Skip to navigation

Security Advisory Critical: java-1.4.2-ibm security update

Advisory: RHSA-2012:1485-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-11-22
Last updated on: 2012-11-22
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
CVEs (cve.mitre.org): CVE-2012-1531
CVE-2012-3216
CVE-2012-4820
CVE-2012-4822
CVE-2012-5073
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2013-1475

Details

Updated java-1.4.2-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 Supplementary. This is the last
update of these packages for Red Hat Enterprise Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the
IBM Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2012-1531, CVE-2012-3216,
CVE-2012-4820, CVE-2012-4822, CVE-2012-5073, CVE-2012-5079, CVE-2012-5081,
CVE-2012-5083, CVE-2012-5084)

This is the last update of the java-1.4.2-ibm packages in Red Hat
Enterprise Linux 5 Supplementary. Customers are advised to migrate to later
versions of Java at this time. More current versions of IBM Java SE
continue to be available via the Red Hat Enterprise Linux 5 Supplementary
channel. Customers should also consider OpenJDK which is the default Java
development and runtime environment in Red Hat Enterprise Linux. In
cases where it is not feasible to move to a later version of supported
Java, customers are advised to contact IBM to evaluate other options.

All users of java-1.4.2-ibm are advised to upgrade to these updated
packages, which contain the IBM J2SE 1.4.2 SR13-FP14 release. All running
instances of IBM Java must be restarted for this update to take effect


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Supplementary (v. 5 client)

IA-32:
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: c0f390cb1d60185868fc8abf8246d5e2
SHA-256: a73250b9fcd5013619803731af934a548b67e84556a8ef7b603deb5ddcc7ef4c
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 04210cd7a4a9d35125132fda6666804e
SHA-256: 7d325985a502ee57624284fbaea85ff50528d0d4889b134509560be1f0fc5ca6
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 3295cc11863ee20c38e542eddcf439ee
SHA-256: fd8f4040765b3022db5225935240591787cf76b8e7dee533915c69f8268d8f42
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e1ad17669c70794b97e7bd9552b2b1bb
SHA-256: e84ad21b78b708d6ec68199afc6025771b6299b74a85a42aa75d1ae2753b9713
java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 2e1417984bc9f6a384878b464852c758
SHA-256: 8b78a83a599f98f851f56a9a907ed20a8568ef653729c4bd5ac9dad6e02fb021
java-1.4.2-ibm-plugin-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e965726a367a3701f1194317fbe23dfd
SHA-256: e27a470ba73c07533d4b518b33dea03f50bf544da6b5b61cc9c26afc153dc6e2
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 626899e70bf9170b9f163b0287e33bb6
SHA-256: a0ae0391ecbc946ea659bf83a2c3d9436da9de69c73bd044ad56e4528d44c61a
 
x86_64:
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: c0f390cb1d60185868fc8abf8246d5e2
SHA-256: a73250b9fcd5013619803731af934a548b67e84556a8ef7b603deb5ddcc7ef4c
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 6a310636c65fc558acb2a33e387bbb86
SHA-256: 32301c2e7fdce5a36711f65d3ff7a6e7c79eb30321845ee88948b59cac40d7aa
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 04210cd7a4a9d35125132fda6666804e
SHA-256: 7d325985a502ee57624284fbaea85ff50528d0d4889b134509560be1f0fc5ca6
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 26a4cbbacbe19e9ff145e4cfe6506864
SHA-256: 17b69008b00d8856ab5cefea24216f00796c64d630d5ddc8bbd2e381d5e13c6c
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 3295cc11863ee20c38e542eddcf439ee
SHA-256: fd8f4040765b3022db5225935240591787cf76b8e7dee533915c69f8268d8f42
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 3207023f373b70ff3eefe299173b57e5
SHA-256: 7fc71559df3d281d6cea3678d12daf5f9d6e9336c92dad896b574ce93348638b
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e1ad17669c70794b97e7bd9552b2b1bb
SHA-256: e84ad21b78b708d6ec68199afc6025771b6299b74a85a42aa75d1ae2753b9713
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 7871bda2cbb4b0fa262bd663315dd6b3
SHA-256: ca9a80463e69f03f544a19afefcdf9b9e9aa43665376fbf418af70ccd40a4203
java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 2e1417984bc9f6a384878b464852c758
SHA-256: 8b78a83a599f98f851f56a9a907ed20a8568ef653729c4bd5ac9dad6e02fb021
java-1.4.2-ibm-plugin-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e965726a367a3701f1194317fbe23dfd
SHA-256: e27a470ba73c07533d4b518b33dea03f50bf544da6b5b61cc9c26afc153dc6e2
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 626899e70bf9170b9f163b0287e33bb6
SHA-256: a0ae0391ecbc946ea659bf83a2c3d9436da9de69c73bd044ad56e4528d44c61a
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: af7478494f59ef0559ad56633eaa2ce9
SHA-256: 18ed216e116b78e7fd3fb56485f8651664b3e90395bbfa19d8f1ce0d836991e7
 
