SuSE Update for IBMJava2 SUSE-SA:2007:010

Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Various security problems and bugs have been fixed in the IBMJava JRE and SDK. The IBM Java packages were updated to: - IBM Java 1.4.2 to Service Refresh 7. - IBM JAVA 1.3.10 to Service Refresh 10. It contains several security fixes also fixed in SUN Java including: - CVE-2006-4339: fix for the RSA exponent padding attack. - CVE-2006-6737: 2 unspecified vulnerabilities that allow untrusted applets to access data in other applets. - CVE-2006-6745: Multiple unspecified vulnerabilities that allow applets to gain privileges related to serialization bugs in the JRE. - CVE-2006-6731: Multiple buffer overflows in java image handling routines that allow attackers to potentially read/write/execute local files. A full overview is at: http://www-128.ibm.com/developerworks/java/jdk/alerts/ The update also contains important timezone updates: - US daylight saving time update starting 2007. - Western Australia daylight savings time introduction in December 2006. - A general update to current timezone data-set.
Affected
IBMJava2 on SuSE Linux Enterprise Server 8, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLES 10
References