Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2008:0244 - Security Advisory
Issued:
2008-04-28
Updated:
2008-04-28

RHSA-2008:0244 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: java-1.5.0-bea security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated java-1.5.0-bea packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit
Virtual Machine 1.5.0_14, and are certified for the Java 5 Platform,
Standard Edition, v1.5.0.

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possibly execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)

A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)

The vulnerabilities concerning applets listed above can only be triggered
in java-1.5.0-bea, by calling the "appletviewer" application.

Users of java-1.5.0-bea are advised to upgrade to these updated packages,
which resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation
  • BZ - 436296 - CVE-2008-1193 JRE image parsing library allows privilege escalation (CVE-2008-1194)

CVEs

  • CVE-2008-1194
  • CVE-2008-1193
  • CVE-2008-1187

References

  • http://dev2dev.bea.com/pub/advisory/277
  • http://www.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
x86_64
java-1.5.0-bea-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: c3dd9daae17b3c32419699fc8918534922f400e500a6e493ee5dc6fefecdf4a0
java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: e21e9885f117075b5ea76d5b3ca69c2e57464bf74c34763f9ed939fbb489ef9d
java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: bbbd23882e008d395819a92d327a2ab5d87c79c95ee9c72db2a014e831a3f3e6
java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: 39e27eb9ddbf3c97ee64ea4dabbde4453ba86b22aacff03fd7d8d9a4a00c7312
java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: 27fe9fb5f24cb815a8655ad7654be1460772eec8195bf7f988bb6627156d69a4
java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: 86997e16f25a2f0df7fc770a7b77f70f240df499bb89dd63443c1102f9484086
ia64
java-1.5.0-bea-1.5.0.14-1jpp.2.el5.ia64.rpm SHA-256: 913fb9a3bab8b1f13a2b2d4e402468bd589af3270f50a08025baec1e10e08060
java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.ia64.rpm SHA-256: a5dc1c8707a79a6a4b98465a6d6ae4d2c2c6ff747637393d03adcc6eadfe4061
java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.ia64.rpm SHA-256: a2ad9ab10e152cb1bf7f1786e3a1b2b8823095830a62e913c599351b9e704828
java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.ia64.rpm SHA-256: e0aa4f156e436cd4ce7555d7a11f26b85dd3312057b77d99803d53fe381d4c69
java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.ia64.rpm SHA-256: 6343789efc5f2e2e9d5753841cced07550bd2eff4c75136a1f079eb61287ad4b
i386
java-1.5.0-bea-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 977e60098038f7dacb8038d923c4e441d1207c8f361f00dad285a4c83b064ab9
java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 5f2b0b000c7aa178894852583ce9e68c2b85889fb6c9b77f3c8992a85b7aaa50
java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 74375cae2351b378a0627e0397854b854a0ab5673284cb4e74847229091ec160
java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 7167b41c706e091a4bcafe3a094e370bb532f190b2365bc4634606b9752683a1
java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 04ffc6fd375ed305dab9a6fe81ef351065fec581ae04747fdc4e2c44e6215106
java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: ebeb4f205721e387bf564f750a791def2cce033615cf575e6b00c784b0fb36a8

Red Hat Enterprise Linux Server 4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.1

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4ES

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4AS

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
x86_64
i386

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
java-1.5.0-bea-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: c3dd9daae17b3c32419699fc8918534922f400e500a6e493ee5dc6fefecdf4a0
java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: e21e9885f117075b5ea76d5b3ca69c2e57464bf74c34763f9ed939fbb489ef9d
java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: bbbd23882e008d395819a92d327a2ab5d87c79c95ee9c72db2a014e831a3f3e6
java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: 39e27eb9ddbf3c97ee64ea4dabbde4453ba86b22aacff03fd7d8d9a4a00c7312
java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: 27fe9fb5f24cb815a8655ad7654be1460772eec8195bf7f988bb6627156d69a4
java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.x86_64.rpm SHA-256: 86997e16f25a2f0df7fc770a7b77f70f240df499bb89dd63443c1102f9484086
i386
java-1.5.0-bea-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 977e60098038f7dacb8038d923c4e441d1207c8f361f00dad285a4c83b064ab9
java-1.5.0-bea-demo-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 5f2b0b000c7aa178894852583ce9e68c2b85889fb6c9b77f3c8992a85b7aaa50
java-1.5.0-bea-devel-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 74375cae2351b378a0627e0397854b854a0ab5673284cb4e74847229091ec160
java-1.5.0-bea-jdbc-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 7167b41c706e091a4bcafe3a094e370bb532f190b2365bc4634606b9752683a1
java-1.5.0-bea-missioncontrol-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: 04ffc6fd375ed305dab9a6fe81ef351065fec581ae04747fdc4e2c44e6215106
java-1.5.0-bea-src-1.5.0.14-1jpp.2.el5.i686.rpm SHA-256: ebeb4f205721e387bf564f750a791def2cce033615cf575e6b00c784b0fb36a8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility