Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0081 -- [Win][UNIX/Linux][RedHat] Critical: java-1.4.2-ibm security update 12 February 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM JRE/JDK Publisher: Red Hat Operating System: Red Hat Enterprise Linux Desktop 4 Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Desktop 3 Red Hat Enterprise Linux AS/ES/WS 3 UNIX variants (UNIX, Linux, OSX) Windows Mac OS X Impact: Execute Arbitrary Code/Commands Increased Privileges Inappropriate Access Access: Remote/Unauthenticated CVE Names: CVE-2006-6745 CVE-2006-6737 CVE-2006-6736 CVE-2006-6731 CVE-2006-4339 Ref: ESB-2007.0041 AL-2006.0074 ESB-2006.0935 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0062.html https://rhn.redhat.com/errata/RHSA-2007-0073.html Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running IBM Java check for an updated version of the software for their operating system. Red Hat have also released updates fixing these same vulnerabilities in java-1.5.0-ibm for RHEL 4 Extras. To obtain these updates see: https://rhn.redhat.com/errata/RHSA-2007-0073.html Revision History: February 12 2007: Red Hat releases java-1.5.0-ibm updates for the same vulnerabilities February 8 2007: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Critical: java-1.4.2-ibm security update Advisory ID: RHSA-2007:0062-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0062.html Issue date: 2007-02-07 Updated on: 2007-02-07 Product: Red Hat Enterprise Linux Extras CVE Names: CVE-2006-4339 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745 - - --------------------------------------------------------------------- 1. Summary: Updated java-1.4.2-ibm packages to correct several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64 3. Problem description: IBM's 1.4.2 SR7 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A number of security issues were found: Vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these vulnerabilities to access data from other applets. (CVE-2006-6736, CVE-2006-6737) Serialization flaws were discovered in the Java Runtime Environment. An untrusted applet or application could use these flaws to elevate its privileges. (CVE-2006-6745) Buffer overflow vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these flaws to elevate its privileges, possibly reading and writing local files or executing local applications. (CVE-2006-6731) Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. (CVE-2006-4339) All users of java-1.4.2-ibm should upgrade to these updated packages, which contain IBM's 1.4.2 SR7 Java release which resolves these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 226981 - CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339) 226984 - CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339) 6. RPMs required: Red Hat Enterprise Linux AS version 3 Extras: i386: e7450b145da72cd7df3d7b9eabb672dc java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.i386.rpm a0658fd7cf3543965f2b6a3ff7a675ae java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.i386.rpm 32f05440f20c1f7a45736beba22d7bd2 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.i386.rpm 8c664c87d87efd40e937b9ad2ae659d5 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.i386.rpm 9174b55fd33680c3eaa09c2def109753 java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el3.i386.rpm 395153b4b890249469b8e1f18673f66d java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.i386.rpm ia64: 9571ca41f69035894760e4e9e6de61a1 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ia64.rpm 6cce9e4c37e6bc1b52e2201bad040ac0 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ia64.rpm e0dd38c2639885d1ccf964cf4e045289 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ia64.rpm 6e859d8ca4885c93cf08ff4d22e10b0f java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ia64.rpm ppc: 69ded60046e91ba9348ccff2e52ebf17 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ppc.rpm 550284dbfa734add72eca30901d83c1f java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ppc.rpm 9aa5ee3ec845826d39af26f6883f3a1b java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ppc.rpm 244ca4300d6836baedda66db772fc496 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.ppc.rpm c73781419d273f37f97d8ce82b311e06 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ppc.rpm s390: 75cd8c41222044a08be04ee95cac3a69 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.s390.rpm d9515b48f0e376124b95f863a0e119b1 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.s390.rpm 7ab30161aa45ba80855b0d2e076d26c7 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.s390.rpm 9e6b279d59ca128a8dbd13d3d606c9fe java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.s390.rpm a4bb1c49be860aab8e93b19a8176ff6c java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.s390.rpm s390x: 12c5031365228f5f19eee8a215ef9ee4 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.s390x.rpm 8409692fe20686679d58f612d717e40a java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.s390x.rpm d2d32c3276a9c00ac4734a2a8f1ffb96 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.s390x.rpm 8a16cefe0fbb4f8247759f09cdcf6785 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.s390x.rpm x86_64: 82547c355444694fd0b2b8dbb6287a12 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.x86_64.rpm 0d47bf67675dfee8814d9f5cbd430f35 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.x86_64.rpm 120deecf68b62f7263bcebbd65c6bd89 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.x86_64.rpm 7be9dc42fac394d88d3b0692e8b55d88 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.x86_64.rpm Red Hat Desktop version 3 Extras: i386: e7450b145da72cd7df3d7b9eabb672dc java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.i386.rpm a0658fd7cf3543965f2b6a3ff7a675ae java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.i386.rpm 