Secunia Security Advisory 26119

Secunia Security Advisory 26119: Posted Jul 20, 2007; Authored by Secunia | Site secunia.com; Secunia Security Advisory - SUSE has issued an update for IBM Java JRE/SDK and Sun Java JRE/SDK. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, gain escalated privileges, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.; tags | advisory, java, denial of service, vulnerability; systems | linux, suse; SHA-256 | 505268f9c2b2eca9fbcab8ce533482c0254ea0c3b7b6164db270e815d457a4c4; Download | Favorite | View
Secunia Security Advisory 26119



----------------------------------------------------------------------

Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.

----------------------------------------------------------------------

TITLE:
SUSE update for IBM JRE/SDK Java and Sun Java JRE/SDK

SECUNIA ADVISORY ID:
SA26119

VERIFY ADVISORY:
http://secunia.com/advisories/26119/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Privilege escalation, DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
SUSE Linux 10
http://secunia.com/product/6221/
SUSE Linux 10.1
http://secunia.com/product/10796/
openSUSE 10.2
http://secunia.com/product/13375/
SuSE Linux Enterprise Server 8
http://secunia.com/product/1171/
SuSE Linux Openexchange Server 4.x
http://secunia.com/product/2001/
SuSE Linux Desktop 1.x
http://secunia.com/product/2002/
SUSE Linux Enterprise Server 9
http://secunia.com/product/4118/
SUSE Linux Enterprise Server 10
http://secunia.com/product/12192/
UnitedLinux 1.0
http://secunia.com/product/2003/

SOFTWARE:
Novell Open Enterprise Server
http://secunia.com/product/4664/

DESCRIPTION:
SUSE has issued an update for IBM Java JRE/SDK and Sun Java JRE/SDK.
This fixes some vulnerabilities, which can be exploited by malicious
people to bypass certain security restrictions, gain escalated
privileges, cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.

Notes:
The following affects both Sun Java and IBM Java JRE/SDK:
CVE-2007-0243

The following affect only IBM Java JRE/SDK:
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745

The following affect Sun Java JRE/SDK:
CVE-2007-0243
CVE-2007-2788
CVE-2007-2789
CVE-2007-3004
CVE-2007-3005

For more information:
SA23398
SA23445
SA23757
SA25295

SOLUTION:
Apply updated packages.

x86 Platform:

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_update15-0.1.i586.rpm
d127e4f44e096a9dd06c14814bd2182c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_update15-0.1.i586.rpm
a37f8d08c7e9789fc7876dc3e37da5b9
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-demo-1.4.2_update15-0.1.i586.rpm
0f2e825414bbfd9c1902c2d4d8471e43
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2_update15-0.1.i586.rpm
d01ae6db6325f64a6b6a01aebe342031
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_update15-0.1.i586.rpm
a86f7b7b752b6dbb45a1368027f393d6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2_update15-0.1.i586.rpm
4c9ff9f65b29b68a28ce1a8e84bf4813
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-src-1.4.2_update15-0.1.i586.rpm
18020d2e7c086751659f79fc54ca7fc6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_update12-3.1.i586.rpm
e23a75a56e94d61ea64aae6d1364236d
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update12-3.1.i586.rpm
89647e053e07458532337478cce33cad
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-demo-1.5.0_update12-3.1.i586.rpm
962aef2cde996c68bf837f0b6c02a6e4
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0_update12-3.1.i586.rpm
15ba442c876600e59453b5e6a7d774b6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update12-3.1.i586.rpm
570092628e736998bf98e0153736595b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update12-3.1.i586.rpm
6b27e226c65e444521f3964933dd474b
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-src-1.5.0_update12-3.1.i586.rpm
703422879e4ebf22e6295383deae522d

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.15-2.1.i586.rpm
159c176de609647b9cbc4e2f477a793d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-2.1.i586.rpm
e51e6c719126ab5efe679786c4f47cba
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-2.1.i586.rpm
066dc7eda76f25899b25cea8079afc0f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-2.1.i586.rpm
5599dfe80fe053e4a3332cc4f76e7720
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-2.1.i586.rpm
15d749d534785cfdf8bd109b7e1f76c9
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-2.1.i586.rpm
fc9e644929c7571f281382375f808dc7
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.15-2.1.i586.rpm
1a23c8b996815dd55f80c4298830256f
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_12-2.1.i586.rpm
8f158ac8ab83f7d72a19caa29ceae701
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-2.1.i586.rpm
366a738ed2c0a26f11501c74d7ee88cb
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-2.1.i586.rpm
01452bd648010f03b2dade18ac412125
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-2.1.i586.rpm
5229399ac7f8500ecbe13c075ddd1215
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-2.1.i586.rpm
55693889496cb3bf2757f581eff753dc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-2.1.i586.rpm
16e688147e8ebd8055ee35d7066a37a0
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_12-2.1.i586.rpm
52b6439209a9f08f9a7c582f5be6afb1

