Synopsis

Critical: java-1.5.0-ibm security update

Type/Severity

Security Advisory: Critical

Topic

java-1.5.0-ibm packages that correct a security issue are available for Red
Hat Enterprise Linux 5 Supplementary and Enterprise Linux 4 Extras.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A flaw in GIF image handling was found in the SUN Java Runtime Environment
that has now been reported as also affecting IBM Java 2. An untrusted
applet or application could use this flaw to elevate its privileges and
potentially execute arbitrary code. (CVE-2007-0243)

This update also resolves the following issues:

• The java-1.5.0-ibm-plugin sub-package conflicted with the new
  java-1.5.0-sun-plugin sub-package.
  
• The java-1.5.0-ibm-plugin package had incorrect dependencies. The
  java-1.5.0-ibm-alsa package has been merged into the java-1.5.0-ibm package
  to resolve this issue.
  

All users of java-ibm-1.5.0 should upgrade to these packages, which contain
IBM's 1.5.0 SR4 Java release which resolves these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux for Power, big endian 4 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 236894 - CVE-2007-0243 GIF buffer overflow
• BZ - 237281 - CVE-2007-0243 GIF buffer overflow
• BZ - 237290 - Installation of all Extras packages generates package conflict
• BZ - 237685 - plugin does not initialize

CVEs

• CVE-2007-0243

References

• http://www-128.ibm.com/developerworks/java/jdk/alerts/
• http://www.redhat.com/security/updates/classification/#critical

Red Hat Enterprise Linux Server 5

SRPM
x86_64
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: a91e178d64dc11a3b1ff191781641a81f666867bfc010827e8409f739dedc225
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: cb70100b1e7c290823aa2a267d9e8b6be90fcea2c3eeae53b5c81a8b04c66559
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: e1089edde0f340b73b33652070511378baf03b33043ae7d95c587fd7dbb65e8f
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 8ee5c4f55b59bbf5efad68f73fe178269265d70c1ecb4890bda15b9449802e65
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 889c1edbe25f45d6a058c333dff3857ab082693849f8e39b2db0366237d5ec7c
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 3c033104379b6dc369eba573852329235aacb003e65bc4a34599098dc822dbd9
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: ad5cf9e1dc2882fe17a68e36bc46ed8cd4f7b1f1131ff68997213f32f983e315
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 62cb6d4a8462bcbe5d54423221a06cf1566c0f9f5794618538bc67bd2b754600
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 47d59c8e250b8095be84d7915af9eac54b763178c6e6fc987acde25cad4ce256
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 1fa427470df911283b16a6bf478b90861eafa853d05f048fd149fd1e8e1c4e11
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 0f42d6311b8aefb3a277aa2a08013328b1f7db76e0d12fd51085e32d89ec9530
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 340dc0735225330b737e8c1e537993ff39e3af10b9b79d36b0fb877a585e8dbe
i386
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: a91e178d64dc11a3b1ff191781641a81f666867bfc010827e8409f739dedc225
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: e1089edde0f340b73b33652070511378baf03b33043ae7d95c587fd7dbb65e8f
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 889c1edbe25f45d6a058c333dff3857ab082693849f8e39b2db0366237d5ec7c
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: ad5cf9e1dc2882fe17a68e36bc46ed8cd4f7b1f1131ff68997213f32f983e315
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 47d59c8e250b8095be84d7915af9eac54b763178c6e6fc987acde25cad4ce256
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 1fa427470df911283b16a6bf478b90861eafa853d05f048fd149fd1e8e1c4e11
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 0f42d6311b8aefb3a277aa2a08013328b1f7db76e0d12fd51085e32d89ec9530

