Red Hat Product Errata RHSA-2008:0243 - Security Advisory
Issued:
2008-04-28
Updated:
2008-04-28

RHSA-2008:0243 - Security Advisory

Synopsis

Moderate: java-1.4.2-bea security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated java-1.4.2-bea packages that fix a security issue are now available
for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras,
and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit
Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard
Edition, v1.4.2.

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Please note: This vulnerability can only be triggered in java-1.4.2-bea by
calling the "appletviewer" application.

All java-1.4.2-bea users should upgrade to this updated package which
addresses this vulnerability.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation

Red Hat Enterprise Linux Server 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
ia64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.ia64.rpm SHA-256: 4305efb722a3684f66af28ba1aae50d6800ca7812f13e07ca7e43fcfbd107c35
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.ia64.rpm SHA-256: cb692856277bb19e37ca76a2df95c4f0ff8fbc2c6e1978bed2c2447730132623
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.ia64.rpm SHA-256: 0521944c5c317b7c91169246f1e12066f8d8cf575d1030479ca7081576b758a5
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.ia64.rpm SHA-256: fae64ec475513413553c7d0393c359e970d752c42fa1e027be1e6fe0ef73c76d
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.ia64.rpm SHA-256: 2ea6496fd9c6ff6909c1b5e94b53284748d8e3474529a049fa3d5cc5ab51422f
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d

Red Hat Enterprise Linux Server 4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server 3

SRPM
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 3

SRPM
ia64
i386

Red Hat Enterprise Linux Desktop 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
i386

Red Hat Enterprise Linux Desktop 3

SRPM
i386

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d
i386
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 13001703e345b1e2c81d61ccf4c784af0d036bd950e2cf9b7db334f3dc52fbd6
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 780e8839ee592e1550cd5370bae8c2b2a3d61f174bed2b5e31d63cb2ab6d5d40
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 5c98f0564427281023413d34ca7b9606d57a2cebb5b79d0b0b42e7acfbafb633
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 485c4018285f7b221b04640119a12dd594ba6b66d3f87f660234674eae0a9802
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 88a87b1525c0ddc2831f373563cdd7f7fbc713373e30e14cfd156f695eeda688
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm SHA-256: 7c680c646c9f699b3e865caccd081b2a3b433a3bd2aada2cedba0c2453058f5d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.