Security Advisory Critical: java-1.5.0-sun security update

Advisory: RHSA-2009:0394-1
Type: Security Advisory
Severity: Critical
Issued on: 2009-03-26
Last updated on: 2009-03-26
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
RHEL Supplementary EUS (v. 5.3.z server)
Red Hat Enterprise Linux Extras (v. 4)
Red Hat Enterprise Linux Extras (v. 4.7.z)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-2426
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1103
CVE-2009-1104
CVE-2009-1107

Details

Updated java-1.5.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and
the Sun Java 5 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 5 Runtime
Environment and the Sun Java 5 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1107)

Users of java-1.5.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Supplementary (v. 5 client)
IA-32:
java-1.5.0-sun-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     baf36236a2c0dc354026cb9e3ebe4287
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     4f9ef24b97900478d6a8685c453c5042
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     1650b6e93cb39f17ccd07c898315ff47
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     566aeaaa40a907f6a8b998e68cc77bd3
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     11675a53becb5be5ca137558d0f4f9c2
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     4dc2317fae02f3bb7294382107dea6ed
 
x86_64:
java-1.5.0-sun-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     863853f398acf81f06ac7d34d7942f44
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     69d0ac9fccbc70b70302c1e51c33675a
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     6875d1e259f103a6d9f3d46be583dad1
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     f08e903bcdc7f16ac193054ccb0b8914
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     11675a53becb5be5ca137558d0f4f9c2
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     7ddfa47dbfd8064e934dd71aa3cbd889
 
RHEL Supplementary (v. 5 server)
IA-32:
java-1.5.0-sun-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     baf36236a2c0dc354026cb9e3ebe4287
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     4f9ef24b97900478d6a8685c453c5042
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     1650b6e93cb39f17ccd07c898315ff47
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     566aeaaa40a907f6a8b998e68cc77bd3
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     11675a53becb5be5ca137558d0f4f9c2
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     4dc2317fae02f3bb7294382107dea6ed
 
x86_64:
java-1.5.0-sun-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     863853f398acf81f06ac7d34d7942f44
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     69d0ac9fccbc70b70302c1e51c33675a
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     6875d1e259f103a6d9f3d46be583dad1
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     f08e903bcdc7f16ac193054ccb0b8914
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571		     11675a53becb5be5ca137558d0f4f9c2
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571		     7ddfa47dbfd8064e934dd71aa3cbd889
 
RHEL Supplementary EUS (v. 5.3.z server)
IA-32:
java-1.5.0-sun-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1199		     baf36236a2c0dc354026cb9e3ebe4287
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1199		     4f9ef24b97900478d6a8685c453c5042
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1199		     1650b6e93cb39f17ccd07c898315ff47
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1199		     566aeaaa40a907f6a8b998e68cc77bd3
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1199		     11675a53becb5be5ca137558d0f4f9c2
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1199		     4dc2317fae02f3bb7294382107dea6ed
 
x86_64:
java-1.5.0-sun-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1199		     863853f398acf81f06ac7d34d7942f44
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1199		     69d0ac9fccbc70b70302c1e51c33675a
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1199		     6875d1e259f103a6d9f3d46be583dad1
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1199		     f08e903bcdc7f16ac193054ccb0b8914
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1199		     11675a53becb5be5ca137558d0f4f9c2
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1199		     7ddfa47dbfd8064e934dd71aa3cbd889
 
Red Hat Enterprise Linux Extras (v. 4)
IA-32:
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     80072cf53fe0f7d077c21d1acf4a5f6b
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     80072cf53fe0f7d077c21d1acf4a5f6b
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     80072cf53fe0f7d077c21d1acf4a5f6b
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     80072cf53fe0f7d077c21d1acf4a5f6b
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     9fd89091944c9576ce890c76afef11e9
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     9fd89091944c9576ce890c76afef11e9
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     9fd89091944c9576ce890c76afef11e9
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     9fd89091944c9576ce890c76afef11e9
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     c79ee1b3ffeb3f36edb495eee678e8a9
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     c79ee1b3ffeb3f36edb495eee678e8a9
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     c79ee1b3ffeb3f36edb495eee678e8a9
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     c79ee1b3ffeb3f36edb495eee678e8a9
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     7057a4d982a4bc1738d4ee662c9d87be
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     7057a4d982a4bc1738d4ee662c9d87be
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     7057a4d982a4bc1738d4ee662c9d87be
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     7057a4d982a4bc1738d4ee662c9d87be
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     6b225c38b27241a6290dd49da3be76a6
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     6b225c38b27241a6290dd49da3be76a6
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     6b225c38b27241a6290dd49da3be76a6
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     6b225c38b27241a6290dd49da3be76a6
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     07e45743572987db7a4f13b83587582a
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     07e45743572987db7a4f13b83587582a
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     07e45743572987db7a4f13b83587582a
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571		     07e45743572987db7a4f13b83587582a
 
