RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0244)
High Nessus Plugin ID 40721
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionUpdated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
The BEA WebLogic JRockit 1.5.0_14 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_14, and are certified for the Java 5 Platform, Standard Edition, v1.5.0.
A flaw was found in the Java XSLT processing classes. An untrusted application or applet could cause a denial of service, or execute arbitrary code with the permissions of the user running the JRE.
A flaw was found in the JRE image parsing libraries. An untrusted application or applet could cause a denial of service, or possibly execute arbitrary code with the permissions of the user running the JRE. (CVE-2008-1193)
A flaw was found in the JRE color management library. An untrusted application or applet could trigger a denial of service (JVM crash).
The vulnerabilities concerning applets listed above can only be triggered in java-1.5.0-bea, by calling the 'appletviewer' application.
Users of java-1.5.0-bea are advised to upgrade to these updated packages, which resolve these issues.
SolutionUpdate the affected packages.