Novell

This is Your Open EnterpriseTM

IBM Java 1.4.2 20080723

(c75f99d8e875876c1432cb28ca2d13b0)

This document (5033642) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: ppc
Security patch: YesView security alerts.
Priority: Mandatory
Distribution Type: Public
http://download.novell.com/Download?buildid=hB7pOHsYbbs~

document

Revision: 1
Document ID: 5033642
Creation Date: 2008-08-22 06:46:33

abstract

IBM Java 1.4.2
SuSE Linux Maintenance Web (c75f99d8e875876c1432cb28ca2d13b0)

Applies to

Package: java-1_4_2-ibm java-1_4_2-ibm-demo java-1_4_2-ibm-devel java-1_4_2-ibm-jdbc java-1_4_2-ibm-plugin java-1_4_2-ibm-src
Product(s):
SLE SDK 10 SP1 for x86
SLE SDK 10 SP1 for IPF
SLE SDK 10 SP1 for IBM iSeries and IBM pSeries
SLE SDK 10 SP1 for IBM zSeries
SLE SDK 10 SP1 for X86-64
SLE SDK 10 SP2 for x86
SLE SDK 10 SP2 for IPF
SLE SDK 10 SP2 for IBM iSeries and IBM pSeries
SLE SDK 10 SP2 for IBM zSeries
SLE SDK 10 SP2 for X86-64
SUSE Linux Enterprise Server 10 SP2 for x86
SUSE Linux Enterprise Server 10 SP2 for IPF
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP1 for x86
SUSE Linux Enterprise Server 10 SP1 for IPF
SUSE Linux Enterprise Server 10 SP1 for IBM POWER
SUSE Linux Enterprise Server 10 SP1 for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP1 for AMD64 and Intel EM64T
Patch: sdkp1-java-1_4_2-ibm-5465

Release: 20080723
Obsoletes: none

details

Indications

Everyone using IBM Java should update.

Contraindications

None.

Problem description

This update of IBM Java to 1.4.2 SR11 fixes various security problems:

  • CVE-2008-1196: Stack-based buffer overflow in Java Web Start (javaws.exe) allows remote attackers to execute arbitrary code via a crafted JNLP file.
  • CVE-2008-1187: Unspecified vulnerability in the Java Runtime Environment (JRE) allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms.
  • CVE-2007-5240: Visual truncation vulnerability in the Java Runtime Environment allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.

Solution

Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:

rpm -Fvh java-1_4_2-ibm.rpm java-1_4_2-ibm-demo.rpm java-1_4_2-ibm-devel.rpm java-1_4_2-ibm-jdbc.rpm java-1_4_2-ibm-plugin.rpm  java-1_4_2-ibm-src.rpm

file contents

Files IncludedSizeDate
java-1_4_2-ibm-1.4.2_sr11-0.6.ppc.rpm0 bytes2008-08-22 06:46:39
java-1_4_2-ibm-devel-1.4.2_sr11-0.6.ppc.rpm2.3 MB (2512410)2008-08-22 07:45:38
java-1_4_2-ibm-jdbc-1.4.2_sr11-0.6.ppc.rpm34.8 KB (35708)2008-08-22 07:45:38
readme_5033642.htmlN/A2008-08-22 07:59:42

source packages

Download the source code of the patches for maintained products.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.