Oval Definition:oval:com.redhat.rhsa:def:20070963
Revision Date:2007-10-12Version:602
Title:RHSA-2007:0963: java-1.5.0-sun security update (Important)
Description:The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language.

A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232)

  • Multiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238)

  • Untrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239)

  • The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240)

  • Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273)

  • Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5274)

    In Red Hat Enterprise Linux a Java Web Start application requesting elevated permissions is only started automatically when signed with a trusted code signing certificate and otherwise requires user confirmation to access privileged resources.

    All users of java-sun-1.5.0 should upgrade to these packages, which contain Sun Java 1.5.0 Update 13 that corrects these issues.

    Please note that during our quality testing we discovered that the Java browser plug-in may not function perfectly when visiting some sites that make use of multiple applets on a single HTML page. We have verified that this issue is not due to our packaging and affects Sun Java 1.5.0 Update 13.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-5232
    CVE-2007-5238
    CVE-2007-5239
    CVE-2007-5240
    CVE-2007-5273
    CVE-2007-5274
    CVE-2007-5689
    RHSA-2007:0963-01
    Platform(s):Supplementary for Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux 5 is installed
  • AND Package Information
  • java-1.5.0-sun is earlier than 0:1.5.0.13-1jpp.1.el5
  • AND java-1.5.0-sun is signed with Red Hat redhatrelease key
  • OR
  • java-1.5.0-sun-demo is earlier than 0:1.5.0.13-1jpp.1.el5
  • AND java-1.5.0-sun-demo is signed with Red Hat redhatrelease key
  • OR
  • java-1.5.0-sun-devel is earlier than 0:1.5.0.13-1jpp.1.el5
  • AND java-1.5.0-sun-devel is signed with Red Hat redhatrelease key
  • OR
  • java-1.5.0-sun-jdbc is earlier than 0:1.5.0.13-1jpp.1.el5
  • AND java-1.5.0-sun-jdbc is signed with Red Hat redhatrelease key
  • OR
  • java-1.5.0-sun-plugin is earlier than 0:1.5.0.13-1jpp.1.el5
  • AND java-1.5.0-sun-plugin is signed with Red Hat redhatrelease key
  • OR
  • java-1.5.0-sun-src is earlier than 0:1.5.0.13-1jpp.1.el5
  • AND java-1.5.0-sun-src is signed with Red Hat redhatrelease key
    • BACK