drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in IBM Java
Name: |
Ausführen beliebiger Kommandos in IBM Java |
|
ID: |
RHSA-2007:0167-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux Extras |
|
Datum: |
Mi, 25. April 2007, 19:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243
http://www-128.ibm.com/developerworks/java/jdk/alerts/ |
|
Applikationen: |
IBM JDK for Linux |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2007:0167-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0167.html Issue date: 2007-04-25 Updated on: 2007-04-25 Product: Red Hat Enterprise Linux Extras CVE Names: CVE-2007-0243 - ---------------------------------------------------------------------
1. Summary:
java-1.5.0-ibm packages that correct a security issue are available for Red Hat Enterprise Linux 5 Supplementary and Enterprise Linux 4 Extras.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, ppc, s390x, x86_64
3. Problem description:
IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
A flaw in GIF image handling was found in the SUN Java Runtime Environment that has now been reported as also affecting IBM Java 2. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code. (CVE-2007-0243)
This update also resolves the following issues:
* The java-1.5.0-ibm-plugin sub-package conflicted with the new java-1.5.0-sun-plugin sub-package.
* The java-1.5.0-ibm-plugin package had incorrect dependencies. The java-1.5.0-ibm-alsa package has been merged into the java-1.5.0-ibm package to resolve this issue.
All users of java-ibm-1.5.0 should upgrade to these packages, which contain IBM's 1.5.0 SR4 Java release which resolves these issues.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.
Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
236894 - CVE-2007-0243 GIF buffer overflow 237281 - CVE-2007-0243 GIF buffer overflow 237290 - Installation of all Extras packages generates package conflict 237685 - plugin does not initialize
6. RPMs required:
Red Hat Enterprise Linux AS version 4 Extras:
i386: 38ff038ce167616812f5358966b37ccc java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm f08e9be3a54794f05b2736f87a73913a java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm c180126eb4cc496bbcc8500b3a935046 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm 822575c557d2a1b9cf7e5c7a83a89a52 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm bc6907c64649848d1724e7eff9efba81 java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm c9583a7dffd5f9cfebe30fac9de8e45a java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm f4dca5cf8fcba96f0c2f9ef17154096c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
ppc: 43788155c5cdcb27fd3d093a4c1cf667 java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.ppc.rpm d8fdc035deb93edfc6e6c2f48e9a9010 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.ppc.rpm 1409e0ff52355d5f6e9f1f8e4da4e051 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.ppc.rpm 61c8c9d45e4e4a7fa8f32dfcd16ec04e java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.ppc.rpm 8470e8ba5c2d082e7a19af939eca839b java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.ppc.rpm 0d61019ea1092ca4720b421839d7e8dc java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.ppc.rpm c29a7df85b6ac486f026c691e7d5690a java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.ppc.rpm
s390: f42111b5d5638abac2e0de1f2681ea32 java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.s390.rpm 6d8734dfaef07346c2ec5a78b9b60de8 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.s390.rpm 32e562c42d105c40949b74696ea8c763 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.s390.rpm 90f97a87deb9f605c33e7baa85aa4559 java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.s390.rpm 780d41e090800dc44978819580356acd java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.s390.rpm
s390x: b44dbe1fbbf0223d0df62885a171b30b java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.s390x.rpm c2584bf412075e193b04897529d10915 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.s390x.rpm dbbd45c7b7db65097eaded5268a6ecf2 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.s390x.rpm c478ca881bc3c81b7e9a2fe2e576c479 java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.s390x.rpm
x86_64: 23a6f88855d3f3b915c709b361baaa8b java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm c27bd6f70802ae563db34d5119a110c2 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm e6c95d3ba53f6c698e0e824a857fc6a5 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm adae7780de3e8f866b643ca64c10356a java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm 22383a1f44580168a7bc09ca0966a91c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
Red Hat Desktop version 4 Extras:
i386: 38ff038ce167616812f5358966b37ccc java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm f08e9be3a54794f05b2736f87a73913a java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm c180126eb4cc496bbcc8500b3a935046 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm 822575c557d2a1b9cf7e5c7a83a89a52 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm bc6907c64649848d1724e7eff9efba81 java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm c9583a7dffd5f9cfebe30fac9de8e45a java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm f4dca5cf8fcba96f0c2f9ef17154096c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
