RHSA-2007-0817: java

NASLDB: RHSA-2007-0817: java

General

ID: 40705
Name: RHSA-2007-0817: java

Summary: Check for the version of the java packages

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –

Port: 0
Family: Red Hat Local Security Checks
Type: Local

Description

Updated java-1.4.2-ibm packages to correct a set of security issues
are now available for Red Hat Enterprise Linux 3 and 4 Extras and Red Hat
Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

IBM\‘s 1.4.2 SR9 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.

A security vulnerability in the Java Web Start component was discovered.
An untrusted application could elevate it\‘s privileges and read and write
local files that are accessible to the user running the Java Web Start
application. (CVE-2007-2435)

A buffer overflow in the image code JRE was found. An untrusted
applet or application could use this flaw to elevate its privileges and
potentially execute arbitrary code as the user running the java virtual
machine. (CVE-2007-3004)

An unspecified vulnerability was discovered in the Java Runtime
Environment. An untrusted applet or application could cause the java
virtual machine to become unresponsive. (CVE-2007-3005)

All users of java-1.4.2-ibm should upgrade to these updated packages,
which contain IBM\‘s 1.4.2 SR9 Java release that resolves these issues.