---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: SUSE update for IBM JRE/SDK Java and Sun Java JRE/SDK SECUNIA ADVISORY ID: SA26119 VERIFY ADVISORY: http://secunia.com/advisories/26119/ CRITICAL: Highly critical IMPACT: Security Bypass, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: SUSE Linux 10 http://secunia.com/product/6221/ SUSE Linux 10.1 http://secunia.com/product/10796/ openSUSE 10.2 http://secunia.com/product/13375/ SuSE Linux Enterprise Server 8 http://secunia.com/product/1171/ SuSE Linux Openexchange Server 4.x http://secunia.com/product/2001/ SuSE Linux Desktop 1.x http://secunia.com/product/2002/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ UnitedLinux 1.0 http://secunia.com/product/2003/ SOFTWARE: Novell Open Enterprise Server http://secunia.com/product/4664/ DESCRIPTION: SUSE has issued an update for IBM Java JRE/SDK and Sun Java JRE/SDK. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, gain escalated privileges, cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Notes: The following affects both Sun Java and IBM Java JRE/SDK: CVE-2007-0243 The following affect only IBM Java JRE/SDK: CVE-2006-6736 CVE-2006-6737 CVE-2006-6745 The following affect Sun Java JRE/SDK: CVE-2007-0243 CVE-2007-2788 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 For more information: SA23398 SA23445 SA23757 SA25295 SOLUTION: Apply updated packages. x86 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_update15-0.1.i586.rpm d127e4f44e096a9dd06c14814bd2182c ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_update15-0.1.i586.rpm a37f8d08c7e9789fc7876dc3e37da5b9 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-demo-1.4.2_update15-0.1.i586.rpm 0f2e825414bbfd9c1902c2d4d8471e43 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2_update15-0.1.i586.rpm d01ae6db6325f64a6b6a01aebe342031 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_update15-0.1.i586.rpm a86f7b7b752b6dbb45a1368027f393d6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2_update15-0.1.i586.rpm 4c9ff9f65b29b68a28ce1a8e84bf4813 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-src-1.4.2_update15-0.1.i586.rpm 18020d2e7c086751659f79fc54ca7fc6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_update12-3.1.i586.rpm e23a75a56e94d61ea64aae6d1364236d ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update12-3.1.i586.rpm 89647e053e07458532337478cce33cad ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-demo-1.5.0_update12-3.1.i586.rpm 962aef2cde996c68bf837f0b6c02a6e4 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0_update12-3.1.i586.rpm 15ba442c876600e59453b5e6a7d774b6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update12-3.1.i586.rpm 570092628e736998bf98e0153736595b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update12-3.1.i586.rpm 6b27e226c65e444521f3964933dd474b ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-src-1.5.0_update12-3.1.i586.rpm 703422879e4ebf22e6295383deae522d SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.15-2.1.i586.rpm 159c176de609647b9cbc4e2f477a793d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-2.1.i586.rpm e51e6c719126ab5efe679786c4f47cba ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-2.1.i586.rpm 066dc7eda76f25899b25cea8079afc0f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-2.1.i586.rpm 5599dfe80fe053e4a3332cc4f76e7720 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-2.1.i586.rpm 15d749d534785cfdf8bd109b7e1f76c9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-2.1.i586.rpm fc9e644929c7571f281382375f808dc7 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.15-2.1.i586.rpm 1a23c8b996815dd55f80c4298830256f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_12-2.1.i586.rpm 8f158ac8ab83f7d72a19caa29ceae701 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-2.1.i586.rpm 366a738ed2c0a26f11501c74d7ee88cb ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-2.1.i586.rpm 01452bd648010f03b2dade18ac412125 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-2.1.i586.rpm 5229399ac7f8500ecbe13c075ddd1215 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-2.1.i586.rpm 55693889496cb3bf2757f581eff753dc ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-2.1.i586.rpm 16e688147e8ebd8055ee35d7066a37a0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_12-2.1.i586.rpm 52b6439209a9f08f9a7c582f5be6afb1 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.15-1.1.i586.rpm 630512d206eb760db5be2506c227eb0b ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-1.1.i586.rpm 4a333fd9e8b28bc592b4f9bbfb710bf0 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-1.1.i586.rpm f9cb64c25765bf3317a25c980976ec77 