Security Advisory Critical: java-1.5.0-ibm security update

Advisory: RHSA-2008:0210-1
Type: Security Advisory
Severity: Critical
Issued on: 2008-04-03
Last updated on: 2008-04-03
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 4)
OVAL: com.redhat.rhsa-20080210.xml
CVEs (cve.mitre.org): CVE-2008-0657
CVE-2008-1187
CVE-2008-1188
CVE-2008-1189
CVE-2008-1190
CVE-2008-1192
CVE-2008-1193
CVE-2008-1194
CVE-2008-1195
CVE-2008-1196

Details

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

Two vulnerabilities in the Java Runtime Environment allowed an untrusted
application or applet to elevate the assigned privileges. This could be
misused by a malicious website to read and write local files or execute
local applications in the context of the user running the Java process.
(CVE-2008-0657)

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files or execute local
applications accessible to the user running the JRE.
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1196)

A flaw was found in the Java Plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs. A remote attacker could use these
flaws to acesss local network services. (CVE-2008-1195)

All users of java-ibm-1.5.0 are advised to upgrade to these updated
packages, that contain IBM's 1.5.0 SR7 Java release which resolves these
issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

RHEL Desktop Supplementary (v. 5 client)
IA-32:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm     809d18f7648560a61bbeef5cc5b1754b
java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.i386.rpm     1a0a48fe76b7361129d97531d70a7f15
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm     6dcb63701b04ec73ca0bcd200a1eae5b
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm     fb718d8d2a3bf1012752e1b06eb6c2b4
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm     a68fb3fa5eb77d6eeaaebfecf1e29f32
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm     d31556a0c643edd6e6949f185725b17e
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm     7e61d747d7b29c8a3ea558950b8b06b9
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm     e2e0e33efcfbcb664d52c7431119052c
 
x86_64:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm     809d18f7648560a61bbeef5cc5b1754b
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.x86_64.rpm     7bc51599a7ac56889cd89ac5e95f7d3c
java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.x86_64.rpm     e3a03d52ffc9aa0fbb4d7c44861e46fd
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm     6dcb63701b04ec73ca0bcd200a1eae5b
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.x86_64.rpm     ec52352b4d0640d6966b9528f189e831
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm     fb718d8d2a3bf1012752e1b06eb6c2b4
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.x86_64.rpm     5cbe8aed7ebd2dc59b3c5aaa51ca1b15
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm     a68fb3fa5eb77d6eeaaebfecf1e29f32
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.x86_64.rpm     7d36f8baafd087c5568f77bf8e51e1c4
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm     d31556a0c643edd6e6949f185725b17e
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm     7e61d747d7b29c8a3ea558950b8b06b9
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm     e2e0e33efcfbcb664d52c7431119052c
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.x86_64.rpm     9aad3a4a8cb0b001a60b5c6068472558
 
RHEL Supplementary (v. 5 server)
IA-32:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm     809d18f7648560a61bbeef5cc5b1754b
java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.i386.rpm     1a0a48fe76b7361129d97531d70a7f15
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm     6dcb63701b04ec73ca0bcd200a1eae5b
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm     fb718d8d2a3bf1012752e1b06eb6c2b4
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm     a68fb3fa5eb77d6eeaaebfecf1e29f32
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm     d31556a0c643edd6e6949f185725b17e
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm     7e61d747d7b29c8a3ea558950b8b06b9
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm     e2e0e33efcfbcb664d52c7431119052c
 
PPC:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.ppc.rpm     03e3ece5258cb3ce26b4fd7579a7292e
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.ppc64.rpm     16f02be28451385f538f6885285d9b7f
java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.ppc.rpm     876ff2a05894452975923ebe795a50ef
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.ppc.rpm     40a7ae3b3100a01440aa71e6c1889360
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.ppc64.rpm     f8886c77eab61ebce5a7c1336848c21c
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.ppc.rpm     6cc5cea87a21d0db2f5b749f81675577
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.ppc64.rpm     cc913c27e8546f74ced70baaf6083128
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.ppc.rpm     83adbc350f6276dc299fba7b17e0150d
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.ppc64.rpm     791e85c897550180bf01f51d03d3acb9
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.ppc.rpm     17eca9b339802d042569ec9c36045d75
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.ppc.rpm     44e40af7b5b9ae04783371b00fe76da8
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.ppc.rpm     82f12e4b3ed081a908ef3bb0a3809db7
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.ppc64.rpm     28027d164ce19b11d40dfe4e4b31376d
 
