The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of JDK: buffer overflow via a BMP or JPG image

Synthesis of the vulnerability 

An attacker can create a malicious BMP or JPG image in order to execute code on computer of victims opening it with a JDK application.
Vulnerable software: NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX.
Severity of this announce: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/05/2007.
Revision date: 23/10/2007.
Références of this computer vulnerability: 102686, 102934, 6466389, 6469538, 6483556, 6483560, BID-24004, BID-24267, CESA-2006-004, CVE-2007-2788, CVE-2007-2789, CVE-2007-3004-REJECT, CVE-2007-3005-REJECT, RHSA-2007:0817-01, RHSA-2007:0818-01, RHSA-2007:0829-01, RHSA-2007:0956-01, RHSA-2007:1086-01, RHSA-2008:0100-01, RHSA-2008:0133-01, RHSA-2008:0261-01, RHSA-2008:0524-01, SUSE-SA:2007:045, SUSE-SA:2007:056, VIGILANCE-VUL-6817, VMSA-2008-0002, VMSA-2008-0002.1, VU#138545.

Description of the vulnerability 

The javax.imagio.ImageIO class handles images from a Java application. This class has two vulnerabilities.

The ICC profile (International Color Consortium) defines color variations to apply on each device to display identical colors. Some image types, such as JPEG or PNG, can contain ICC profiles. An overflow occurs in ICC JPEG parser for JDK during the analysis of a malicious image. This overflow can lead to code execution. [severity:1/4; CVE-2007-2788, CVE-2007-3004-REJECT]

Under Linux, the analysis of a malicious BMP image generates a denial of service because JDK tries to access to /dev/tty. [severity:1/4; CVE-2007-2789, CVE-2007-3005-REJECT]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness announce impacts software or systems such as NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX.

Our Vigil@nce team determined that the severity of this vulnerability alert is low.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this computer threat announce.

Solutions for this threat 

JDK, JRE: version 6 Update 1.
Version 6 Update 1 is corrected:
  http://java.sun.com/javase/downloads/index.jsp
For Solaris :
 - Java SE 6: patch 125136-01
 - Java SE 6 64bit: patch 125137-01
 - Java SE 6_x86: patch 125138-01
 - Java SE 6_x86 64bit: patch 125139-01
Then, documents created by JavaDoc have to be regenerated.

JDK, JRE: version 5.0 Update 11.
Version 5.0 Update 11 is corrected:
  http://java.sun.com/j2se/1.5.0/download.jsp
For Solaris :
 - J2SE 5.0: patch 118666-11
 - J2SE 5.0 64bit: patch 118667-11
 - J2SE 5.0_x86: patch 118668-11
 - J2SE 5.0_x86 64bit: patch 118669-11

SDK, JRE: version 1.4.2_15.
Version 1.4.2_15 is corrected:
  http://java.sun.com/j2se/1.4.2/download.html

SDK/JRE: version 1.3.1_20.
Version 1.3.1_20 is corrected:
  http://java.sun.com/products/archive/

JDK: versions 1.5.0_11-b03 and 1.6.0_01-b06.
Versions 1.5.0_11-b03 and 1.6.0_01-b06 are available:
  http://java.sun.com/javase/downloads/index_jdk5.jsp

Red Hat Network Satellite Server: version 5.0.2.
Version 5.0.2 is corrected.

RHEL 2.1: new IBMJava2 packages.
New packages are available:
  IBMJava2-JRE-1.3.1-17
  IBMJava2-SDK-1.3.1-17

RHEL 3AS, 4AS: new java, apache, modperl, modssl packages.
New packages are available:
Red Hat Network Satellite Server 4.2 (RHEL v.3 AS):
i386:
jabberd-2.0s10-3.37.rhn.i386.rpm
java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm
java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.i386.rpm
openmotif21-2.1.30-9.RHEL3.8.i386.rpm
openmotif21-debuginfo-2.1.30-9.RHEL3.8.i386.rpm
rhn-apache-1.3.27-36.rhn.rhel3.i386.rpm
rhn-modjk-ap13-1.2.23-2rhn.rhel3.i386.rpm
rhn-modperl-1.29-16.rhel3.i386.rpm
rhn-modssl-2.8.12-8.rhn.10.rhel3.i386.rpm
noarch:
jfreechart-0.9.20-3.rhn.noarch.rpm
perl-Crypt-CBC-2.24-1.el3.noarch.rpm
tomcat5-5.0.30-0jpp_10rh.noarch.rpm
Red Hat Network Satellite Server 4.2 (RHEL v.4 AS):
i386:
jabberd-2.0s10-3.38.rhn.i386.rpm
java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm
openmotif21-2.1.30-11.RHEL4.6.i386.rpm
openmotif21-debuginfo-2.1.30-11.RHEL4.6.i386.rpm
rhn-apache-1.3.27-36.rhn.rhel4.i386.rpm
rhn-modjk-ap13-1.2.23-2rhn.rhel4.i386.rpm
rhn-modperl-1.29-16.rhel4.i386.rpm
rhn-modssl-2.8.12-8.rhn.10.rhel4.i386.rpm
noarch:
jfreechart-0.9.20-3.rhn.noarch.rpm
perl-Crypt-CBC-2.24-1.el4.noarch.rpm
tomcat5-5.0.30-0jpp_10rh.noarch.rpm