x86_64: 23a6f88855d3f3b915c709b361baaa8b java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm c27bd6f70802ae563db34d5119a110c2 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm e6c95d3ba53f6c698e0e824a857fc6a5 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm adae7780de3e8f866b643ca64c10356a java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm 22383a1f44580168a7bc09ca0966a91c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386: 38ff038ce167616812f5358966b37ccc java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm f08e9be3a54794f05b2736f87a73913a java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm c180126eb4cc496bbcc8500b3a935046 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm 822575c557d2a1b9cf7e5c7a83a89a52 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm bc6907c64649848d1724e7eff9efba81 java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm c9583a7dffd5f9cfebe30fac9de8e45a java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm f4dca5cf8fcba96f0c2f9ef17154096c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
x86_64: 23a6f88855d3f3b915c709b361baaa8b java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm c27bd6f70802ae563db34d5119a110c2 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm e6c95d3ba53f6c698e0e824a857fc6a5 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm adae7780de3e8f866b643ca64c10356a java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm 22383a1f44580168a7bc09ca0966a91c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386: 38ff038ce167616812f5358966b37ccc java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.i386.rpm f08e9be3a54794f05b2736f87a73913a java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.i386.rpm c180126eb4cc496bbcc8500b3a935046 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.i386.rpm 822575c557d2a1b9cf7e5c7a83a89a52 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.i386.rpm bc6907c64649848d1724e7eff9efba81 java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el4.i386.rpm c9583a7dffd5f9cfebe30fac9de8e45a java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el4.i386.rpm f4dca5cf8fcba96f0c2f9ef17154096c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.i386.rpm
x86_64: 23a6f88855d3f3b915c709b361baaa8b java-1.5.0-ibm-1.5.0.4-1jpp.3.el4.x86_64.rpm c27bd6f70802ae563db34d5119a110c2 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el4.x86_64.rpm e6c95d3ba53f6c698e0e824a857fc6a5 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el4.x86_64.rpm adae7780de3e8f866b643ca64c10356a java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el4.x86_64.rpm 22383a1f44580168a7bc09ca0966a91c java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el4.x86_64.rpm
RHEL Supplementary (v. 5 server):
i386: dbd828f7090bdd3fba290f7ac1fb09dc java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm 5cd4a507db7f5fda5ef7eff6ccf1ddbd java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm 8bf3a410ff1b74e750efc6666e3eae1a java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm 5d1526e01b38b377cea5a941e388e3b8 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm 9c4faa2a25ce85c74e247fbb8c045fcb java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm 69c8ad6857e9e23802d62a35bea92f35 java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm 7c9baae9b7ad1c943e3237f0eb549554 java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm
ppc: e1174ad5c8f5ceaf2f014c66a57c845d java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.ppc.rpm 3dfe1d4672eac020f59cded037e6ff1f java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.ppc.rpm 1e5b3c700bdc2dd8830dd64f051da9f2 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.ppc.rpm 92693b273ca80e3c2e64ae77ffc998b4 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.ppc.rpm 982126fd7fe1828935e46e69402d9a8b java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.ppc.rpm b61e3c444482fb58d8596a9c5e2c62dd java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.ppc.rpm 4345df9c7d754fd084bec67b556d3644 java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.ppc.rpm
s390x: e5e1ee24f6afd48180d6cde8ac4f5429 java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390.rpm fc3a2e7aedd828a647cdab142b7356e7 java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.s390x.rpm 520b319f172a5b424e6eaecd591225a3 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390.rpm 5a43aaf47f327655030aad464364e021 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.s390x.rpm b39cc9a975dea83fcc77d54114bc93d7 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390.rpm ddc58078f413e5ab1f156bb0577ffe0b java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.s390x.rpm 44cfd2c55b54b44209f5e2cf03511006 java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.s390.rpm b48b4d78e567a63b0e025b523ff7ddee java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390.rpm ea59de0f929b876ee0d6b398c4604151 java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.s390x.rpm
x86_64: dbd828f7090bdd3fba290f7ac1fb09dc java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.i386.rpm b6a02279ee90333160031de73abc2b50 java-1.5.0-ibm-1.5.0.4-1jpp.3.el5.x86_64.rpm 5cd4a507db7f5fda5ef7eff6ccf1ddbd java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.i386.rpm c841470242d09e0be886362953d78747 java-1.5.0-ibm-demo-1.5.0.4-1jpp.3.el5.x86_64.rpm 8bf3a410ff1b74e750efc6666e3eae1a java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.i386.rpm 3f975a9cd9353a3cd8f964350b5b81b4 java-1.5.0-ibm-devel-1.5.0.4-1jpp.3.el5.x86_64.rpm 5d1526e01b38b377cea5a941e388e3b8 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.i386.rpm d7b9ef47c336f0cf71cfe21374a21db2 java-1.5.0-ibm-javacomm-1.5.0.4-1jpp.3.el5.x86_64.rpm 9c4faa2a25ce85c74e247fbb8c045fcb java-1.5.0-ibm-jdbc-1.5.0.4-1jpp.3.el5.i386.rpm 69c8ad6857e9e23802d62a35bea92f35 java-1.5.0-ibm-plugin-1.5.0.4-1jpp.3.el5.i386.rpm 7c9baae9b7ad1c943e3237f0eb549554 java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.i386.rpm e39189c5480464ffe159e8af0cf00e66 java-1.5.0-ibm-src-1.5.0.4-1jpp.3.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243 http://www-128.ibm.com/developerworks/java/jdk/alerts/ http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFGL4bWXlSAg2UNWIIRAhpxAJ9QX7RvayQ7uZCIlgBWGl4GmZ4ZkQCgnESI VN6oeHNeG+dYxmOwH2xMEcE= =80fU -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|