s390x:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.s390.rpm     0a05954a103154e676bdfdb25fad059b
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.s390x.rpm     539498ee5b0cd1946a9d9289479c7946
java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.s390x.rpm     86bca606d48f79413c3c364bf0cb99d5
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.s390.rpm     a962f94bf65202e1e2643b2163ef670e
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.s390x.rpm     37cc92ebee405ad5b16dc979d5f9d417
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.s390.rpm     6d9411d9b511fc48a05a074a324eb0f6
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.s390x.rpm     f19c930d077ce07d26ebaf2d138325e9
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.s390.rpm     bd5f81b6c66a3e920a5231d8a825d5ba
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.s390.rpm     2965ac0cccfb38615762ee70a44627a2
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.s390x.rpm     8a544aca8e6b43eb0daf5d08076ae9a0
 
x86_64:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.i386.rpm     809d18f7648560a61bbeef5cc5b1754b
java-1.5.0-ibm-1.5.0.7-1jpp.2.el5.x86_64.rpm     7bc51599a7ac56889cd89ac5e95f7d3c
java-1.5.0-ibm-accessibility-1.5.0.7-1jpp.2.el5.x86_64.rpm     e3a03d52ffc9aa0fbb4d7c44861e46fd
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.i386.rpm     6dcb63701b04ec73ca0bcd200a1eae5b
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el5.x86_64.rpm     ec52352b4d0640d6966b9528f189e831
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.i386.rpm     fb718d8d2a3bf1012752e1b06eb6c2b4
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el5.x86_64.rpm     5cbe8aed7ebd2dc59b3c5aaa51ca1b15
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.i386.rpm     a68fb3fa5eb77d6eeaaebfecf1e29f32
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el5.x86_64.rpm     7d36f8baafd087c5568f77bf8e51e1c4
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el5.i386.rpm     d31556a0c643edd6e6949f185725b17e
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el5.i386.rpm     7e61d747d7b29c8a3ea558950b8b06b9
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.i386.rpm     e2e0e33efcfbcb664d52c7431119052c
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el5.x86_64.rpm     9aad3a4a8cb0b001a60b5c6068472558
 
Red Hat Enterprise Linux Extras (v. 4)
IA-32:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm     3f525e01f94652d82e3789362fbcad2c
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm     3f525e01f94652d82e3789362fbcad2c
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm     3f525e01f94652d82e3789362fbcad2c
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.i386.rpm     3f525e01f94652d82e3789362fbcad2c
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm     0d549c804ec976822b1e2390e19521b1
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm     0d549c804ec976822b1e2390e19521b1
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm     0d549c804ec976822b1e2390e19521b1
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.i386.rpm     0d549c804ec976822b1e2390e19521b1
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm     cfdcc6f5fa7155b1cae2b046d4e223f4
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm     cfdcc6f5fa7155b1cae2b046d4e223f4
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm     cfdcc6f5fa7155b1cae2b046d4e223f4
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.i386.rpm     cfdcc6f5fa7155b1cae2b046d4e223f4
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm     8b47def8932081fc0ae72b3d574aafa6
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm     8b47def8932081fc0ae72b3d574aafa6
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm     8b47def8932081fc0ae72b3d574aafa6
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.i386.rpm     8b47def8932081fc0ae72b3d574aafa6
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm     9485dbc761ffd9acf10f9311daea143c
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm     9485dbc761ffd9acf10f9311daea143c
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm     9485dbc761ffd9acf10f9311daea143c
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.i386.rpm     9485dbc761ffd9acf10f9311daea143c
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm     cb917a150a86628b1c1cbb7d106b7730
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm     cb917a150a86628b1c1cbb7d106b7730
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm     cb917a150a86628b1c1cbb7d106b7730
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.i386.rpm     cb917a150a86628b1c1cbb7d106b7730
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm     37cb29e46d4563e05b8980470be59876
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm     37cb29e46d4563e05b8980470be59876
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm     37cb29e46d4563e05b8980470be59876
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.i386.rpm     37cb29e46d4563e05b8980470be59876
 
