SuSE 10 Security Update : Java (ZYPP Patch Number 3844)
Medium Nessus Plugin ID 29472
The remote SuSE 10 host is missing a security-related patch.
The Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs, including the following security bugs : - Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. (CVE-2007-2788 / CVE-2007-3004) - The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. (CVE-2007-2789 / CVE-2007-3005) - Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. (CVE-2007-0243)