Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2009:0466 - Security Advisory
Issued:
2009-05-07
Updated:
2009-05-07

RHSA-2009:0466 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: java-1.5.0-ibm security update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

This update corrects several security vulnerabilities in the IBM Java 2
Runtime Environment and the IBM Java 2 Software Development Kit, shipped as
part of Red Hat Network Satellite Server. In a typical operating
environment, these are of low security risk as the runtime is not used on
untrusted applets.

Several vulnerabilities were discovered in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section. (CVE-2008-3103, CVE-2008-5345, CVE-2008-5346,
CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352,
CVE-2008-5353, CVE-2008-5354, CVE-2008-5356, CVE-2008-5357, CVE-2008-5359,
CVE-2008-5360)

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.5.0 SR9 Java release. All running instances
of IBM Java must be restarted for the update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Satellite with Embedded Oracle 5.2 x86_64
  • Red Hat Satellite with Embedded Oracle 5.2 i386

Fixes

  • BZ - 452659 - CVE-2008-3103 OpenJDK JMX allows illegal operations with local monitoring (6332953)
  • BZ - 472201 - CVE-2008-5350 OpenJDK allows to list files within the user home directory (6484091)
  • BZ - 472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)
  • BZ - 472209 - CVE-2008-5348 OpenJDK Denial-Of-Service in kerberos authentication (6588160)
  • BZ - 472211 - CVE-2008-5360 OpenJDK temporary files have guessable file names (6721753)
  • BZ - 472212 - CVE-2008-5359 OpenJDK Buffer overflow in image processing (6726779)
  • BZ - 472213 - CVE-2008-5351 OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
  • BZ - 472218 - CVE-2008-5356 OpenJDK Font processing vulnerability (6733336)
  • BZ - 472224 - CVE-2008-5353 OpenJDK calendar object deserialization allows privilege escalation (6734167)
  • BZ - 472228 - CVE-2008-5354 OpenJDK Privilege escalation in command line applications (6733959)
  • BZ - 472231 - CVE-2008-5357 OpenJDK Truetype Font processing vulnerability (6751322)
  • BZ - 472233 - CVE-2008-5352 OpenJDK Jar200 Decompression buffer overflow (6755943)
  • BZ - 474793 - CVE-2008-5345 JRE allows unauthorized file access and connections to localhost
  • BZ - 474794 - CVE-2008-5346 JRE allows unauthorized memory read access via a crafted ZIP file

CVEs

  • CVE-2008-3103
  • CVE-2008-5345
  • CVE-2008-5346
  • CVE-2008-5348
  • CVE-2008-5349
  • CVE-2008-5350
  • CVE-2008-5351
  • CVE-2008-5352
  • CVE-2008-5353
  • CVE-2008-5354
  • CVE-2008-5356
  • CVE-2008-5357
  • CVE-2008-5359
  • CVE-2008-5360

References

  • http://www.redhat.com/security/updates/classification/#low
  • http://www-128.ibm.com/developerworks/java/jdk/alerts/
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Satellite with Embedded Oracle 5.2

SRPM
java-1.5.0-ibm-1.5.0.9-1jpp.2.el5.src.rpm SHA-256: 1b1e1b8bc3209418646cbb049506b12bb54e9bd9c72eb5aed391fc9629eb357b
x86_64
java-1.5.0-ibm-1.5.0.9-1jpp.2.el5.x86_64.rpm SHA-256: 11be75d9a05dd9197d98bce5ae82717972fefadfb56a35c3c6f3d97c9b699fa6
java-1.5.0-ibm-devel-1.5.0.9-1jpp.2.el5.x86_64.rpm SHA-256: 0eefe104335a7ef41ac6c8f5c18bf82928bef95f694d3ab9be09bcff152b7d3b
i386
java-1.5.0-ibm-1.5.0.9-1jpp.2.el5.i386.rpm SHA-256: 1bf74d6afb2526405dd8c2d70e62aaff99c6dec6e295866edd2e4725430a7f97
java-1.5.0-ibm-devel-1.5.0.9-1jpp.2.el5.i386.rpm SHA-256: ade56a197cdbcf2c275b9dfd7b09ef67f1c2a07f9e81d5129a665da9d77767e0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Twitter Facebook