Skip to navigation

Security Advisory Critical: java-1.4.2-ibm security update

Advisory: RHSA-2007:0166-2
Type: Security Advisory
Severity: Critical
Issued on: 2007-04-25
Last updated on: 2007-04-25
Affected Products: RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 3)
Red Hat Enterprise Linux Extras (v. 4)
CVEs (cve.mitre.org): CVE-2007-0243

Details

Updated java-1.4.2-ibm packages to correct a security issue are now
available for Red Hat Enterprise Linux 3 and 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

IBM's 1.4.2 SR8 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.

A flaw in GIF image handling was found in the SUN Java Runtime Environment
that has now been reported as also affecting IBM Java 2. An untrusted
applet or application could use this flaw to elevate its privileges and
potentially execute arbitrary code. (CVE-2007-0243)

All users of java-1.4.2-ibm should upgrade to these updated packages, which
contain IBM's 1.4.2 SR8 Java release which resolves this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

RHEL Supplementary (v. 5 server)

IA-32:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: fde62c7ec6cb3547b825658de08ef497
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 2441770b8774e5e97422bca23c2fd537
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: fd4508a264658671aa55b546d033fc1f
java-1.4.2-ibm-javacomm-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 0fd13ed6620b5e6a664e7c9601a5989b
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 8ebdc1a58efdfb84cf8577f2c7c28035
java-1.4.2-ibm-plugin-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: a3dcfd8852e6672e0d6fa75a6893a5cc
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 19658c06090464751a6420d641eb59cf
 
IA-64:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el5.ia64.rpm
File outdated by:  RHSA-2012:1485
    MD5: 67728d0073e0ce912aa95e3c2b248465
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el5.ia64.rpm
File outdated by:  RHSA-2012:1485
    MD5: 843f3c7b52f3875b7cfdea96c69db297
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el5.ia64.rpm
File outdated by:  RHSA-2012:1485
    MD5: 59717ee6d78a5c068cdd19af8919ae22
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el5.ia64.rpm
File outdated by:  RHSA-2012:1485
    MD5: cff77926ecb5914585f472940512eade
 
PPC:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2012:1485
    MD5: b7a5b434484d4d1b82b9c97dc8f76083
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2012:1485
    MD5: d0f84b3774c01f1d8d9de2fd46894846
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2012:1485
    MD5: 890b11500a6df2cd30e44a2e09251f79
java-1.4.2-ibm-javacomm-1.4.2.8-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2012:1485
    MD5: 6e7ff10d23a4e8217d7d7375a2a53fd8
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2012:1485
    MD5: 80630f79920239b03cbcd47fb5693af3
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2012:1485
    MD5: e88f13c8c73f2d429c530f4d7405bf67
 
s390x:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2012:1485
    MD5: 0ac074a379d972ca235cefe6ecdc37a8
java-1.4.2-ibm-1.4.2.8-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2012:1485
    MD5: 5d35dd6367dea9f88ca196318c2d64f8
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2012:1485
    MD5: 9645687fa4084cb1c3a3e8431c38bb90
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2012:1485
    MD5: 246cd7a4f1e26288817ef4de054fa669
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2012:1485
    MD5: 13cbd09638af4754e547c5bdd0c351f0
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2012:1485
    MD5: 1a1d38b6cdb838992a7bdc6eba1a4975
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2012:1485
    MD5: 7da966cf9908b3b20b67fb19b9d3f6ea
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2012:1485
    MD5: 243dbe1ede110fe6de2e2847087b2dbd
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2012:1485
    MD5: 306d0a7061f0c77b01b9c64b55180cbd
 
x86_64:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: fde62c7ec6cb3547b825658de08ef497
java-1.4.2-ibm-1.4.2.8-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2012:1485
    MD5: 33135e5bb5c59c10d5bc79e415eb7ef7
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 2441770b8774e5e97422bca23c2fd537
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2012:1485
    MD5: 508c100e6abceb8416928df3845afca3
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: fd4508a264658671aa55b546d033fc1f
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2012:1485
    MD5: fd33666a22a130f3f7bea88ce7f3d52f
java-1.4.2-ibm-javacomm-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 0fd13ed6620b5e6a664e7c9601a5989b
java-1.4.2-ibm-javacomm-1.4.2.8-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2012:1485
    MD5: 80d21d9e69872091d6ef7a6a07d8e9a7
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 8ebdc1a58efdfb84cf8577f2c7c28035
java-1.4.2-ibm-plugin-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: a3dcfd8852e6672e0d6fa75a6893a5cc
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2012:1485
    MD5: 19658c06090464751a6420d641eb59cf
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2012:1485
    MD5: f149c5dd132f0afc9c4056b45d112f7f
 
Red Hat Enterprise Linux Extras (v. 3)

IA-32:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: 61b02adb1c887f227fb8189315a259a2
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: 6289d0975fbbbe5a3829701d219704f3
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: b3480414b7cf9bc1dc50c17e9d280b1c
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: dc5414a781421b780f7889edbb1eba04
java-1.4.2-ibm-plugin-1.4.2.8-1jpp.1.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: ec088fbdd451d6bd78efa0aadb340c79
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el3.i386.rpm
File outdated by:  RHSA-2010:0786
    MD5: c66de953ccf4b58dff7e992eabeba755
 
