Synopsis

Moderate: java-1.4.2-bea security update

Type/Severity

Security Advisory: Moderate

Topic

Updated java-1.4.2-bea packages that fix a security issue are now available
for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras,
and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit
Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard
Edition, v1.4.2.

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Please note: This vulnerability can only be triggered in java-1.4.2-bea by
calling the "appletviewer" application.

All java-1.4.2-bea users should upgrade to this updated package which
addresses this vulnerability.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Server - Extended Update Support 5.1 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 5.1 ia64
• Red Hat Enterprise Linux Server - Extended Update Support 5.1 i386
• Red Hat Enterprise Linux Server - Extended Update Support 4ES x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 4ES ia64
• Red Hat Enterprise Linux Server - Extended Update Support 4ES i386
• Red Hat Enterprise Linux Server - Extended Update Support 4AS x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 4AS ia64
• Red Hat Enterprise Linux Server - Extended Update Support 4AS i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation

CVEs

• CVE-2008-1187

References

• http://dev2dev.bea.com/pub/advisory/277
• http://www.redhat.com/security/updates/classification/#moderate

Red Hat Enterprise Linux Server 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
ia64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.ia64.rpm	SHA-256: 4305efb722a3684f66af28ba1aae50d6800ca7812f13e07ca7e43fcfbd107c35
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.ia64.rpm	SHA-256: cb692856277bb19e37ca76a2df95c4f0ff8fbc2c6e1978bed2c2447730132623
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.ia64.rpm	SHA-256: 0521944c5c317b7c91169246f1e12066f8d8cf575d1030479ca7081576b758a5
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.ia64.rpm	SHA-256: fae64ec475513413553c7d0393c359e970d752c42fa1e027be1e6fe0ef73c76d
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.ia64.rpm	SHA-256: 2ea6496fd9c6ff6909c1b5e94b53284748d8e3474529a049fa3d5cc5ab51422f
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d

Red Hat Enterprise Linux Workstation 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d

Red Hat Enterprise Linux Desktop 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm	SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d