The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of JRE, JDK, SDK: access to data of other applets

Synthesis of the vulnerability 

A malicious applet can access to data of other applets via two vulnerabilities.
Impacted systems: NLD, OES, openSUSE, Java Oracle, RHEL, SLES.
Severity of this alert: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/12/2006.
Références of this alert: 102732, 6332750, 6378197, BID-21674, CVE-2006-6736, CVE-2006-6737, RHSA-2007:0062-02, RHSA-2007:0072-01, RHSA-2007:0073-01, SUSE-SA:2007:003, SUSE-SA:2007:010, SUSE-SA:2007:045, VIGILANCE-VUL-6419.

Description of the vulnerability 

Two independent vulnerabilities permit a malicious applet to access to data of other applets.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity announce impacts software or systems such as NLD, OES, openSUSE, Java Oracle, RHEL, SLES.

Our Vigil@nce team determined that the severity of this threat alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness alert.

Solutions for this threat 

JDK, JRE: version 5.0 Update 6.
Version 5.0 Update 6 is corrected:
  http://java.sun.com/javase/downloads/index_jdk5.jsp
  http://java.com/

SDK, JRE: version 1.4.2_11.
Version 1.4.2_11 is corrected:
  http://java.sun.com/j2se/1.4.2/download.html

SDK, JRE: version 1.3.1_19.
Version 1.3.1_19 is corrected:
  http://java.sun.com/j2se/1.3/download.html

RHEL 2.1: new IBMJava2 packages.
New packages are available:
Red Hat Enterprise Linux version 2.1:
  IBMJava2-JRE-1.3.1-12
  IBMJava2-SDK-1.3.1-11

RHEL Extras 4: new java-1.5.0-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras: java-1.5.0-ibm-1.5.0.3-1jpp.3.el4

RHEL Extras: new java-1.4.2-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 3 Extras: java-1.4.2-ibm-1.4.2.7-1jpp.4.el3
Red Hat Enterprise Linux version 4 Extras: java-1.4.2-ibm-1.4.2.7-1jpp.4.el4

SUSE: new IBMJava2 packages.
New packages are available:
   UnitedLinux 1.0
     http://support.novell.com/techcenter/psdb/95188799cf297558f0fc915c9d248d1a.html
   SuSE Linux Openexchange Server 4
     http://support.novell.com/techcenter/psdb/95188799cf297558f0fc915c9d248d1a.html
   SuSE Linux Enterprise Server 8
     http://support.novell.com/techcenter/psdb/95188799cf297558f0fc915c9d248d1a.html
   SuSE Linux Standard Server 8
     http://support.novell.com/techcenter/psdb/95188799cf297558f0fc915c9d248d1a.html
   SuSE Linux School Server
     http://support.novell.com/techcenter/psdb/95188799cf297558f0fc915c9d248d1a.html
   SUSE LINUX Retail Solution 8
     http://support.novell.com/techcenter/psdb/95188799cf297558f0fc915c9d248d1a.html
   SUSE SLES 10
     http://support.novell.com/techcenter/psdb/8924ac6b994acb949a8ad3572aba51d6.html
   SLE SDK 10
     http://support.novell.com/techcenter/psdb/8924ac6b994acb949a8ad3572aba51d6.html
   Open Enterprise Server
     http://support.novell.com/techcenter/psdb/f5b3f5adf5613e923c01c813a0923b58.html
   Novell Linux POS 9
     http://support.novell.com/techcenter/psdb/f5b3f5adf5613e923c01c813a0923b58.html
   SUSE SLES 9
     http://support.novell.com/techcenter/psdb/f5b3f5adf5613e923c01c813a0923b58.html

SUSE: new java packages (09/01/2007).
New packages are available:
   openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-*_update13-3.1.i586.rpm
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun*-1.4.2.13-0.2.i586.rpm
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2*-1.4.2.13-0.1.i586.rpm
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2*-1.4.2.13-0.1.i586.rpm

SUSE: new java packages (19/07/2007).
New packages are available:
   openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_update15-0.1.i586.rpm
         d127e4f44e096a9dd06c14814bd2182c
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_update15-0.1.i586.rpm
         a37f8d08c7e9789fc7876dc3e37da5b9
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-demo-1.4.2_update15-0.1.i586.rpm
         0f2e825414bbfd9c1902c2d4d8471e43
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2_update15-0.1.i586.rpm
         d01ae6db6325f64a6b6a01aebe342031
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_update15-0.1.i586.rpm
         a86f7b7b752b6dbb45a1368027f393d6
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2_update15-0.1.i586.rpm
         4c9ff9f65b29b68a28ce1a8e84bf4813
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-src-1.4.2_update15-0.1.i586.rpm
         18020d2e7c086751659f79fc54ca7fc6
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_update12-3.1.i586.rpm
         e23a75a56e94d61ea64aae6d1364236d
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update12-3.1.i586.rpm
         89647e053e07458532337478cce33cad
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-demo-1.5.0_update12-3.1.i586.rpm
         962aef2cde996c68bf837f0b6c02a6e4
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0_update12-3.1.i586.rpm
         15ba442c876600e59453b5e6a7d774b6
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update12-3.1.i586.rpm
         570092628e736998bf98e0153736595b
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update12-3.1.i586.rpm
         6b27e226c65e444521f3964933dd474b
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-src-1.5.0_update12-3.1.i586.rpm
         703422879e4ebf22e6295383deae522d
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.15-2.1.i586.rpm
         159c176de609647b9cbc4e2f477a793d
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-2.1.i586.rpm
         e51e6c719126ab5efe679786c4f47cba
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-2.1.i586.rpm
         066dc7eda76f25899b25cea8079afc0f
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-2.1.i586.rpm
         5599dfe80fe053e4a3332cc4f76e7720
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-2.1.i586.rpm
         15d749d534785cfdf8bd109b7e1f76c9
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-2.1.i586.rpm
         fc9e644929c7571f281382375f808dc7
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.15-2.1.i586.rpm
         1a23c8b996815dd55f80c4298830256f
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_12-2.1.i586.rpm
         8f158ac8ab83f7d72a19caa29ceae701
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-2.1.i586.rpm
         366a738ed2c0a26f11501c74d7ee88cb
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-2.1.i586.rpm
         01452bd648010f03b2dade18ac412125
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-2.1.i586.rpm
         5229399ac7f8500ecbe13c075ddd1215
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-2.1.i586.rpm
         55693889496cb3bf2757f581eff753dc
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-2.1.i586.rpm
         16e688147e8ebd8055ee35d7066a37a0
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_12-2.1.i586.rpm
         52b6439209a9f08f9a7c582f5be6afb1
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.15-1.1.i586.rpm
         630512d206eb760db5be2506c227eb0b
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1.4.2.15-1.1.i586.rpm
         4a333fd9e8b28bc592b4f9bbfb710bf0
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1.4.2.15-1.1.i586.rpm
         f9cb64c25765bf3317a25c980976ec77
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-1.4.2.15-1.1.i586.rpm
         ff1a6a11ef42ce167df4c3258a534ae8
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.15-1.1.i586.rpm
         69e15d0311de0f2d4ec83df1b0ccd28e
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin-1.4.2.15-1.1.i586.rpm
         04072837c2eba22785fd87161d7c8fb8
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.4.2.15-1.1.i586.rpm
         18f2e82b24615428c9703cb3c7699b4c
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-1.5.0_12-1.1.i586.rpm
         8cdac523a1416fc23f86f74c20ee2d47
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-alsa-1.5.0_12-1.1.i586.rpm
         c00ff3d2b961c5da9a398a56231c15b9
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-demo-1.5.0_12-1.1.i586.rpm
         2e9049ba2424621e96ac63dd646d0860
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-devel-1.5.0_12-1.1.i586.rpm
         6660f2e9bb5bf3b4dfa080ced121d3d4
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_12-1.1.i586.rpm
         f0e93dd1acf6a6a2caa3f009b75fe061
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_5_0-sun-plugin-1.5.0_12-1.1.i586.rpm
         a47683a25a369253173ddc28e4049f09
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.