Red Hat Errata System5.32011-09-30T09:16:38RHSA-2009:1038: java-1.5.0-ibm security update (Critical)Supplementary for Red Hat Enterprise Linux 5The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section. (CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100,
CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106,
CVE-2009-1107)
All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.5.0 SR9-SSU Java release. All running
instances of IBM Java must be restarted for this update to take effect.CriticalCopyright 2009 Red Hat, Inc.CVE-2009-1093CVE-2009-1094CVE-2009-1095CVE-2009-1096CVE-2009-1097CVE-2009-1098CVE-2009-1099CVE-2009-1100CVE-2009-1101CVE-2009-1103CVE-2009-1104CVE-2009-1105CVE-2009-1106CVE-2009-1107CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680)CVE-2009-1094 OpenJDK LDAP client remote code execution (6737315)CVE-2009-1095 CVE-2009-1096 OpenJDK Pack200 Buffer overflow vulnerability (6792554)CVE-2009-1097 OpenJDK PNG processing buffer overflow vulnerability (6804996)CVE-2009-1098 OpenJDK GIF processing buffer overflow vulnerability (6804998)CVE-2009-1099 OpenJDK: Type1 font processing buffer overflow vulnerabilityCVE-2009-1100 OpenJDK: DoS (disk consumption) via handling of temporary font filesCVE-2009-1103 OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860)CVE-2009-1104 OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)CVE-2009-1105 OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)CVE-2009-1106 OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)CVE-2009-1107 OpenJDK: Signed applet remote misuse possibility (6782871)cpe:/a:redhat:rhel_extrasjava-1.5.0-ibm-jdbcjava-1.5.0-ibmjava-1.5.0-ibm-accessibilityjava-1.5.0-ibm-srcjava-1.5.0-ibm-pluginredhat-releasejava-1.5.0-ibm-develjava-1.5.0-ibm-demojava-1.5.0-ibm-javacomm219180cddb42a60e5326810137017186^5[^[:digit:]]1:1.5.0.9-1jpp.3.el5