RHEL 3E, 4E, 5S: new java-1.4.2-bea packages.
New packages are available:
Red Hat Enterprise Linux version 3 : java-1.4.2-bea-1.4.2.16-1jpp.1.el3
Red Hat Enterprise Linux version 4 : java-1.4.2-bea-1.4.2.16-1jpp.1.el4
Red Hat Enterprise Linux version 5 : java-1.4.2-bea-1.4.2.16-1jpp.1.el5

RHEL 4, 5: new java-1.5.0-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 4: java-1.5.0-ibm-1.5.0.5-1jpp.2.el4
Red Hat Enterprise Linux version 5: java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5

RHEL 4 Extras: new java-1.4.2-bea packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras: java-1.4.2-bea-1.4.2.15-1jpp.2.el4

RHEL Extras 3, 4, 5: new java-1.4.2-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 3 Extras: java-1.4.2-ibm-1.4.2.9-1jpp.1.el3
Red Hat Enterprise Linux version 4 Extras: java-1.4.2-ibm-1.4.2.9-1jpp.1.el4
RHEL Desktop Supplementary version 5: java-1.4.2-ibm-1.4.2.9-1jpp.1.el5

RHEL Extras 4: new java-1.5.0-sun packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras: java-1.5.0-sun-1.5.0.12-1jpp.2.el4

RHEL: new java-1.5.0-bea packages.
New packages are available:
Red Hat Enterprise Linux version 4: java-1.5.0-bea-1.5.0.11-1jpp.2.el4
Red Hat Enterprise Linux version 5: java-1.5.0-bea-1.5.0.11-1jpp.1.el5

SUSE: new IBM Java packages.
New packages are available:
   UnitedLinux 1.0
     http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.html
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   SuSE Linux Openexchange Server 4
     http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.html
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   Open Enterprise Server
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   Novell Linux POS 9
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   SuSE Linux Enterprise Server 8
     http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.html
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   SuSE Linux Standard Server 8
     http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.html
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   SuSE Linux School Server
     http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.html
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   SUSE LINUX Retail Solution 8
     http://support.novell.com/techcenter/psdb/4931a7f4cae4a43064c21ec2362f54e5.html
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   SUSE SLES 9
     http://support.novell.com/techcenter/psdb/1d3d4cc05bdfc425f875a1d8a7ef9b7e.html
   SLE SDK 10 SP1
     http://support.novell.com/techcenter/psdb/51fd7d03020fe413e43cda8f60442612.html
   SUSE Linux Enterprise Server 10 SP1
     http://support.novell.com/techcenter/psdb/51fd7d03020fe413e43cda8f60442612.html
     http://support.novell.com/techcenter/psdb/5544d25cb52fbadcc4de5bfd2d3654a1.html
   SUSE Linux Enterprise Desktop 10 SP1
     http://support.novell.com/techcenter/psdb/5544d25cb52fbadcc4de5bfd2d3654a1.html

SUSE: new java packages (19/07/2007).
New packages are available:
   openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_update15-0.1.i586.rpm
         d127e4f44e096a9dd06c14814bd2182c
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_update15-0.1.i586.rpm
         a37f8d08c7e9789fc7876dc3e37da5b9
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-demo-1.4.2_update15-0.1.i586.rpm
         0f2e825414bbfd9c1902c2d4d8471e43
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2_update15-0.1.i586.rpm
         d01ae6db6325f64a6b6a01aebe342031
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_update15-0.1.i586.rpm
         a86f7b7b752b6dbb45a1368027f393d6
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2_update15-0.1.i586.rpm
         4c9ff9f65b29b68a28ce1a8e84bf4813
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-src-1.4.2_update15-0.1.i586.rpm
         18020d2e7c086751659f79fc54ca7fc6
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_update12-3.1.i586.rpm
         e23a75a56e94d61ea64aae6d1364236d
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update12-3.1.i586.rpm
         89647e053e07458532337478cce33cad
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-demo-1.5.0_update12-3.1.i586.rpm
         962aef2cde996c68bf837f0b6c02a6e4
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0_update12-3.1.i586.rpm
         15ba442c876600e59453b5e6a7d774b6
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update12-3.1.i586.rpm
         570092628e736998bf98e0153736595b
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update12-3.1.i586.rpm
         6b27e226c65e444521f3964933dd474b
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-src-1.5.0_update12-3.1.i586.rpm
         703422879e4ebf22e6295383deae522d
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.15-2.1.i586.rpm
         159c176de609647b9cbc4e2f477a793d
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-2.1.i586.rpm
         e51e6c719126ab5efe679786c4f47cba
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-2.1.i586.rpm
         066dc7eda76f25899b25cea8079afc0f
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-2.1.i586.rpm
         5599dfe80fe053e4a3332cc4f76e7720
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-2.1.i586.rpm
         15d749d534785cfdf8bd109b7e1f76c9
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-2.1.i586.rpm
         fc9e644929c7571f281382375f808dc7
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.15-2.1.i586.rpm
         1a23c8b996815dd55f80c4298830256f
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_12-2.1.i586.rpm
         8f158ac8ab83f7d72a19caa29ceae701
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-2.1.i586.rpm
         366a738ed2c0a26f11501c74d7ee88cb
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-2.1.i586.rpm
         01452bd648010f03b2dade18ac412125
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-2.1.i586.rpm
         5229399ac7f8500ecbe13c075ddd1215
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-2.1.i586.rpm
         55693889496cb3bf2757f581eff753dc
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-2.1.i586.rpm
         16e688147e8ebd8055ee35d7066a37a0
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_12-2.1.i586.rpm
         52b6439209a9f08f9a7c582f5be6afb1
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.15-1.1.i586.rpm
         630512d206eb760db5be2506c227eb0b
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-1.1.i586.rpm
         4a333fd9e8b28bc592b4f9bbfb710bf0
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-1.1.i586.rpm
         f9cb64c25765bf3317a25c980976ec77
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-1.1.i586.rpm
         ff1a6a11ef42ce167df4c3258a534ae8
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-1.1.i586.rpm
         69e15d0311de0f2d4ec83df1b0ccd28e
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-1.1.i586.rpm
         04072837c2eba22785fd87161d7c8fb8
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.4.2.15-1.1.i586.rpm
         18f2e82b24615428c9703cb3c7699b4c
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-1.5.0_12-1.1.i586.rpm
         8cdac523a1416fc23f86f74c20ee2d47
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-1.1.i586.rpm
         c00ff3d2b961c5da9a398a56231c15b9
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-1.1.i586.rpm
         2e9049ba2424621e96ac63dd646d0860
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-1.1.i586.rpm
         6660f2e9bb5bf3b4dfa080ced121d3d4
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-1.1.i586.rpm
         f0e93dd1acf6a6a2caa3f009b75fe061
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-1.1.i586.rpm
         a47683a25a369253173ddc28e4049f09

VMware VirtualCenter, ESX: patch for Tomcat and JRE.
A patch is available:
  VMware VirtualCenter 2.5 Update 1 Release Notes
  http://www.vmware.com/support/vi3/doc/vi3_esx35u1_vc25u1_rel_notes.html
  VirtualCenter CD image md5sum: 0b5da72003e5627ae12669c2d43821e5
  VirtualCenter as Zip md5sum: 9146aa4743c0a56e37921f62fb898a64
  VMware VirtualCenter 2.0.2 Update 2 Release Notes
  http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html
  VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7
  VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b
  ESX 3.5
  http://download3.vmware.com/software/esx/ESX350-200803215-UG.zip
  md5sum: 225f16bbcf74f4312f0038d1dd018b27
  http://kb.vmware.com/kb/1003723
  ESX 3.0.2 ESX-1002434
  http://download3.vmware.com/software/vi/ESX-1002434.tgz
  md5sum: 2f52251f6ace3d50934344ef313539d5
  http://kb.vmware.com/kb/1002434
  ESX 3.0.1 ESX-1003176
  http://download3.vmware.com/software/vi/ESX-1003176.tgz
  md5sum: 5674ca0dcfac90726014cc316444996e
  http://kb.vmware.com/kb/1003176
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability database. The Vigil@nce vulnerability database contains several thousand vulnerabilities.