IA-64:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 152c637400aea0f431e6f808114c4153
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 1ac9b53b5cad530ef70281193572fca8
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 8c9ab1d1e12e97340632dbf595a6d5dd
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el3.ia64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 92e60a74f6aa5680f307f90c7966e37b
 
PPC:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 367588d479719873b5639aee2e11fa8e
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 9d4810ab24899c79b6050638a5506f83
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 15b73b75d63ffb8e51a39570e253abb4
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 695173ba6c03f88e0748353cb7382fae
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el3.ppc.rpm
File outdated by:  RHSA-2010:0786
    MD5: 31867a9ab592595defca3a5e0aa6ef16
 
s390:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: da9dca53607d8a60d74659683f2b809d
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: e4c920e34324511eb4a59ea0ac1d0f15
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: f1dc4b222e01027f383fa79aeabe7c2d
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: 53434c2c82c4ba6c08f0159da88e5982
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el3.s390.rpm
File outdated by:  RHSA-2010:0786
    MD5: bc13a5ab2807fe564474729e21860726
 
s390x:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: a61c9c92f16b2af76f00bf210dd283bd
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: 889efc35063373996412ecd59b1b2ad8
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: f6cb7173de2909f804f76d0753f1b7b2
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el3.s390x.rpm
File outdated by:  RHSA-2010:0786
    MD5: 74f32d1a522c08915ca1811261acfa3b
 
x86_64:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 9c22800bb36d34a8027484c92212c4a5
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: de58d40183ad4764a011543294aac510
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 6dda6a9546a11797adf3ebfe5712a417
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el3.x86_64.rpm
File outdated by:  RHSA-2010:0786
    MD5: 5be1ff9b678bad95f97303e28bb337eb
 
Red Hat Enterprise Linux Extras (v. 4)

IA-32:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: c228e5098eb86dc72d0adcc5e7781d58
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 3e60904cc452668d1ee7e5e6bb62fac2
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: b00a5ed6769885746d44d00fcbadf153
java-1.4.2-ibm-javacomm-1.4.2.8-1jpp.1.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 610bb77e73cc922434c0c0ef19f19a5c
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: b7bcc5fee5a8a3afe9c20a4297aea510
java-1.4.2-ibm-plugin-1.4.2.8-1jpp.1.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 91cbcc3f91c4f306672dd90129bd3449
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el4.i386.rpm
File outdated by:  RHSA-2012:0006
    MD5: 34588a5b432aea5e350684af616b461a
 
IA-64:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 0710b05c9a6d4aa2409668271db36025
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 6246a69329e51bb302e3a1d3ec1f3701
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: d976641930576c7dd14876f155e71cd5
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el4.ia64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 92f637b8b67477285f3d6e2e1e3ccc43
 
PPC:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: d1d5cfb5f9bd8698f92b971b91c49191
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: b92ed893c2312d43525b21d42341acdf
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: 7aeecd164362783379d8a0486213d8e3
java-1.4.2-ibm-javacomm-1.4.2.8-1jpp.1.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: adf69473fe15a361c4ba265fa0b055ea
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: d4906d4d9d978a1f4d6cd0189b2e53c9
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el4.ppc.rpm
File outdated by:  RHSA-2012:0006
    MD5: 0086aabb49795b4d45bf3be025ae7d62
 
s390:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: 699e442a996e1a1988ee569ab83fac53
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: 3fba6e65aa2d8f36fad08cd9e5c30bf0
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: 83303f708d45044930bd510d58147411
java-1.4.2-ibm-jdbc-1.4.2.8-1jpp.1.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: d4e5cbf2253b57f30ae563fce8db7952
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el4.s390.rpm
File outdated by:  RHSA-2012:0006
    MD5: 4089e5163fcab9af5d25f31f69606acc
 
s390x:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: 382ae8c79c1e856e5fb120993e0deac3
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: 9a4cc8ab4f5b04d8f3438da063bcb47e
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: 972e3ae37c266f5cced89512acaebe11
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el4.s390x.rpm
File outdated by:  RHSA-2012:0006
    MD5: 96e90fd849d7ea1806dfd8a62ecd6637
 
x86_64:
java-1.4.2-ibm-1.4.2.8-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 7f1f337f9333e1e41a3acc9f9c390d90
java-1.4.2-ibm-demo-1.4.2.8-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 73fa5ed06983ae5a445a7a2683b72f1b
java-1.4.2-ibm-devel-1.4.2.8-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 5a31849e9bd9b8ec06130dd9b70356be
java-1.4.2-ibm-javacomm-1.4.2.8-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 7c064af5f50c7a24de55c3cbc062f664
java-1.4.2-ibm-src-1.4.2.8-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0006
    MD5: 57c358a1a0e26c66d0d2ff20bd7fba44
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

236892 - CVE-2007-0243 GIF buffer overflow
237283 - CVE-2007-0243 GIF buffer overflow
237284 - CVE-2007-0243 GIF buffer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/