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
s390x
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390.rpm	SHA-256: 511a448a94a94083d34e8103a38061133c692f7bce15a1da6045e852a6d24d2c
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390x.rpm	SHA-256: 23f371354cde9308afce0f902f5c9f12dc11bcc01dbaeed13f4a35097b6ba53e
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390.rpm	SHA-256: b96d8ca0e457da5102d465bd6dd8bb4d1ff6eed003ce648445ac27a6d6ca97dc
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390x.rpm	SHA-256: 1e70116fe54256457ca844c1fcb76f06d1d76b783029ffe6edfc360aaa8f9f14
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390.rpm	SHA-256: d934b96bae7980721f4e90c70a4e002d23c195f3263b1fda184190172890a06c
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390x.rpm	SHA-256: 8e962a119373d733fda314bf2d6de1070622f064bc335b38101420539737489a
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.s390.rpm	SHA-256: bd3e51979076966bc81f9b7bcf361c831c09e3ae7cc8deb9a4e81289cd959253
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390.rpm	SHA-256: 1e92eb69c38e22c8cdc4ee03a79e4681ea39f9a3f09abe7e492bfa2c72ae1e6f
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390x.rpm	SHA-256: e05504628d0fc652861b14508c2b69f37c1b2dfccc82ba71ca37ee4363d3161b

Red Hat Enterprise Linux for Power, big endian 5

SRPM
ppc
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.ppc.rpm	SHA-256: 809f3354d424ba5e9d5c6f2d93c62a839d3da7dc25453ba68eb33275aecdb3fb
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.ppc.rpm	SHA-256: 74cc2a8865458d747305dfb4d7363b0916fea4784d0adb7e001a4136e2e4ac0a
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.ppc.rpm	SHA-256: 24cdf00312bc214549745912fcd49cfe1897581ef8ea2c23f4553ba2fac5e45b
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.ppc.rpm	SHA-256: d457bf1d62409d46658da24a811451b09e295aada676ac0397951bd8dca1a5a4
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.ppc.rpm	SHA-256: a4be0995ec02fa151d072e5e113cb44019710d1558f4e15bb95d2e7c2095cd6a
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.ppc.rpm	SHA-256: a98cc2cf336ae349e9bdeaa20e7669d411c227cb16cb26411cbda8c9d37c18b5
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.ppc.rpm	SHA-256: 799e66527b9e90bf890fd50a0ac9d34c4447b0da08edf75c1e9bcde593022cc5

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: a91e178d64dc11a3b1ff191781641a81f666867bfc010827e8409f739dedc225
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: cb70100b1e7c290823aa2a267d9e8b6be90fcea2c3eeae53b5c81a8b04c66559
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: e1089edde0f340b73b33652070511378baf03b33043ae7d95c587fd7dbb65e8f
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 8ee5c4f55b59bbf5efad68f73fe178269265d70c1ecb4890bda15b9449802e65
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 889c1edbe25f45d6a058c333dff3857ab082693849f8e39b2db0366237d5ec7c
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 3c033104379b6dc369eba573852329235aacb003e65bc4a34599098dc822dbd9
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: ad5cf9e1dc2882fe17a68e36bc46ed8cd4f7b1f1131ff68997213f32f983e315
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 62cb6d4a8462bcbe5d54423221a06cf1566c0f9f5794618538bc67bd2b754600
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 47d59c8e250b8095be84d7915af9eac54b763178c6e6fc987acde25cad4ce256
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 1fa427470df911283b16a6bf478b90861eafa853d05f048fd149fd1e8e1c4e11
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 0f42d6311b8aefb3a277aa2a08013328b1f7db76e0d12fd51085e32d89ec9530
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.x86_64.rpm	SHA-256: 340dc0735225330b737e8c1e537993ff39e3af10b9b79d36b0fb877a585e8dbe
i386
java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: a91e178d64dc11a3b1ff191781641a81f666867bfc010827e8409f739dedc225
java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: e1089edde0f340b73b33652070511378baf03b33043ae7d95c587fd7dbb65e8f
java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 889c1edbe25f45d6a058c333dff3857ab082693849f8e39b2db0366237d5ec7c
java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: ad5cf9e1dc2882fe17a68e36bc46ed8cd4f7b1f1131ff68997213f32f983e315
java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 47d59c8e250b8095be84d7915af9eac54b763178c6e6fc987acde25cad4ce256
java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 1fa427470df911283b16a6bf478b90861eafa853d05f048fd149fd1e8e1c4e11
java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm	SHA-256: 0f42d6311b8aefb3a277aa2a08013328b1f7db76e0d12fd51085e32d89ec9530