Skip to navigation

Security Advisory Critical: java-1.5.0-ibm security update

Advisory: RHSA-2007:0167-5
Type: Security Advisory
Severity: Critical
Issued on: 2007-04-25
Last updated on: 2007-04-25
Affected Products: RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 4)
CVEs (cve.mitre.org): CVE-2007-0243

Details

java-1.5.0-ibm packages that correct a security issue are available for Red
Hat Enterprise Linux 5 Supplementary and Enterprise Linux 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A flaw in GIF image handling was found in the SUN Java Runtime Environment
that has now been reported as also affecting IBM Java 2. An untrusted
applet or application could use this flaw to elevate its privileges and
potentially execute arbitrary code. (CVE-2007-0243)

This update also resolves the following issues:

* The java-1.5.0-ibm-plugin sub-package conflicted with the new
java-1.5.0-sun-plugin sub-package.

* The java-1.5.0-ibm-plugin package had incorrect dependencies. The
java-1.5.0-ibm-alsa package has been merged into the java-1.5.0-ibm package
to resolve this issue.

All users of java-ibm-1.5.0 should upgrade to these packages, which contain
IBM's 1.5.0 SR4 Java release which resolves these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

RHEL Supplementary (v. 5 server)

IA-32:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: dbd828f7090bdd3fba290f7ac1fb09dc
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 5cd4a507db7f5fda5ef7eff6ccf1ddbd
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 8bf3a410ff1b74e750efc6666e3eae1a
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 5d1526e01b38b377cea5a941e388e3b8
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 9c4faa2a25ce85c74e247fbb8c045fcb
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 69c8ad6857e9e23802d62a35bea92f35
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 7c9baae9b7ad1c943e3237f0eb549554
 
PPC:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2014:0136
    MD5: e1174ad5c8f5ceaf2f014c66a57c845d
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2014:0136
    MD5: 3dfe1d4672eac020f59cded037e6ff1f
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2014:0136
    MD5: 1e5b3c700bdc2dd8830dd64f051da9f2
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2014:0136
    MD5: 92693b273ca80e3c2e64ae77ffc998b4
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2014:0136
    MD5: 982126fd7fe1828935e46e69402d9a8b
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2014:0136
    MD5: b61e3c444482fb58d8596a9c5e2c62dd
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.ppc.rpm
File outdated by:  RHSA-2014:0136
    MD5: 4345df9c7d754fd084bec67b556d3644
 
s390x:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2014:0136
    MD5: e5e1ee24f6afd48180d6cde8ac4f5429
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2014:0136
    MD5: fc3a2e7aedd828a647cdab142b7356e7
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2014:0136
    MD5: 520b319f172a5b424e6eaecd591225a3
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2014:0136
    MD5: 5a43aaf47f327655030aad464364e021
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2014:0136
    MD5: b39cc9a975dea83fcc77d54114bc93d7
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2014:0136
    MD5: ddc58078f413e5ab1f156bb0577ffe0b
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2014:0136
    MD5: 44cfd2c55b54b44209f5e2cf03511006
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390.rpm
File outdated by:  RHSA-2014:0136
    MD5: b48b4d78e567a63b0e025b523ff7ddee
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390x.rpm
File outdated by:  RHSA-2014:0136
    MD5: ea59de0f929b876ee0d6b398c4604151
 
x86_64:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: dbd828f7090bdd3fba290f7ac1fb09dc
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2014:0136
    MD5: b6a02279ee90333160031de73abc2b50
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 5cd4a507db7f5fda5ef7eff6ccf1ddbd
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2014:0136
    MD5: c841470242d09e0be886362953d78747
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 8bf3a410ff1b74e750efc6666e3eae1a
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2014:0136
    MD5: 3f975a9cd9353a3cd8f964350b5b81b4
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 5d1526e01b38b377cea5a941e388e3b8
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2014:0136
    MD5: d7b9ef47c336f0cf71cfe21374a21db2
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 9c4faa2a25ce85c74e247fbb8c045fcb
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 69c8ad6857e9e23802d62a35bea92f35
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm
File outdated by:  RHSA-2014:0136
    MD5: 7c9baae9b7ad1c943e3237f0eb549554
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.x86_64.rpm
File outdated by:  RHSA-2014:0136
    MD5: e39189c5480464ffe159e8af0cf00e66
 
Red Hat Enterprise Linux Extras (v. 4)

IA-32:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2011:1478
    MD5: 38ff038ce167616812f5358966b37ccc
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2011:1478
    MD5: f08e9be3a54794f05b2736f87a73913a
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2011:1478
    MD5: c180126eb4cc496bbcc8500b3a935046
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2011:1478
    MD5: 822575c557d2a1b9cf7e5c7a83a89a52
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2011:1478
    MD5: bc6907c64649848d1724e7eff9efba81
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2011:1478
    MD5: c9583a7dffd5f9cfebe30fac9de8e45a
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
File outdated by:  RHSA-2011:1478
    MD5: f4dca5cf8fcba96f0c2f9ef17154096c
 
PPC:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2011:1478
    MD5: 43788155c5cdcb27fd3d093a4c1cf667
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2011:1478
    MD5: d8fdc035deb93edfc6e6c2f48e9a9010
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2011:1478
    MD5: 1409e0ff52355d5f6e9f1f8e4da4e051
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2011:1478
    MD5: 61c8c9d45e4e4a7fa8f32dfcd16ec04e
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2011:1478
    MD5: 8470e8ba5c2d082e7a19af939eca839b
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2011:1478
    MD5: 0d61019ea1092ca4720b421839d7e8dc
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.ppc.rpm
File outdated by:  RHSA-2011:1478
    MD5: c29a7df85b6ac486f026c691e7d5690a
 
s390:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2011:1478
    MD5: f42111b5d5638abac2e0de1f2681ea32
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2011:1478
    MD5: 6d8734dfaef07346c2ec5a78b9b60de8
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2011:1478
    MD5: 32e562c42d105c40949b74696ea8c763
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2011:1478
    MD5: 90f97a87deb9f605c33e7baa85aa4559
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.s390.rpm
File outdated by:  RHSA-2011:1478
    MD5: 780d41e090800dc44978819580356acd
 
s390x:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2011:1478
    MD5: b44dbe1fbbf0223d0df62885a171b30b
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2011:1478
    MD5: c2584bf412075e193b04897529d10915
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2011:1478
    MD5: dbbd45c7b7db65097eaded5268a6ecf2
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.s390x.rpm
File outdated by:  RHSA-2011:1478
    MD5: c478ca881bc3c81b7e9a2fe2e576c479
 
x86_64:
java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2011:1478
    MD5: 23a6f88855d3f3b915c709b361baaa8b
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2011:1478
    MD5: c27bd6f70802ae563db34d5119a110c2
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2011:1478
    MD5: e6c95d3ba53f6c698e0e824a857fc6a5
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2011:1478
    MD5: adae7780de3e8f866b643ca64c10356a
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
File outdated by:  RHSA-2011:1478
    MD5: 22383a1f44580168a7bc09ca0966a91c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

236894 - CVE-2007-0243 GIF buffer overflow
237281 - CVE-2007-0243 GIF buffer overflow
237290 - Installation of all Extras packages generates package conflict
237685 - plugin does not initialize


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/