openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-3832)
Medium Nessus Plugin ID 27280
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe Sun JAVA JDK 1.5.0 was upgraded to release 12 to fix various bugs, including the following security bugs :
CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file.
CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact.
CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
SolutionUpdate the affected java-1_5_0-sun packages.