The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Java JDK/JRE/SDK: several vulnerabilities

Synthesis of the vulnerability 

Several vulnerabilities were announced in Java JDK/JRE/SDK.
Vulnerable systems: Debian, Fedora, HP-UX, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity of this threat: 4/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 26/03/2009.
Références of this weakness: 254569, 254570, 254571, 254608, 254609, 254610, 254611, 6522586, 6630639, 6632886, 6636360, 6646860, 6706490, 6717680, 6724331, 6737315, 6782871, 6792554, 6798948, 6804996, 6804997, 6804998, 6804999, BID-34240, c01745133, c01805643, CERTA-2010-AVI-043, CERTA-2010-AVI-217, CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, DSA-1769-1, FEDORA-2009-3058, HPSBMA02445, HPSBUX02429, MDVSA-2009:137, MDVSA-2009:162, RHSA-2009:0377-01, RHSA-2009:0392-01, RHSA-2009:0394-01, RHSA-2009:1038-01, RHSA-2009:1198-02, RHSA-2009:1662-01, SSRT090058, SUSE-SA:2009:016, SUSE-SA:2009:029, SUSE-SA:2009:036, SUSE-SR:2009:011, VIGILANCE-VUL-8564, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5, VMSA-2010-0002, VMSA-2010-0002.1, VMSA-2010-0002.2, VMSA-2010-0002.3.

Description of the vulnerability 

Several vulnerabilities were announced in Java JDK/JRE/SDK.

A client can initialize a connection in a special way in order to create a denial of service on the LDAP server. [severity:2/4; 254569, 6717680, CERTA-2010-AVI-043, CVE-2009-1093]

A malicious LDAP server can create a denial of service on the client. [severity:3/4; 254569, 6737315, CVE-2009-1094]

Several overflows in the unpack200 JAR extraction utility lead to code executions. [severity:4/4; 254570, 6792554, CVE-2009-1095, CVE-2009-1096]

A malicious PNG image creates an integer overflow leading to code execution. [severity:4/4; 254571, 6804996, CVE-2009-1097]

Java Web Start displays an image when it starts ("splash screen"). A malicious GIF image creates a decoding error leading to code execution. [severity:4/4; 254571, 6804997]

A malicious GIF image creates an error during the calculation of an offset, which corrupts the memory and leads to code execution. [severity:4/4; 254571, 6804998, CVE-2009-1098]

A malicious font forces the usage of a negative integer, and then a write before the allocated buffer, which leads to code execution. [severity:4/4; 254571, 6804999]

The usage of a malicious font file consumes a large amount of disk space. [severity:2/4; 254608, 6522586]

The usage of a malicious font file consumes a large amount of disk space. [severity:2/4; 254608, 6632886]

A remote attacker can create a denial of service via HTTP on JAX-WS Service Endpoint. [severity:2/4; 254609, 6630639, CVE-2009-1101]

An error in the code generation can be used by a malicious applet to execute code on the computer. [severity:4/4; 254610, 6636360, CVE-2009-1102]

An error in the Java Plug-in deserialization can be used by an applet to execute code. [severity:4/4; 254611, 6646860, CVE-2009-1103]

JavaScript code can use the Plug-in to connect to ports of the system via LiveConnect. [severity:3/4; 254611, 6724331, CVE-2009-1104]

An applet can request to be executed on a vulnerable JRE version. [severity:2/4; 254611, 6706490, CERTA-2010-AVI-217, CVE-2009-1105]

An applet can connect to sites providing crossdomain.xml. [severity:2/4; 254611, 6798948, CVE-2009-1106]

A signed applet can obscure the content of a dialog box and invite the victim to click. [severity:1/4; 254611, 6782871, CVE-2009-1107]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Debian, Fedora, HP-UX, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.

Our Vigil@nce team determined that the severity of this computer vulnerability note is critical.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 16 vulnerabilities.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this security bulletin.

Solutions for this threat 

Java JDK/JRE: version 6 Update 13.
Version 6 Update 13 is corrected:
  http://java.sun.com/javase/downloads/index.jsp
  http://java.com/
For Solaris:
  Java SE 6 Update 13 : patch 125136-14
  Java SE 6 Update 13 64bit : patch 125137-14
  Java SE 6 x86 Update 13 : patch 125138-14
  Java SE 6 x86 Update 13 64bit : patch 125139-14

Java JDK/JRE: version 5.0 Update 18.
Version 5.0 Update 18 is corrected:
  http://java.sun.com/javase/downloads/index_jdk5.jsp
For Solaris :
  J2SE 5.0 Update 18 : patch 118666-19
  J2SE 5.0 Update 18 64bit : patch 118667-19
  J2SE 5.0 x86 Update 18 : patch 118668-19
  J2SE 5.0 x86 Update 18 64bit : patch 118669-19

Java SDK/JRE: version 1.4.2_20.
Version 1.4.2_20 is corrected:
  http://java.com/

Java SDK/JRE: version 1.3.1_25.
Version 1.3.1_25 is corrected:
  http://java.com/

HP Serviceguard Manager: corrected versions.
The HP announce indicates corrected versions.