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.15-1.1.i586.rpm
630512d206eb760db5be2506c227eb0b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-1.1.i586.rpm
4a333fd9e8b28bc592b4f9bbfb710bf0
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-1.1.i586.rpm
f9cb64c25765bf3317a25c980976ec77
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-1.1.i586.rpm
ff1a6a11ef42ce167df4c3258a534ae8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-1.1.i586.rpm
69e15d0311de0f2d4ec83df1b0ccd28e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-1.1.i586.rpm
04072837c2eba22785fd87161d7c8fb8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.4.2.15-1.1.i586.rpm
18f2e82b24615428c9703cb3c7699b4c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-1.5.0_12-1.1.i586.rpm
8cdac523a1416fc23f86f74c20ee2d47
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-1.1.i586.rpm
c00ff3d2b961c5da9a398a56231c15b9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-1.1.i586.rpm
2e9049ba2424621e96ac63dd646d0860
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-1.1.i586.rpm
6660f2e9bb5bf3b4dfa080ced121d3d4
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-1.1.i586.rpm
f0e93dd1acf6a6a2caa3f009b75fe061
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-1.1.i586.rpm
a47683a25a369253173ddc28e4049f09

x86-64 Platform:

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-1.5.0_update12-3.1.x86_64.rpm
9f3ef07f4bacc445eca261ee29e899ef
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update12-3.1.x86_64.rpm
f293d1c08089f16daf990692df3d97d3
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_update12-3.1.x86_64.rpm
cfbf41758105bce296c6cbbd1a31c174
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update12-3.1.x86_64.rpm
c6f54e2c39788faf1cd5518f38450b00
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update12-3.1.x86_64.rpm
54672479c76d8c30d076ef358e548db6
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-src-1.5.0_update12-3.1.x86_64.rpm
37570a66f1227d7699353b4ebb2f5d92

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-1.5.0_12-2.1.x86_64.rpm
b4dc3bf51489568887f316c4e56e7b0d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_12-2.1.x86_64.rpm
66860bf3f94132c4a199f454f9adcbed
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_12-2.1.x86_64.rpm
201e9f5ba9e7adcaffe79d3e0baeb6d8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_12-2.1.x86_64.rpm
a748d4e7ba25561cfcd29a6a1028a519
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_12-2.1.x86_64.rpm
f19d6cbfe6bce232ef23a4a57ed22a46
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-src-1.5.0_12-2.1.x86_64.rpm
9c0d632b4a389232dc7be2c71a31bc29

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-1.5.0_12-1.1.x86_64.rpm
a025ef68d1f195df7ee456f2fce52979
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_12-1.1.x86_64.rpm
9150ad42f5ba77284a632684ff0cb061
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_12-1.1.x86_64.rpm
e11f8f7453ee1894f38f90d9cca7a30e
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_12-1.1.x86_64.rpm
4d94914d13825dfdecea50bf2679c179
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_12-1.1.x86_64.rpm
5120d762ca5dfc91fea4d41fe40c966e

Sources:

openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_4_2-sun-1.4.2_update15-0.1.nosrc.rpm
ea53f3e1dbd5f3e8dd9df1e5d07d93ae
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_5_0-sun-1.5.0_update12-3.1.nosrc.rpm
790c082ae4ee14328b35e7da450ff2dd

SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_4_2-sun-1.4.2.15-2.1.nosrc.rpm
f3fd322dc7c4830d7d38ebea68598a8d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_5_0-sun-1.5.0_12-2.1.nosrc.rpm
e944399dcd5667744fb0faf96bc61965

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_4_2-sun-1.4.2.15-1.1.src.rpm
09b093972cc108b7ce5e111c0edd4009
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_5_0-sun-1.5.0_12-1.1.nosrc.rpm
42d90396d048156c62d5946466281ed8

Novell Linux Desktop 9
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html

SuSE Linux Desktop 1.0
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html

SUSE Linux Enterprise Desktop 10 SP1
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
http://support.novell.com/techcenter/psdb/dc35750a80dacaad950b2c1075b2b499.html

SUSE Linux Enterprise Server 10 SP1
http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
http://support.novell.com/techcenter/psdb/dc35750a80dacaad950b2c1075b2b499.html
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html

SLE SDK 10 SP1
http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html

Open Enterprise Server
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html

Novell Linux POS 9
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html

SUSE SLES 9
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html

UnitedLinux 1.0
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html

SuSE Linux Openexchange Server 4
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html

SuSE Linux Enterprise Server 8
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html

SuSE Linux Standard Server 8
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html

SuSE Linux School Server
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html

SUSE LINUX Retail Solution 8
http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html
http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html
http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html

ORIGINAL ADVISORY:
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00007.html

OTHER REFERENCES:
SA23398:
http://secunia.com/advisories/23398/

SA23445:
http://secunia.com/advisories/23445/

SA23757:
http://secunia.com/advisories/23757/

SA25295:
http://secunia.com/advisories/25295/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------
Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other
Secunia Security Advisory 26119

Secunia Security Advisory 26119

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 26119

Share This

Secunia Security Advisory 26119

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems
