Updated java-1.4.2-ibm packages to correct a set of security issues
are now available for Red Hat Enterprise Linux 3 and 4 Extras and Red Hat
Enterprise Linux 5 Supplementary.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
IBM's 1.4.2 SR9 Java release includes the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit.
A security vulnerability in the Java Web Start component was discovered.
An untrusted application could elevate it's privileges and read and write
local files that are accessible to the user running the Java Web Start
A buffer overflow in the image code JRE was found. An untrusted
applet or application could use this flaw to elevate its privileges and
potentially execute arbitrary code as the user running the java virtual
An unspecified vulnerability was discovered in the Java Runtime
Environment. An untrusted applet or application could cause the java
virtual machine to become unresponsive. (CVE-2007-3005)
All users of java-1.4.2-ibm should upgrade to these updated packages,
which contain IBM's 1.4.2 SR9 Java release that resolves these issues.