Security Advisory Critical: java-1.6.0-ibm security update

Advisory: RHSA-2008:0267-2
Type: Security Advisory
Severity: Critical
Issued on: 2008-05-19
Last updated on: 2008-05-19
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
OVAL: com.redhat.rhsa-20080267.xml
CVEs (cve.mitre.org): CVE-2008-1187
CVE-2008-1188
CVE-2008-1189
CVE-2008-1190
CVE-2008-1191
CVE-2008-1192
CVE-2008-1193
CVE-2008-1194
CVE-2008-1195
CVE-2008-1196

Details

Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

IBM's 1.6.0 Java release includes the IBM Java 2 Runtime Environment, and
the IBM Java 2 Software Development Kit.

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files, or execute local
applications accessible to the user running the JRE. (CVE-2008-1188,
CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)

A flaw was found in the Java plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)

A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possibly execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)

The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs. A remote attacker could use these
flaws to access local network services. (CVE-2008-1195)

All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, that contain IBM's 1.6.0 SR1 Java release, which resolves these
issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Supplementary (v. 5 client)
IA-32:
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm     56ee343e5ff60f36088e1e9f0f596842
java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.i386.rpm     d955137f13d275f30267e85870ae16aa
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm     1618be9ee926cc7f78ddf2bc0492617c
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm     75b659d5b564401f1fcef771badacdf8
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm     1d3e5b51d11b5b3ec8b0451329f49061
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm     dc36e91ffdb58a8b6f831f528420ade2
java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm     e9d8270b4476f8119c9194a2ca4fbc13
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm     fd07af0e6c616bb0166e65b15fe6142a
 
x86_64:
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm     56ee343e5ff60f36088e1e9f0f596842
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.x86_64.rpm     04da6be10e4670d7afd27f2e4026dbcc
java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.x86_64.rpm     4fbc79571e684e48d209efe72cd6e4f4
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm     1618be9ee926cc7f78ddf2bc0492617c
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.x86_64.rpm     b487da61f2638168da5eea615a226eb5
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm     75b659d5b564401f1fcef771badacdf8
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.x86_64.rpm     758908ab53c2d3c6c848a2ab7b5f6ba3
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm     1d3e5b51d11b5b3ec8b0451329f49061
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.x86_64.rpm     41807a00000fde6ddc24f6ac2ae90519
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm     dc36e91ffdb58a8b6f831f528420ade2
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.x86_64.rpm     712b96837322c5f412d20056d5b17a52
java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm     e9d8270b4476f8119c9194a2ca4fbc13
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm     fd07af0e6c616bb0166e65b15fe6142a
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.x86_64.rpm     eeff2abd11f7db5df7c1c310de85d079
 
RHEL Supplementary (v. 5 server)
IA-32:
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm     56ee343e5ff60f36088e1e9f0f596842
java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.i386.rpm     d955137f13d275f30267e85870ae16aa
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm     1618be9ee926cc7f78ddf2bc0492617c
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm     75b659d5b564401f1fcef771badacdf8
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm     1d3e5b51d11b5b3ec8b0451329f49061
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm     dc36e91ffdb58a8b6f831f528420ade2
java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm     e9d8270b4476f8119c9194a2ca4fbc13
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm     fd07af0e6c616bb0166e65b15fe6142a
 
PPC:
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.ppc.rpm     1c11d87c526bf57bba1363e6d7fe609a
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.ppc64.rpm     aea99601638471040c12a5cae5dba94e
java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.ppc.rpm     8534822d6400b9a7af998e967f428c3e
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.ppc.rpm     2f189f2d425802792d298d73e7962dff
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.ppc64.rpm     fcc22ebd4ca0fc4357027270a722adf7
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.ppc.rpm     e70976fbfa11c06305e9bed53b923c50
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.ppc64.rpm     5ea2ad89bb925ff9fa94d96b3c260747
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.ppc.rpm     46af602d84c108d89ee4dc803b7b85a1
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.ppc64.rpm     ddcfc073d8af75f0625869b967243cd1
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.ppc.rpm     04237735a5277be8b3cbe04dafd5bd6a
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.ppc64.rpm     7570079a3e6a70216769416b0111521d
java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.ppc.rpm     66c0ba4bd3baa94d3b2d57834508303f
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.ppc.rpm     73ad95803d95330bb8c86cf1f1706deb
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.ppc64.rpm     63c1345b0ed36ef514c262e55f3155c6
 
s390x:
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.s390.rpm     f12cca7468aa0bc5d262af19b609f422
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.s390x.rpm     41dfd247dd8354073e51a7244dc967a3
java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.s390x.rpm     1829760f0a321dad8659fc362b489af9
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.s390.rpm     4fa401dc91438b488220396615bec941
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.s390x.rpm     2971b2ab6b8bea686ba68886c9891e12
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.s390.rpm     0b1a07573cc00eaecf132c818b46425a
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.s390x.rpm     61c13d54a3ffe2b23815ebcdb82a4988
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.s390.rpm     19434055793183cc7db7fd3589535a13
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.s390x.rpm     9197494dd34cfbbca16c0fa537dae368
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.s390.rpm     e1ef45a31500a36d37c7dff57be7ce76
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.s390x.rpm     0eb5a1dcc7bb9e31415a838d44b07348
 
x86_64:
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.i386.rpm     56ee343e5ff60f36088e1e9f0f596842
java-1.6.0-ibm-1.6.0.1-1jpp.2.el5.x86_64.rpm     04da6be10e4670d7afd27f2e4026dbcc
java-1.6.0-ibm-accessibility-1.6.0.1-1jpp.2.el5.x86_64.rpm     4fbc79571e684e48d209efe72cd6e4f4
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.i386.rpm     1618be9ee926cc7f78ddf2bc0492617c
java-1.6.0-ibm-demo-1.6.0.1-1jpp.2.el5.x86_64.rpm     b487da61f2638168da5eea615a226eb5
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.i386.rpm     75b659d5b564401f1fcef771badacdf8
java-1.6.0-ibm-devel-1.6.0.1-1jpp.2.el5.x86_64.rpm     758908ab53c2d3c6c848a2ab7b5f6ba3
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.i386.rpm     1d3e5b51d11b5b3ec8b0451329f49061
java-1.6.0-ibm-javacomm-1.6.0.1-1jpp.2.el5.x86_64.rpm     41807a00000fde6ddc24f6ac2ae90519
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.i386.rpm     dc36e91ffdb58a8b6f831f528420ade2
java-1.6.0-ibm-jdbc-1.6.0.1-1jpp.2.el5.x86_64.rpm     712b96837322c5f412d20056d5b17a52
java-1.6.0-ibm-plugin-1.6.0.1-1jpp.2.el5.i386.rpm     e9d8270b4476f8119c9194a2ca4fbc13
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.i386.rpm     fd07af0e6c616bb0166e65b15fe6142a
java-1.6.0-ibm-src-1.6.0.1-1jpp.2.el5.x86_64.rpm     eeff2abd11f7db5df7c1c310de85d079
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation
436293 - CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
436295 - CVE-2008-1192 Java Plugin same-origin-policy bypass
436296 - CVE-2008-1193 JRE image parsing library allows privilege escalation (CVE-2008-1194)
436299 - CVE-2008-1195 Java-API calls in untrusted Javascript allow network privilege escalation
436302 - CVE-2008-1196 Buffer overflow security vulnerabilities in Java Web Start
444746 - CVE-2008-1191 Untrusted Java Web Start arbitrary file creation


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/