32f05440f20c1f7a45736beba22d7bd2 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.i386.rpm 8c664c87d87efd40e937b9ad2ae659d5 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.i386.rpm 9174b55fd33680c3eaa09c2def109753 java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el3.i386.rpm 395153b4b890249469b8e1f18673f66d java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.i386.rpm x86_64: 82547c355444694fd0b2b8dbb6287a12 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.x86_64.rpm 0d47bf67675dfee8814d9f5cbd430f35 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.x86_64.rpm 120deecf68b62f7263bcebbd65c6bd89 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.x86_64.rpm 7be9dc42fac394d88d3b0692e8b55d88 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.x86_64.rpm Red Hat Enterprise Linux ES version 3 Extras: i386: e7450b145da72cd7df3d7b9eabb672dc java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.i386.rpm a0658fd7cf3543965f2b6a3ff7a675ae java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.i386.rpm 32f05440f20c1f7a45736beba22d7bd2 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.i386.rpm 8c664c87d87efd40e937b9ad2ae659d5 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.i386.rpm 9174b55fd33680c3eaa09c2def109753 java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el3.i386.rpm 395153b4b890249469b8e1f18673f66d java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.i386.rpm ia64: 9571ca41f69035894760e4e9e6de61a1 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ia64.rpm 6cce9e4c37e6bc1b52e2201bad040ac0 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ia64.rpm e0dd38c2639885d1ccf964cf4e045289 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ia64.rpm 6e859d8ca4885c93cf08ff4d22e10b0f java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ia64.rpm x86_64: 82547c355444694fd0b2b8dbb6287a12 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.x86_64.rpm 0d47bf67675dfee8814d9f5cbd430f35 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.x86_64.rpm 120deecf68b62f7263bcebbd65c6bd89 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.x86_64.rpm 7be9dc42fac394d88d3b0692e8b55d88 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.x86_64.rpm Red Hat Enterprise Linux WS version 3 Extras: i386: e7450b145da72cd7df3d7b9eabb672dc java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.i386.rpm a0658fd7cf3543965f2b6a3ff7a675ae java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.i386.rpm 32f05440f20c1f7a45736beba22d7bd2 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.i386.rpm 8c664c87d87efd40e937b9ad2ae659d5 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.i386.rpm 9174b55fd33680c3eaa09c2def109753 java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el3.i386.rpm 395153b4b890249469b8e1f18673f66d java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.i386.rpm ia64: 9571ca41f69035894760e4e9e6de61a1 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ia64.rpm 6cce9e4c37e6bc1b52e2201bad040ac0 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ia64.rpm e0dd38c2639885d1ccf964cf4e045289 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ia64.rpm 6e859d8ca4885c93cf08ff4d22e10b0f java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ia64.rpm x86_64: 82547c355444694fd0b2b8dbb6287a12 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.x86_64.rpm 0d47bf67675dfee8814d9f5cbd430f35 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.x86_64.rpm 120deecf68b62f7263bcebbd65c6bd89 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.x86_64.rpm 7be9dc42fac394d88d3b0692e8b55d88 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.x86_64.rpm Red Hat Enterprise Linux AS version 4 Extras: i386: b7264df6d752971972379c417acdd542 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.i386.rpm c74450baebca6f946e30e75f38675e15 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.i386.rpm 5e28c4902e574860651c603b26f8e437 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.i386.rpm 130198d2be48375779e309cd7aa9ddcd java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.i386.rpm 76f4fe9ec6e40c550d04ba215b56649a java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.i386.rpm 06f53b5223f6cb0989eb6d2c1c709ace java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el4.i386.rpm 3937cebe4d2430437d8376c071ff3f6e java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.i386.rpm ia64: 91095470fd69f0f9d7632236120e7d0a java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ia64.rpm 971f88fbd24d4bc41f20291aa4386347 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ia64.rpm 40425175a220f0f780eb5dca44dfa55e java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ia64.rpm 753c21317025a630423d2c205968c1ea java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ia64.rpm ppc: d6df0373e049ef2b4603b7ae51d133a3 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ppc.rpm b2c6b236dafbb63472bd3fce88593fb6 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ppc.rpm 09c905c7b0997db62830bc2cb0c087f4 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ppc.rpm 2d75e1570dcf7d9bd40ade448a652583 java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.ppc.rpm c0a9a08712bc162e66ecd4c21962c083 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.ppc.rpm 6fb51c79625fc5e7d2e0657211dc372c java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ppc.rpm s390: 1047e8cd790022fb4d4a9e4e51689d89 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.s390.rpm cbf3ee99f0d886ee7b286bfc327fa33e java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.s390.rpm f5bd779019897c4d7acaca6db3ec3ddf java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.s390.rpm e85b10f20043b11acc4143dfb23da242 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.s390.rpm 9f86a4f4e4a7d0a774e3e720c2a3ebfb