RHEL Supplementary (v. 5 server)

IA-32:
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: c0f390cb1d60185868fc8abf8246d5e2
SHA-256: a73250b9fcd5013619803731af934a548b67e84556a8ef7b603deb5ddcc7ef4c
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 04210cd7a4a9d35125132fda6666804e
SHA-256: 7d325985a502ee57624284fbaea85ff50528d0d4889b134509560be1f0fc5ca6
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 3295cc11863ee20c38e542eddcf439ee
SHA-256: fd8f4040765b3022db5225935240591787cf76b8e7dee533915c69f8268d8f42
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e1ad17669c70794b97e7bd9552b2b1bb
SHA-256: e84ad21b78b708d6ec68199afc6025771b6299b74a85a42aa75d1ae2753b9713
java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 2e1417984bc9f6a384878b464852c758
SHA-256: 8b78a83a599f98f851f56a9a907ed20a8568ef653729c4bd5ac9dad6e02fb021
java-1.4.2-ibm-plugin-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e965726a367a3701f1194317fbe23dfd
SHA-256: e27a470ba73c07533d4b518b33dea03f50bf544da6b5b61cc9c26afc153dc6e2
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 626899e70bf9170b9f163b0287e33bb6
SHA-256: a0ae0391ecbc946ea659bf83a2c3d9436da9de69c73bd044ad56e4528d44c61a
 
IA-64:
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.ia64.rpm     MD5: 3560e07ab4cae9363a46d388e3cd7a61
SHA-256: 8a6f06d97522b735b5c66b8e6616448cf20a25a78961823bd4ff5b26a2ee93d7
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.ia64.rpm     MD5: 516e19ac12ce3b74462a88f472f0a989
SHA-256: 7f11e1d8b5dc5f71e2ac3d7e58f5960c48d4b8453ac2cba4265307e76fe31b05
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.ia64.rpm     MD5: 954fdbd61d5a78e0de7119085a6eb778
SHA-256: c0b349abc3000b3625b883e54dc53c93ef1c897cf470a0e6b6af5f8105b93f20
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.ia64.rpm     MD5: 4f09a1e0bde45854195039993bb06ca2
SHA-256: c7382715a93028286003bce80bdd3113f0d036cb8031739179ab93f96c8acdfb
 
PPC:
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.ppc.rpm     MD5: 4e8b071afc0a98e02c37ed6eba4d6236
SHA-256: 16e8194c96117f5c3becb0cc0fc02c760eb1e503fd7fccdf633c990ab340bf70
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.ppc64.rpm     MD5: 22542431681b8acdc6beaedb1853a170
SHA-256: 24a12ac484e1d9ad24ff713c3a3f34206c41829e8a13b4ae5aeeb51925e70993
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.ppc.rpm     MD5: 1b03b0e0e9c29b6492d834956f5d24a6
SHA-256: fddc601061fd24427e8bf631476960d4770cd6b33786527d393285c11c9de685
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.ppc64.rpm     MD5: 1c4cc325fa5ed18c369ab1067b76acec
SHA-256: d58b83945be312490ae3d89a4bacb65ddd06a6b40082a33a56c1d37c86f8cde0
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.ppc.rpm     MD5: e4e8f87f9d67c8d434ecabdc7efe0dfe
SHA-256: 5f9d18aec3e6412f16401c10468f0d585377ef8ac3e0c314ae8a3d6f021f4812
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.ppc64.rpm     MD5: 9e8bc9c5c1eea025df8a6e7a08200bd5
SHA-256: 35b5ebc321520fb5415d693a20c2dc1a1cdfc54d78ae8f3bc32036d146e9ac9c
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.ppc.rpm     MD5: b83ee42efd5cd678e319a9841f76c0f5
SHA-256: a51d0785d4fcc4c847643a73bf9109349078e31ca48c0c1446091602d29de378
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.ppc64.rpm     MD5: b11362a700d3562f18d5232d829fb422
SHA-256: c214da0426d2b7105a66cbdb47ec045109cf9d8f441b756abf61f20369bb98d3
java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8.ppc.rpm     MD5: 9a1d7da880a5c7c5fc9f9e0c39a18f11
SHA-256: 0780f11b58c3e22ae17f6b2f666f0334e006da602c0be3d9a0be9f01ef4c3722
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.ppc.rpm     MD5: 1407189d6885e175a132d2fb8eab4977
SHA-256: 84a49bee62a7d9010a08c73fe4919373fc56042dd605fd89cffddb100afaacdd
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.ppc64.rpm     MD5: 84caf63409cae5ad0119956ee0b975de
SHA-256: d296e596c918a68ba9beade6471b4e14b48e215d60e554574c261b5663199f0d
 
