Skip to navigation

Security Advisory Critical: java-1.4.2-ibm security update

Advisory: RHSA-2007:0062-2
Type: Security Advisory
Severity: Critical
Issued on: 2007-02-07
Last updated on: 2007-02-07
Affected Products: Red Hat Enterprise Linux Extras (v. 3)
Red Hat Enterprise Linux Extras (v. 4)
CVEs (cve.mitre.org): CVE-2006-4339
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745

Details

Updated java-1.4.2-ibm packages to correct several security issues are now
available for Red Hat Enterprise Linux 3 and 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

IBM's 1.4.2 SR7 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.

A number of security issues were found:

Vulnerabilities were discovered in the Java Runtime Environment. An
untrusted applet could use these vulnerabilities to access data from other
applets. (CVE-2006-6736, CVE-2006-6737)

Serialization flaws were discovered in the Java Runtime Environment. An
untrusted applet or application could use these flaws to elevate its
privileges. (CVE-2006-6745)

Buffer overflow vulnerabilities were discovered in the Java Runtime
Environment. An untrusted applet could use these flaws to elevate its
privileges, possibly reading and writing local files or executing local
applications. (CVE-2006-6731)

Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures.
Where an RSA key with exponent 3 is used it may be possible for an attacker
to forge a PKCS #1 v1.5 signature that would be incorrectly verified by
implementations that do not check for excess data in the RSA exponentiation
result of the signature. (CVE-2006-4339)

All users of java-1.4.2-ibm should upgrade to these updated packages, which
contain IBM's 1.4.2 SR7 Java release which resolves these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux Extras (v. 3)

IA-32:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: e7450b145da72cd7df3d7b9eabb672dc
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: a0658fd7cf3543965f2b6a3ff7a675ae
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: 32f05440f20c1f7a45736beba22d7bd2
java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: 8c664c87d87efd40e937b9ad2ae659d5
java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: 9174b55fd33680c3eaa09c2def109753
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: 395153b4b890249469b8e1f18673f66d
 
IA-64:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 9571ca41f69035894760e4e9e6de61a1
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 6cce9e4c37e6bc1b52e2201bad040ac0
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: e0dd38c2639885d1ccf964cf4e045289
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 6e859d8ca4885c93cf08ff4d22e10b0f
 
PPC:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 69ded60046e91ba9348ccff2e52ebf17
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 550284dbfa734add72eca30901d83c1f
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 9aa5ee3ec845826d39af26f6883f3a1b
java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 244ca4300d6836baedda66db772fc496
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: c73781419d273f37f97d8ce82b311e06
 
s390:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: 75cd8c41222044a08be04ee95cac3a69
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: d9515b48f0e376124b95f863a0e119b1
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: 7ab30161aa45ba80855b0d2e076d26c7
java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: 9e6b279d59ca128a8dbd13d3d606c9fe
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: a4bb1c49be860aab8e93b19a8176ff6c
 
s390x:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: 12c5031365228f5f19eee8a215ef9ee4
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: 8409692fe20686679d58f612d717e40a
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: d2d32c3276a9c00ac4734a2a8f1ffb96
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: 8a16cefe0fbb4f8247759f09cdcf6785
 
x86_64:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 82547c355444694fd0b2b8dbb6287a12
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 0d47bf67675dfee8814d9f5cbd430f35
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 120deecf68b62f7263bcebbd65c6bd89
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 7be9dc42fac394d88d3b0692e8b55d88
 
Red Hat Enterprise Linux Extras (v. 4)

IA-32:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: b7264df6d752971972379c417acdd542
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: c74450baebca6f946e30e75f38675e15
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 5e28c4902e574860651c603b26f8e437
java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 130198d2be48375779e309cd7aa9ddcd
java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 76f4fe9ec6e40c550d04ba215b56649a
java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 06f53b5223f6cb0989eb6d2c1c709ace
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 3937cebe4d2430437d8376c071ff3f6e
 
IA-64:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 91095470fd69f0f9d7632236120e7d0a
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 971f88fbd24d4bc41f20291aa4386347
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 40425175a220f0f780eb5dca44dfa55e
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 753c21317025a630423d2c205968c1ea
 
PPC:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: d6df0373e049ef2b4603b7ae51d133a3
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: b2c6b236dafbb63472bd3fce88593fb6
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: 09c905c7b0997db62830bc2cb0c087f4
java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: 2d75e1570dcf7d9bd40ade448a652583
java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: c0a9a08712bc162e66ecd4c21962c083
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: 6fb51c79625fc5e7d2e0657211dc372c
 
s390:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: 1047e8cd790022fb4d4a9e4e51689d89
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: cbf3ee99f0d886ee7b286bfc327fa33e
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: f5bd779019897c4d7acaca6db3ec3ddf
java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: e85b10f20043b11acc4143dfb23da242
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: 9f86a4f4e4a7d0a774e3e720c2a3ebfb
 
s390x:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: c5d86501250a1bc8626b1a9840f2ef0a
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: d900d6335508f7ec99262ad8e76b35dc
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: 5e0d2f22106c6737eba6ebed99ed63b4
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: c5f5a4b28adf551cffc4a3872b65420c
 
x86_64:
java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: e0efba6fedf580dc163d3363f1f58f9d
java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 7d2ea6f7b85d9b6679418735388463bd
java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 04ca69cd86facb7e6da94dca5f7c4741
java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 6686e763dbe66aa089d9f5952af474af
java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: e6ac211159748fac80c30ea6838b769a
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

226981 - CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)
226984 - CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/