x86_64:
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     62c20869612e8df393131aabee543895
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     62c20869612e8df393131aabee543895
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     62c20869612e8df393131aabee543895
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     62c20869612e8df393131aabee543895
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     e295ca14b530302a67a9d79350c1dd3f
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     e295ca14b530302a67a9d79350c1dd3f
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     e295ca14b530302a67a9d79350c1dd3f
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     e295ca14b530302a67a9d79350c1dd3f
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     fde5283c3a263c63e51b39d441abff17
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     fde5283c3a263c63e51b39d441abff17
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     fde5283c3a263c63e51b39d441abff17
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     fde5283c3a263c63e51b39d441abff17
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     d2a7a39d6eb18168d97209f3562bd73e
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     d2a7a39d6eb18168d97209f3562bd73e
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     d2a7a39d6eb18168d97209f3562bd73e
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     d2a7a39d6eb18168d97209f3562bd73e
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     a318424b11461b229662bd8af3da42ba
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     a318424b11461b229662bd8af3da42ba
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     a318424b11461b229662bd8af3da42ba
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571		     a318424b11461b229662bd8af3da42ba
 
Red Hat Enterprise Linux Extras (v. 4.7.z)
IA-32:
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm     80072cf53fe0f7d077c21d1acf4a5f6b
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.i586.rpm     80072cf53fe0f7d077c21d1acf4a5f6b
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm     9fd89091944c9576ce890c76afef11e9
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.i586.rpm     9fd89091944c9576ce890c76afef11e9
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm     c79ee1b3ffeb3f36edb495eee678e8a9
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.i586.rpm     c79ee1b3ffeb3f36edb495eee678e8a9
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm     7057a4d982a4bc1738d4ee662c9d87be
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.i586.rpm     7057a4d982a4bc1738d4ee662c9d87be
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm     6b225c38b27241a6290dd49da3be76a6
java-1.5.0-sun-plugin-1.5.0.18-1jpp.1.el4.i586.rpm     6b225c38b27241a6290dd49da3be76a6
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm     07e45743572987db7a4f13b83587582a
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.i586.rpm     07e45743572987db7a4f13b83587582a
 
x86_64:
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm     62c20869612e8df393131aabee543895
java-1.5.0-sun-1.5.0.18-1jpp.1.el4.x86_64.rpm     62c20869612e8df393131aabee543895
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm     e295ca14b530302a67a9d79350c1dd3f
java-1.5.0-sun-demo-1.5.0.18-1jpp.1.el4.x86_64.rpm     e295ca14b530302a67a9d79350c1dd3f
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm     fde5283c3a263c63e51b39d441abff17
java-1.5.0-sun-devel-1.5.0.18-1jpp.1.el4.x86_64.rpm     fde5283c3a263c63e51b39d441abff17
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm     d2a7a39d6eb18168d97209f3562bd73e
java-1.5.0-sun-jdbc-1.5.0.18-1jpp.1.el4.x86_64.rpm     d2a7a39d6eb18168d97209f3562bd73e
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm     a318424b11461b229662bd8af3da42ba
java-1.5.0-sun-src-1.5.0.18-1jpp.1.el4.x86_64.rpm     a318424b11461b229662bd8af3da42ba
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

395481 - CVE-2006-2426 Untrusted applet causes DoS by filling up disk space
490167 - CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680)
490168 - CVE-2009-1094 OpenJDK LDAP client remote code execution (6737315)
490169 - CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554)
490178 - CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability (6804998)
492302 - CVE-2009-1099 OpenJDK: Type1 font processing buffer overflow vulnerability
492305 - CVE-2009-1100 OpenJDK: DoS (disk consumption) via handling of temporary font files
492306 - CVE-2009-1103 OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860)
492308 - CVE-2009-1104 OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)
492312 - CVE-2009-1107 OpenJDK: Signed applet remote misuse possibility (6782871)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107
http://www.redhat.com/security/updates/classification/#critical
http://blogs.sun.com/security/entry/advance_notification_of_security_updates4

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/