96f0c2f9ef17154096c
 
PPC:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0790		     43788155c5cdcb27fd3d093a4c1cf667
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0790		     d8fdc035deb93edfc6e6c2f48e9a9010
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0790		     1409e0ff52355d5f6e9f1f8e4da4e051
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0790		     61c8c9d45e4e4a7fa8f32dfcd16ec04e
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0790		     8470e8ba5c2d082e7a19af939eca839b
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0790		     0d61019ea1092ca4720b421839d7e8dc
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2008:0790		     c29a7df85b6ac486f026c691e7d5690a
 
s390:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2008:0790		     f42111b5d5638abac2e0de1f2681ea32
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2008:0790		     6d8734dfaef07346c2ec5a78b9b60de8
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2008:0790		     32e562c42d105c40949b74696ea8c763
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2008:0790		     90f97a87deb9f605c33e7baa85aa4559
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2008:0790		     780d41e090800dc44978819580356acd
 
s390x:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2008:0790		     b44dbe1fbbf0223d0df62885a171b30b
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2008:0790		     c2584bf412075e193b04897529d10915
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2008:0790		     dbbd45c7b7db65097eaded5268a6ecf2
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2008:0790		     c478ca881bc3c81b7e9a2fe2e576c479
 
x86_64:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     23a6f88855d3f3b915c709b361baaa8b
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     23a6f88855d3f3b915c709b361baaa8b
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     23a6f88855d3f3b915c709b361baaa8b
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     23a6f88855d3f3b915c709b361baaa8b
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     c27bd6f70802ae563db34d5119a110c2
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     c27bd6f70802ae563db34d5119a110c2
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     c27bd6f70802ae563db34d5119a110c2
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     c27bd6f70802ae563db34d5119a110c2
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     e6c95d3ba53f6c698e0e824a857fc6a5
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     e6c95d3ba53f6c698e0e824a857fc6a5
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     e6c95d3ba53f6c698e0e824a857fc6a5
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     e6c95d3ba53f6c698e0e824a857fc6a5
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     adae7780de3e8f866b643ca64c10356a
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     adae7780de3e8f866b643ca64c10356a
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     adae7780de3e8f866b643ca64c10356a
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     adae7780de3e8f866b643ca64c10356a
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     22383a1f44580168a7bc09ca0966a91c
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     22383a1f44580168a7bc09ca0966a91c
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     22383a1f44580168a7bc09ca0966a91c
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2008:0790		     22383a1f44580168a7bc09ca0966a91c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

236894 - CVE-2007-0243 GIF buffer overflow
237281 - CVE-2007-0243 GIF buffer overflow
237290 - Installation of all Extras packages generates package conflict
237685 - plugin does not initialize


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/