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-1.1.i586.rpm ff1a6a11ef42ce167df4c3258a534ae8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-1.1.i586.rpm 69e15d0311de0f2d4ec83df1b0ccd28e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-1.1.i586.rpm 04072837c2eba22785fd87161d7c8fb8 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.4.2.15-1.1.i586.rpm 18f2e82b24615428c9703cb3c7699b4c ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-1.5.0_12-1.1.i586.rpm 8cdac523a1416fc23f86f74c20ee2d47 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-1.1.i586.rpm c00ff3d2b961c5da9a398a56231c15b9 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-1.1.i586.rpm 2e9049ba2424621e96ac63dd646d0860 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-1.1.i586.rpm 6660f2e9bb5bf3b4dfa080ced121d3d4 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-1.1.i586.rpm f0e93dd1acf6a6a2caa3f009b75fe061 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-1.1.i586.rpm a47683a25a369253173ddc28e4049f09 x86-64 Platform: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-1.5.0_update12-3.1.x86_64.rpm 9f3ef07f4bacc445eca261ee29e899ef ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update12-3.1.x86_64.rpm f293d1c08089f16daf990692df3d97d3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_update12-3.1.x86_64.rpm cfbf41758105bce296c6cbbd1a31c174 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update12-3.1.x86_64.rpm c6f54e2c39788faf1cd5518f38450b00 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update12-3.1.x86_64.rpm 54672479c76d8c30d076ef358e548db6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-src-1.5.0_update12-3.1.x86_64.rpm 37570a66f1227d7699353b4ebb2f5d92 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-1.5.0_12-2.1.x86_64.rpm b4dc3bf51489568887f316c4e56e7b0d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_12-2.1.x86_64.rpm 66860bf3f94132c4a199f454f9adcbed ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_12-2.1.x86_64.rpm 201e9f5ba9e7adcaffe79d3e0baeb6d8 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_12-2.1.x86_64.rpm a748d4e7ba25561cfcd29a6a1028a519 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_12-2.1.x86_64.rpm f19d6cbfe6bce232ef23a4a57ed22a46 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-src-1.5.0_12-2.1.x86_64.rpm 9c0d632b4a389232dc7be2c71a31bc29 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-1.5.0_12-1.1.x86_64.rpm a025ef68d1f195df7ee456f2fce52979 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_12-1.1.x86_64.rpm 9150ad42f5ba77284a632684ff0cb061 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_12-1.1.x86_64.rpm e11f8f7453ee1894f38f90d9cca7a30e ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_12-1.1.x86_64.rpm 4d94914d13825dfdecea50bf2679c179 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_12-1.1.x86_64.rpm 5120d762ca5dfc91fea4d41fe40c966e Sources: openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_4_2-sun-1.4.2_update15-0.1.nosrc.rpm ea53f3e1dbd5f3e8dd9df1e5d07d93ae ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/java-1_5_0-sun-1.5.0_update12-3.1.nosrc.rpm 790c082ae4ee14328b35e7da450ff2dd SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_4_2-sun-1.4.2.15-2.1.nosrc.rpm f3fd322dc7c4830d7d38ebea68598a8d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/java-1_5_0-sun-1.5.0_12-2.1.nosrc.rpm e944399dcd5667744fb0faf96bc61965 SUSE LINUX 10.0: ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_4_2-sun-1.4.2.15-1.1.src.rpm 09b093972cc108b7ce5e111c0edd4009 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/java-1_5_0-sun-1.5.0_12-1.1.nosrc.rpm 42d90396d048156c62d5946466281ed8 Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html SuSE Linux Desktop 1.0 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html http://support.novell.com/techcenter/psdb/dc35750a80dacaad950b2c1075b2b499.html SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html http://support.novell.com/techcenter/psdb/dc35750a80dacaad950b2c1075b2b499.html http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html Open Enterprise Server http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/90864743019d987b918e58f9bba908b8.html http://support.novell.com/techcenter/psdb/3012728a973846dec5946ec81fd01aca.html http://support.novell.com/techcenter/psdb/327376e840cf84f64469ae584f131ea6.html ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00007.html OTHER REFERENCES: SA23398: http://secunia.com/advisories/23398/ SA23445: http://secunia.com/advisories/23445/ SA23757: http://secunia.com/advisories/23757/ SA25295: http://secunia.com/advisories/25295/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------