VMware ESX, ESXi, VirtualCenter: solution.
Following version is corrected:
VirtualCenter 4.0 Update 1
  http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware Virtual Center 2.5 Update 6
  http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
ESXi 4.0 Update 1
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip
ESXi 3.5
  http://download3.vmware.com/software/vi/ESXe350-201002401-O-SG.zip
ESX 4.0 Update 1
  https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip
  known problems: http://kb.vmware.com/kb/1016070
ESX 3.5
  http://download3.vmware.com/software/vi/ESX350-201002407-SG.zip
  http://download3.vmware.com/software/vi/ESX350-201002402-SG.zip
  http://download3.vmware.com/software/vi/ESX350-201002404-SG.zip
  http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
ESX 3.0.3
  http://download3.vmware.com/software/vi/ESX303-201002204-UG.zip
  http://download3.vmware.com/software/vi/ESX303-201002206-UG.zip
  http://download3.vmware.com/software/vi/ESX303-201002205-UG.zip

Debian: new openjdk-6 packages.
New packages are available:
  http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-*_6b11-9.1+lenny2_*.deb

Fedora 10: new java-1.6.0-openjdk packages.
New packages are available:
  java-1.6.0-openjdk-1.6.0.0-13.b14.fc10

HP-UX: Java version 1.4.2.22.00, 1.5.0.16.00 and 1.6.0.04.00.
Versions 1.4.2.22.00, 1.5.0.16.00 and 1.6.0.04.00 are corrected:
  https://www.hp.com/go/swa

Mandriva ES5: new java-1.6.0-openjdk packages.
New packages are available:
Mandriva Enterprise Server 5:
  java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.3mdvmes5
  rhino-1.7-0.0.2.2mdvmes5

Mandriva: new java-1.6.0-openjdk packages.
New packages are available:
  Mandriva Linux 2009.0: java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.0
  Mandriva Linux 2009.1: java-1.6.0-openjdk-1.6.0.0-0.20.b16.0.2mdv2009.1

Red Hat Network Satellite Server: new Java packages.
New packages are available:
Red Hat Network Satellite Server 5.1 (RHEL v.4 AS):
  java-1.5.0-sun-1.5.0.22-1jpp.1.el4

RHEL 4E, 5S: new java-1.5.0 packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras:
  java-1.5.0-sun-1.5.0.18-1jpp.1.el4
  java-1.5.0-ibm-1.5.0.9-1jpp.5.el4
Red Hat Enterprise Linux version 5 Supplementary:
  java-1.5.0-sun-1.5.0.18-1jpp.1.el5
  java-1.5.0-ibm-1.5.0.9-1jpp.3.el5

RHEL 4E, 5S: new java-1.6.0-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras:
  java-1.6.0-ibm-1.6.0.5-1jpp.1.el4
Red Hat Enterprise Linux version 5 Supplementary:
  java-1.6.0-ibm-1.6.0.5-1jpp.1.el5

RHEL 4E, 5S: new java-1.6.0-sun packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras: java-1.6.0-sun-1.6.0.13-1jpp.1.el4
Red Hat Enterprise Linux version 5 Supplementary: java-1.6.0-sun-1.6.0.13-1jpp.1.el5

RHEL 5: new java-1.6.0-openjdk packages.
New packages are available:
Red Hat Enterprise Linux version 5: java-1.6.0-openjdk-1.6.0.0-0.30.b09.el5

SUSE: new Java packages.
New packages are available:
openSUSE 11.1:
  http://download.opensuse.org/update/11.1/rpm/i586/java-1_5_0-sun*-1.5.0_update18-0.1.1.i586.rpm
  http://download.opensuse.org/update/11.1/rpm/i586/java-1_6_0-sun*-1.6.0.u13-0.1.1.i586.rpm
openSUSE 11.0:
  http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun*-1.5.0_update18-0.1.i586.rpm
  http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun*-1.6.0.u13-0.1.i586.rpm
openSUSE 10.3:
  http://download.opensuse.org/update/10.3/rpm/i586/java-1_5_0-sun*-1.5.0_update18-0.1.i586.rpm
  http://download.opensuse.org/update/10.3/rpm/i586/java-1_6_0-sun*-1.6.0.u12-1.4.i586.rpm
SUSE Linux Enterprise Server 10 SP1
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=4495d420cc31b3e7021a04db76636f7a
Open Enterprise Server
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=316bc2ba25f95569ad6a7c96e77f903c
Novell Linux POS 9
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=316bc2ba25f95569ad6a7c96e77f903c
SUSE SLES 9
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=316bc2ba25f95569ad6a7c96e77f903c
SUSE Linux Enterprise Server 10 SP2
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d5c49d253f068382dcf6120eb25b280c
SUSE Linux Enterprise Desktop 10 SP2
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d5c49d253f068382dcf6120eb25b280c
SLES 11
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=706f811c965148739c35d07d3653b91c
SLE 11
  http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=706f811c965148739c35d07d3653b91c

SUSE: new packages (09/06/2009).
New packages are available.

VMware ESX, vCenter: patch for Java.
VMware Virtual Center 2.5 Update 6 is corrected:
  http://downloads.vmware.com/download/download.do?downloadGroup=VC250U6
VMware vCenter Server 4 Update 2 is corrected:
  http://www.vmware.com/download/download.do?downloadGroup=VC40U2
The patch ESX350-201003403-SG is available for ESX 3.5 :
  http://download3.vmware.com/software/vi/ESX350-201003403-SG.zip
  md5sum: cdddef476c06eeb28c10c5dac3730dca
  http://kb.vmware.com/kb/1018702
Le patch ESX400-201005402-SG est disponible pour ESX 4.0 :
  http://bit.ly/aqTCqn
  md5sum: ace37cd8d7c6388edcea2798ba8be939
  sha1sum: 8fe7312fe74a435e824d879d4f1ff33df25cee78
  http://kb.vmware.com/kb/1013127

VMware: patches for DHCP, Service Console kernel, JRE.
A patch is available in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities.