発行日:
2013-03-11
更新日:
2013-03-11

RHSA-2013:0624 - Security Advisory

概要

Critical: java-1.5.0-ibm security update

タイプ/重大度

Security Advisory: Critical

トピック

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

説明

IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2013-0409, CVE-2013-0424,
CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432,
CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443,
CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478,
CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16 release. All running instances
of IBM Java must be restarted for this update to take effect.

解決法

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

影響を受ける製品

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 6.4 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.4 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.9 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.9 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.9 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.5 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.4 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.9 ppc
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 i386
  • Red Hat Enterprise Linux Server - AUS 6.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.9 x86_64
  • Red Hat Enterprise Linux Server - AUS 5.9 i386
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.4 s390x

修正

  • BZ - 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
  • BZ - 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
  • BZ - 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
  • BZ - 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
  • BZ - 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
  • BZ - 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
  • BZ - 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
  • BZ - 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
  • BZ - 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
  • BZ - 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)
  • BZ - 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
  • BZ - 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
  • BZ - 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
  • BZ - 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
  • BZ - 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
  • BZ - 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
  • BZ - 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
  • BZ - 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
  • BZ - 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
  • BZ - 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
  • BZ - 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675)

CVE

参考資料

Red Hat Enterprise Linux Server - Extended Update Support 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177
i386
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 31ea021a451d1bea0986a8af144a8f109e6757a062a51df936a99ed9b65ed71b
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177
i386
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 31ea021a451d1bea0986a8af144a8f109e6757a062a51df936a99ed9b65ed71b
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177
i386
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 31ea021a451d1bea0986a8af144a8f109e6757a062a51df936a99ed9b65ed71b
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177

Red Hat のセキュリティーに関する連絡先は secalert@redhat.com です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。