PPC:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.ppc.rpm     a4da6df573c346edf037a4fe51bdbcf2
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.ppc.rpm     ff040eba7daff4363622a55cc79ca988
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.ppc.rpm     1c1c69725e18ecc78fcd522fb85c2702
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.ppc.rpm     18b738be52c085f3fb3ef12cf4f435bf
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.ppc.rpm     8913ed00ad05d57dea70baef2234c6e9
java-1.5.0-ibm-plugin-1.5.0.7-1jpp.2.el4.ppc.rpm     d94acc458efff17c52a718587bff4b04
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.ppc.rpm     9568bfefadcfe3c2fd01c01275dd0efe
 
s390:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.s390.rpm     e32466eaec61f744441f9551a341091e
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.s390.rpm     996846c474a5346ad05c65d4a7013d6f
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.s390.rpm     8b4ae08d36b45184e8bf57c1c450557e
java-1.5.0-ibm-jdbc-1.5.0.7-1jpp.2.el4.s390.rpm     5c36d21afb10b903cf9dc6506629cb34
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.s390.rpm     bbe0b5eb0563d01205f149ea418f8005
 
s390x:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.s390x.rpm     0f0e6a178629978d5449ceb12e40a327
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.s390x.rpm     a27e30bf9ca2a74252543ecce4e83b75
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.s390x.rpm     da24a3b1ae93d76594fa65f5eec0576f
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.s390x.rpm     b8eef10cbcd41f13852467e061213310
 
x86_64:
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm     2c94dfb95301e47a6e4f04d9d98e5ffd
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm     2c94dfb95301e47a6e4f04d9d98e5ffd
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm     2c94dfb95301e47a6e4f04d9d98e5ffd
java-1.5.0-ibm-1.5.0.7-1jpp.2.el4.x86_64.rpm     2c94dfb95301e47a6e4f04d9d98e5ffd
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm     005a99dc01e4721683d82823dad87ea5
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm     005a99dc01e4721683d82823dad87ea5
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm     005a99dc01e4721683d82823dad87ea5
java-1.5.0-ibm-demo-1.5.0.7-1jpp.2.el4.x86_64.rpm     005a99dc01e4721683d82823dad87ea5
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm     0ddd3b92c66875ffd63a465afa36b729
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm     0ddd3b92c66875ffd63a465afa36b729
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm     0ddd3b92c66875ffd63a465afa36b729
java-1.5.0-ibm-devel-1.5.0.7-1jpp.2.el4.x86_64.rpm     0ddd3b92c66875ffd63a465afa36b729
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm     9b8ab7234f12f7c0a476509da72bc638
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm     9b8ab7234f12f7c0a476509da72bc638
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm     9b8ab7234f12f7c0a476509da72bc638
java-1.5.0-ibm-javacomm-1.5.0.7-1jpp.2.el4.x86_64.rpm     9b8ab7234f12f7c0a476509da72bc638
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm     f92092096c52a2ef60bd5d5bc512c3f6
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm     f92092096c52a2ef60bd5d5bc512c3f6
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm     f92092096c52a2ef60bd5d5bc512c3f6
java-1.5.0-ibm-src-1.5.0.7-1jpp.2.el4.x86_64.rpm     f92092096c52a2ef60bd5d5bc512c3f6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

431861 - CVE-2008-0657 java-1.5.0 Privilege escalation via unstrusted applet and application
436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation
436293 - CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
436295 - CVE-2008-1192 Java Plugin same-origin-policy bypass
436296 - CVE-2008-1193 JRE image parsing library allows privilege escalation (CVE-2008-1194)
436299 - CVE-2008-1195 Java-API calls in untrusted Javascript allow network privilege escalation
436302 - CVE-2008-1196 Buffer overflow security vulnerabilities in Java Web Start


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/