Skip to navigation

Security Advisory Critical: java-1.5.0-sun security update

Advisory: RHSA-2009:1199-1
Type: Security Advisory
Severity: Critical
Issued on: 2009-08-06
Last updated on: 2009-08-06
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
RHEL Supplementary EUS (v. 5.3.z server)
RHEL Supplementary Long Life (v. 5.3 server)
Red Hat Enterprise Linux Extras (v. 4)
Red Hat Enterprise Linux Extras (v. 4.8.z)
CVEs (cve.mitre.org): CVE-2009-2475
CVE-2009-2625
CVE-2009-2670
CVE-2009-2671
CVE-2009-2672
CVE-2009-2673
CVE-2009-2675
CVE-2009-2676
CVE-2009-2689
CVE-2009-2720
CVE-2009-2721
CVE-2009-2722
CVE-2009-2723
CVE-2009-2724

Details

Updated java-1.5.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and
the Sun Java 5 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 5 Runtime
Environment and the Sun Java 5 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689)

Users of java-1.5.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Supplementary (v. 5 client)

IA-32:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: a5ac0998217b44386a7b5c9fe13720c9
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: a032d063c397796bdd7e037468b933b8
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 8912adef68c194585cf13025bb09fd15
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 5943130b2e205e25c6dfc8556340a27a
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 103fce787c2eb79b4b057392ddda8503
 
x86_64:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 8bd672a4f3c56be313dd0451fbf3d3d8
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 80686a4c3f43b836122ad0cede3198b9
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: c5400ee7923032675229729312cc0ca7
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: baf0cef4c25a6f39a98f97995f186be8
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 6e36c0c92b43782582d45ea092dd2914
 
RHEL Supplementary (v. 5 server)

IA-32:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: a5ac0998217b44386a7b5c9fe13720c9
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: a032d063c397796bdd7e037468b933b8
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 8912adef68c194585cf13025bb09fd15
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 5943130b2e205e25c6dfc8556340a27a
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 103fce787c2eb79b4b057392ddda8503
 
x86_64:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 8bd672a4f3c56be313dd0451fbf3d3d8
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 80686a4c3f43b836122ad0cede3198b9
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: c5400ee7923032675229729312cc0ca7
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: baf0cef4c25a6f39a98f97995f186be8
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 6e36c0c92b43782582d45ea092dd2914
 
RHEL Supplementary EUS (v. 5.3.z server)

IA-32:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: a5ac0998217b44386a7b5c9fe13720c9
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: a032d063c397796bdd7e037468b933b8
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: 8912adef68c194585cf13025bb09fd15
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: 5943130b2e205e25c6dfc8556340a27a
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: 103fce787c2eb79b4b057392ddda8503
 
x86_64:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: 8bd672a4f3c56be313dd0451fbf3d3d8
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: 80686a4c3f43b836122ad0cede3198b9
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: c5400ee7923032675229729312cc0ca7
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: baf0cef4c25a6f39a98f97995f186be8
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: 6e36c0c92b43782582d45ea092dd2914
 
RHEL Supplementary Long Life (v. 5.3 server)

IA-32:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: a5ac0998217b44386a7b5c9fe13720c9
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: a032d063c397796bdd7e037468b933b8
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: 8912adef68c194585cf13025bb09fd15
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: 5943130b2e205e25c6dfc8556340a27a
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: 103fce787c2eb79b4b057392ddda8503
 
x86_64:
java-1.5.0-sun-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: 8bd672a4f3c56be313dd0451fbf3d3d8
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: 80686a4c3f43b836122ad0cede3198b9
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: c5400ee7923032675229729312cc0ca7
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: baf0cef4c25a6f39a98f97995f186be8
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el5.i586.rpm     MD5: cf7096c2c920800307baba8c8182e4d7
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el5.x86_64.rpm     MD5: 6e36c0c92b43782582d45ea092dd2914
 
Red Hat Enterprise Linux Extras (v. 4)

IA-32:
java-1.5.0-sun-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: cb595deb3f476733683dfbcb7a4a02ae
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 73b3fc6e6350dac24399e1d20d533df8
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 01e9adace5ca0ec0762379dc5f5fc1b7
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 3efc20b557bb570f8a332cc2d1c24e82
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 4a05d61ee0c53e8d7808e891273184d5
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 9b79ff768679e635c071b72dce421162
 
x86_64:
java-1.5.0-sun-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 5906652b345afc471bd4671a66ab64eb
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: a266df1e9d1d9765c65a25cb76f9f4b2
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: fac6ee3a1509ec49a52cb520e0b44733
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: ad6a64258da408a83ae5e3ffe4e05e26
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 469797af0434fcb4a3e1268a3ad51070
 
Red Hat Enterprise Linux Extras (v. 4.8.z)

IA-32:
java-1.5.0-sun-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: cb595deb3f476733683dfbcb7a4a02ae
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 73b3fc6e6350dac24399e1d20d533df8
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 01e9adace5ca0ec0762379dc5f5fc1b7
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 3efc20b557bb570f8a332cc2d1c24e82
java-1.5.0-sun-plugin-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 4a05d61ee0c53e8d7808e891273184d5
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2009:1571
    MD5: 9b79ff768679e635c071b72dce421162
 
x86_64:
java-1.5.0-sun-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 5906652b345afc471bd4671a66ab64eb
java-1.5.0-sun-demo-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: a266df1e9d1d9765c65a25cb76f9f4b2
java-1.5.0-sun-devel-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: fac6ee3a1509ec49a52cb520e0b44733
java-1.5.0-sun-jdbc-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: ad6a64258da408a83ae5e3ffe4e05e26
java-1.5.0-sun-src-1.5.0.20-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2009:1571
    MD5: 469797af0434fcb4a3e1268a3ad51070
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

512896 - CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)
512907 - CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)
512914 - CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497)
512920 - CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335)
512921 - CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)
513215 - CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
513222 - CVE-2009-2689 OpenJDK JDK13Services grants unnecessary privileges (6777448)
515890 - CVE-2009-2676 JRE applet launcher vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/