s390x:
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.s390.rpm     MD5: 7ff32d86fda91b1e86f6e269243ce63c
SHA-256: e2f1174c8f2f00375441532bad270415652190909fb82365555b1306b89f7c89
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.s390x.rpm     MD5: 20a0358672b41b24626cd890bd2413f2
SHA-256: f250824b77ea0a2732f2041c15797a74f4ae12caf143580f6981cb9922386f9b
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.s390.rpm     MD5: fda64af5d9bc6440d625854c30fcaa76
SHA-256: d9faa0bf0d327f388ff91a94753fa465f9ff2b759998a8c4de3f489d69221952
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.s390x.rpm     MD5: 637a9fd4f80c1278ec525dd360e83d40
SHA-256: ed2b18ca4133555293c73ec71d8a26ddf5b0d5485afd1f25b1a73ddf7014951b
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.s390.rpm     MD5: 44139516eeb83d3261653e796f3ad0a9
SHA-256: 1ee11d5fa42c30c8fbc6ce4670e427cfeaaad4944483978f14bd3379d4f7039d
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.s390x.rpm     MD5: 2acf1d11bdfa224da55992039ae091ea
SHA-256: 651ccc5e35eeaa03947616ef8187cfdca3f0e501d9bdf852ef1ef5c877414920
java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8.s390.rpm     MD5: 4c08268853f0c6ac0be1c6756924a74a
SHA-256: 4bd3721bf07629289cd366d1249ec485d9630ef31ccefe7f705881d676139dbb
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.s390.rpm     MD5: 1c81a9b364277990ec74c6a9b6850a86
SHA-256: bea6262e1c9b2f7e9bfa467ddcbfd5ea8a5ab7dce5a0f95d93ef966de94bf40f
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.s390x.rpm     MD5: b015d8ebbe544f7baabb80dc26567558
SHA-256: bd88deb48c14bba9b8ca8de493ee739363b30551acf22d6efc8e1fecdc79a339
 
x86_64:
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: c0f390cb1d60185868fc8abf8246d5e2
SHA-256: a73250b9fcd5013619803731af934a548b67e84556a8ef7b603deb5ddcc7ef4c
java-1.4.2-ibm-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 6a310636c65fc558acb2a33e387bbb86
SHA-256: 32301c2e7fdce5a36711f65d3ff7a6e7c79eb30321845ee88948b59cac40d7aa
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 04210cd7a4a9d35125132fda6666804e
SHA-256: 7d325985a502ee57624284fbaea85ff50528d0d4889b134509560be1f0fc5ca6
java-1.4.2-ibm-demo-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 26a4cbbacbe19e9ff145e4cfe6506864
SHA-256: 17b69008b00d8856ab5cefea24216f00796c64d630d5ddc8bbd2e381d5e13c6c
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 3295cc11863ee20c38e542eddcf439ee
SHA-256: fd8f4040765b3022db5225935240591787cf76b8e7dee533915c69f8268d8f42
java-1.4.2-ibm-devel-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 3207023f373b70ff3eefe299173b57e5
SHA-256: 7fc71559df3d281d6cea3678d12daf5f9d6e9336c92dad896b574ce93348638b
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e1ad17669c70794b97e7bd9552b2b1bb
SHA-256: e84ad21b78b708d6ec68199afc6025771b6299b74a85a42aa75d1ae2753b9713
java-1.4.2-ibm-javacomm-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: 7871bda2cbb4b0fa262bd663315dd6b3
SHA-256: ca9a80463e69f03f544a19afefcdf9b9e9aa43665376fbf418af70ccd40a4203
java-1.4.2-ibm-jdbc-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 2e1417984bc9f6a384878b464852c758
SHA-256: 8b78a83a599f98f851f56a9a907ed20a8568ef653729c4bd5ac9dad6e02fb021
java-1.4.2-ibm-plugin-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: e965726a367a3701f1194317fbe23dfd
SHA-256: e27a470ba73c07533d4b518b33dea03f50bf544da6b5b61cc9c26afc153dc6e2
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.i386.rpm     MD5: 626899e70bf9170b9f163b0287e33bb6
SHA-256: a0ae0391ecbc946ea659bf83a2c3d9436da9de69c73bd044ad56e4528d44c61a
java-1.4.2-ibm-src-1.4.2.13.14-1jpp.1.el5_8.x86_64.rpm     MD5: af7478494f59ef0559ad56633eaa2ce9
SHA-256: 18ed216e116b78e7fd3fb56485f8651664b3e90395bbfa19d8f1ce0d836991e7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution
876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/