java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.s390.rpm s390x: c5d86501250a1bc8626b1a9840f2ef0a java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.s390x.rpm d900d6335508f7ec99262ad8e76b35dc java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.s390x.rpm 5e0d2f22106c6737eba6ebed99ed63b4 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.s390x.rpm c5f5a4b28adf551cffc4a3872b65420c java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.s390x.rpm x86_64: e0efba6fedf580dc163d3363f1f58f9d java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.x86_64.rpm 7d2ea6f7b85d9b6679418735388463bd java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.x86_64.rpm 04ca69cd86facb7e6da94dca5f7c4741 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.x86_64.rpm 6686e763dbe66aa089d9f5952af474af java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.x86_64.rpm e6ac211159748fac80c30ea6838b769a java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: b7264df6d752971972379c417acdd542 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.i386.rpm c74450baebca6f946e30e75f38675e15 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.i386.rpm 5e28c4902e574860651c603b26f8e437 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.i386.rpm 130198d2be48375779e309cd7aa9ddcd java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.i386.rpm 76f4fe9ec6e40c550d04ba215b56649a java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.i386.rpm 06f53b5223f6cb0989eb6d2c1c709ace java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el4.i386.rpm 3937cebe4d2430437d8376c071ff3f6e java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.i386.rpm x86_64: e0efba6fedf580dc163d3363f1f58f9d java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.x86_64.rpm 7d2ea6f7b85d9b6679418735388463bd java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.x86_64.rpm 04ca69cd86facb7e6da94dca5f7c4741 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.x86_64.rpm 6686e763dbe66aa089d9f5952af474af java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.x86_64.rpm e6ac211159748fac80c30ea6838b769a java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: b7264df6d752971972379c417acdd542 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.i386.rpm c74450baebca6f946e30e75f38675e15 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.i386.rpm 5e28c4902e574860651c603b26f8e437 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.i386.rpm 130198d2be48375779e309cd7aa9ddcd java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.i386.rpm 76f4fe9ec6e40c550d04ba215b56649a java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.i386.rpm 06f53b5223f6cb0989eb6d2c1c709ace java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el4.i386.rpm 3937cebe4d2430437d8376c071ff3f6e java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.i386.rpm ia64: 91095470fd69f0f9d7632236120e7d0a java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ia64.rpm 971f88fbd24d4bc41f20291aa4386347 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ia64.rpm 40425175a220f0f780eb5dca44dfa55e java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ia64.rpm 753c21317025a630423d2c205968c1ea java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ia64.rpm x86_64: e0efba6fedf580dc163d3363f1f58f9d java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.x86_64.rpm 7d2ea6f7b85d9b6679418735388463bd java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.x86_64.rpm 04ca69cd86facb7e6da94dca5f7c4741 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.x86_64.rpm 6686e763dbe66aa089d9f5952af474af java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.x86_64.rpm e6ac211159748fac80c30ea6838b769a java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: b7264df6d752971972379c417acdd542 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.i386.rpm c74450baebca6f946e30e75f38675e15 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.i386.rpm 5e28c4902e574860651c603b26f8e437 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.i386.rpm 130198d2be48375779e309cd7aa9ddcd java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.i386.rpm 76f4fe9ec6e40c550d04ba215b56649a java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.i386.rpm 06f53b5223f6cb0989eb6d2c1c709ace java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el4.i386.rpm 3937cebe4d2430437d8376c071ff3f6e java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.i386.rpm ia64: 91095470fd69f0f9d7632236120e7d0a java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ia64.rpm 971f88fbd24d4bc41f20291aa4386347 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ia64.rpm 40425175a220f0f780eb5dca44dfa55e java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ia64.rpm 753c21317025a630423d2c205968c1ea java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ia64.rpm x86_64: e0efba6fedf580dc163d3363f1f58f9d java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.x86_64.rpm 7d2ea6f7b85d9b6679418735388463bd java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.x86_64.rpm 04ca69cd86facb7e6da94dca5f7c4741 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.x86_64.rpm 6686e763dbe66aa089d9f5952af474af java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.x86_64.rpm e6ac211159748fac80c30ea6838b769a java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745 http://www-128.ibm.com/developerworks/java/jdk/alerts/ http://www.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFFyi+8XlSAg2UNWIIRAqxmAJ9kUQbmruGzvYg2ETmG7UpixwOqfACgwsU5 OaUT+XxVODUOQakqcyikbH4= =t+i5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRc/cQSh9+71yA2DNAQK1pQQAmerliSV0euZ7nvq2yTK+SgZl7LE1p+hj e/YGsDrGqYtjdwYpECNjpTHiMv1YnFlwuG6c6wS2mxWGHOHdsOdVzCY1CLhTaEOT 904IToWQVipfc0zVkZ6JZKkO6Yo7H+GGBsN1GNp6ISZyaztyfiuqBvO4tnTyRkM6 FvHMB0QyB24= =NePj -----END PGP SIGNATURE-----