Security Advisory Moderate: java-1.4.2-bea security update

Advisory: RHSA-2008:0243-2
Type: Security Advisory
Severity: Moderate
Issued on: 2008-04-28
Last updated on: 2008-04-28
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 3)
Red Hat Enterprise Linux Extras (v. 4)
OVAL: com.redhat.rhsa-20080243.xml
CVEs (cve.mitre.org): CVE-2008-1187

Details

Updated java-1.4.2-bea packages that fix a security issue are now available
for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras,
and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit
Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard
Edition, v1.4.2.

A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)

Please note: This vulnerability can only be triggered in java-1.4.2-bea by
calling the "appletviewer" application.

All java-1.4.2-bea users should upgrade to this updated package which
addresses this vulnerability.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Supplementary (v. 5 client)
IA-32:
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm     644a6d222b14cb7aca2623b507d4e69b
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm     f496cbe634bd1d3cdc6f6fb503cf1e3f
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm     36d07f43bd3ecf79eb239922661dd0d6
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm     5abc0ed56d4f3e5ef192c0788767000f
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm     d3888fb28369d9bb375ca2573034982c
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm     7db26e75da9899054f592adacb28d059
 
x86_64:
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm     644a6d222b14cb7aca2623b507d4e69b
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm     f496cbe634bd1d3cdc6f6fb503cf1e3f
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm     36d07f43bd3ecf79eb239922661dd0d6
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm     5abc0ed56d4f3e5ef192c0788767000f
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm     d3888fb28369d9bb375ca2573034982c
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm     7db26e75da9899054f592adacb28d059
 
RHEL Supplementary (v. 5 server)
IA-32:
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm     644a6d222b14cb7aca2623b507d4e69b
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm     f496cbe634bd1d3cdc6f6fb503cf1e3f
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm     36d07f43bd3ecf79eb239922661dd0d6
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm     5abc0ed56d4f3e5ef192c0788767000f
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm     d3888fb28369d9bb375ca2573034982c
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm     7db26e75da9899054f592adacb28d059
 
IA-64:
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.ia64.rpm     7ed82e4052f7b9aab4e942b5fd56ff5f
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.ia64.rpm     4d707dde0b949d127c05134d06cf4d3a
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.ia64.rpm     f35e7124c2b6bcb6fe1ec3a517cc5e39
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.ia64.rpm     941813ada1758b240e087e2a1f915ee6
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.ia64.rpm     96b3f4e66e16a41535f690195b1bc3e0
 
x86_64:
java-1.4.2-bea-1.4.2.16-1jpp.2.el5.i686.rpm     644a6d222b14cb7aca2623b507d4e69b
java-1.4.2-bea-demo-1.4.2.16-1jpp.2.el5.i686.rpm     f496cbe634bd1d3cdc6f6fb503cf1e3f
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el5.i686.rpm     36d07f43bd3ecf79eb239922661dd0d6
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el5.i686.rpm     5abc0ed56d4f3e5ef192c0788767000f
java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.2.el5.i686.rpm     d3888fb28369d9bb375ca2573034982c
java-1.4.2-bea-src-1.4.2.16-1jpp.2.el5.i686.rpm     7db26e75da9899054f592adacb28d059
 
Red Hat Enterprise Linux Extras (v. 3)
IA-32:
java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm     22d9f13016f8e0c2b3b9acb88ef86472
java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm     22d9f13016f8e0c2b3b9acb88ef86472
java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm     22d9f13016f8e0c2b3b9acb88ef86472
java-1.4.2-bea-1.4.2.16-1jpp.2.el3.i686.rpm     22d9f13016f8e0c2b3b9acb88ef86472
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm     09f47da2b6702304a0882b4cb2dfa421
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm     09f47da2b6702304a0882b4cb2dfa421
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm     09f47da2b6702304a0882b4cb2dfa421
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.i686.rpm     09f47da2b6702304a0882b4cb2dfa421
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm     ad16b218a8b67918916dcd1d52de7433
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm     ad16b218a8b67918916dcd1d52de7433
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm     ad16b218a8b67918916dcd1d52de7433
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.i686.rpm     ad16b218a8b67918916dcd1d52de7433
 
IA-64:
java-1.4.2-bea-1.4.2.16-1jpp.2.el3.ia64.rpm     4c7ebce8c0b473ab3b7aa631330d952a
java-1.4.2-bea-1.4.2.16-1jpp.2.el3.ia64.rpm     4c7ebce8c0b473ab3b7aa631330d952a
java-1.4.2-bea-1.4.2.16-1jpp.2.el3.ia64.rpm     4c7ebce8c0b473ab3b7aa631330d952a
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.ia64.rpm     25407032834861d7cbabb33408785310
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.ia64.rpm     25407032834861d7cbabb33408785310
java-1.4.2-bea-devel-1.4.2.16-1jpp.2.el3.ia64.rpm     25407032834861d7cbabb33408785310
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.ia64.rpm     f508589cf2eef6ed3e1f10755d694921
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.ia64.rpm     f508589cf2eef6ed3e1f10755d694921
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.2.el3.ia64.rpm     f508589cf2eef6ed3e1f10755d694921
 
Red Hat Enterprise Linux Extras (v. 4)
IA-32:
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm     d9b62fcdd21b00976e2431f2f79f5850
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm     d9b62fcdd21b00976e2431f2f79f5850
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm     d9b62fcdd21b00976e2431f2f79f5850
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.i686.rpm     d9b62fcdd21b00976e2431f2f79f5850
 
IA-64:
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.ia64.rpm     a0acfdb6f80b751ea571cd043e95bdf0
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.ia64.rpm     a0acfdb6f80b751ea571cd043e95bdf0
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.ia64.rpm     a0acfdb6f80b751ea571cd043e95bdf0
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.ia64.rpm     a328cc89caa6dd8e1646e4eb16995c1a
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.ia64.rpm     a328cc89caa6dd8e1646e4eb16995c1a
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.ia64.rpm     a328cc89caa6dd8e1646e4eb16995c1a
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.ia64.rpm     34764cf36973a27887d1b55fbe4dd8df
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.ia64.rpm     34764cf36973a27887d1b55fbe4dd8df
java-1.4.2-bea-jdbc-1.4.2.16-1jpp.4.el4.ia64.rpm     34764cf36973a27887d1b55fbe4dd8df
 
x86_64:
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-1.4.2.16-1jpp.4.el4.i686.rpm     5d6fb8210bd7799dad37ca04e431bbfa
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
java-1.4.2-bea-devel-1.4.2.16-1jpp.4.el4.i686.rpm     e271c8871a957ac6b7f96c1bccc18af1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

436030 - CVE-2008-1187 Untrusted applet and application XSLT processing privilege escalation


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187
http://dev2dev.bea.com/pub/advisory/277
http://www.redhat.com/security/updates/classification/#moderate

Keywords

Security

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/