Privacy and Legal Notice

CIAC INFORMATION BULLETIN

S-360: java-1.5.0-ibm Security Update

[Red Hat RHSA-2008:0790-9]

August 18, 2008 19:00 GMT
PROBLEM: There are several vulnerabilities in Java Web Start where a remote attacker could cause malicious XML to be processed by an untrusted applet or application.
PLATFORM: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 4)
DAMAGE: Remote code execution.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. This could elevate permissions to access URLs on a remote host.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 7.5
6.2
(AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-360.shtml
  ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2008-0790.html
  CVE: CVE-2008-3104 CVE-2008-3106 CVE-2008-3108 CVE-2008-3111 CVE-2008-3112 CVE-2008-3113 CVE-2008-3114 
[***** Start Red Hat  RHSA-2008:0790-9 *****]

Critical: java-1.5.0-ibm security update

Advisory: RHSA-2008:0790-9
Type: Security Advisory
Severity: Critical
Issued on: 2008-07-31
Last updated on: 2008-07-31
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-3104
CVE-2008-3106
CVE-2008-3108
CVE-2008-3111
CVE-2008-3112
CVE-2008-3113
CVE-2008-3114

Details

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

A vulnerability in the XML processing API was found. A remote attacker who
caused malicious XML to be processed by an untrusted applet or application
was able to elevate permissions to access URLs on a remote host.
(CVE-2008-3106)

A buffer overflow vulnerability was found in the font processing code. This
allowed remote attackers to extend the permissions of an untrusted applet
or application, allowing it to read and/or write local files, as well as to
execute local applications accessible to the user running the untrusted
application. (CVE-2008-3108)

Several buffer overflow vulnerabilities in Java Web Start were reported.
These vulnerabilities allowed an untrusted Java Web Start application to
elevate its privileges, allowing it to read and/or write local files, as
well as to execute local applications accessible to the user running the
untrusted application. (CVE-2008-3111)

Two file processing vulnerabilities in Java Web Start were found. A remote
attacker, by means of an untrusted Java Web Start application, was able to
create or delete arbitrary files with the permissions of the user running
the untrusted application. (CVE-2008-3112, CVE-2008-3113)

A vulnerability in Java Web Start when processing untrusted applications
was reported. An attacker was able to acquire sensitive information, such
as the cache location. (CVE-2008-3114)

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, that contain the IBM 1.5.0 SR8 Java release, which resolves
these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Supplementary (v. 5 client)
IA-32:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.i386.rpm     4069826a5ae32578fd243e52c064f28b
java-1.5.0-ibm-accessibility-1.5.0.8-1jpp.1.el5.i386.rpm     8ba8597f91adfc7a6486ea291d07fa6c
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.i386.rpm     922fca3563ab0fe24d0962c592542a65
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.i386.rpm     129657ec6478a8d516793e8d1d443922
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.i386.rpm     13ec3260ec54277c123966cedf7e65e5
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el5.i386.rpm     07d4c3338805c7729fc648a49914a820
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el5.i386.rpm     01431d232b7a15c41cb013746073564d
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.i386.rpm     61f53a4baa9e037ab82d8c0ddeb80c87
 
x86_64:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.i386.rpm     4069826a5ae32578fd243e52c064f28b
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.x86_64.rpm     22349bec871f7a81e584b69f054481df
java-1.5.0-ibm-accessibility-1.5.0.8-1jpp.1.el5.x86_64.rpm     a28693f4202955e099e44d80168f9c49
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.i386.rpm     922fca3563ab0fe24d0962c592542a65
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.x86_64.rpm     b3ff8864b0771d432f31308486dd1ae1
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.i386.rpm     129657ec6478a8d516793e8d1d443922
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.x86_64.rpm     8e765b068701f34949853d309c680656
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.i386.rpm     13ec3260ec54277c123966cedf7e65e5
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.x86_64.rpm     9db410c8e3442cb9a90f24536f4a8855
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el5.i386.rpm     07d4c3338805c7729fc648a49914a820
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el5.i386.rpm     01431d232b7a15c41cb013746073564d
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.i386.rpm     61f53a4baa9e037ab82d8c0ddeb80c87
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.x86_64.rpm     1421338342e6f707ea8154c587434b8a
 
RHEL Supplementary (v. 5 server)
IA-32:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.i386.rpm     4069826a5ae32578fd243e52c064f28b
java-1.5.0-ibm-accessibility-1.5.0.8-1jpp.1.el5.i386.rpm     8ba8597f91adfc7a6486ea291d07fa6c
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.i386.rpm     922fca3563ab0fe24d0962c592542a65
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.i386.rpm     129657ec6478a8d516793e8d1d443922
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.i386.rpm     13ec3260ec54277c123966cedf7e65e5
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el5.i386.rpm     07d4c3338805c7729fc648a49914a820
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el5.i386.rpm     01431d232b7a15c41cb013746073564d
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.i386.rpm     61f53a4baa9e037ab82d8c0ddeb80c87
 
PPC:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.ppc.rpm     6700e91baddc692926778bc1e5cb0fde
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.ppc64.rpm     4ad1cc0b31ee513dd8f833d4688fba26
java-1.5.0-ibm-accessibility-1.5.0.8-1jpp.1.el5.ppc.rpm     1352e058b913fb18ffd8a75e36317eac
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.ppc.rpm     e4c3c7751804673b1ee999658724fa40
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.ppc64.rpm     3841eb717c487edeba3f26f5dd6a6ff2
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.ppc.rpm     8e961c9694b44126ac32776b7122e93c
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.ppc64.rpm     ed3ed44e93b59dd1114cb397d7916089
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.ppc.rpm     a4ab4e6866d65cc0d891c57311c8495d
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.ppc64.rpm     5fb19c904935d5b7124278a2f12467f4
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el5.ppc.rpm     8dbe81acdb629cb9d3c325c85a3eacff
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el5.ppc.rpm     c470b43ce712356a679cf00ae9464fa4
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.ppc.rpm     af7781efb83e5503910b4199d4d7b78e
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.ppc64.rpm     73d12d16375dd6fb2ca2f7058fd4a821
 
s390x:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.s390.rpm     05a07277f9f4c94d0af05f2d3146a485
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.s390x.rpm     adc073cfd786623afec0131d3ce6b5e1
java-1.5.0-ibm-accessibility-1.5.0.8-1jpp.1.el5.s390x.rpm     d2b6ecaca6f4a027baa32870ba343742
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.s390.rpm     dc6ab9b39d1d21ab224fe0a402e85ea1
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.s390x.rpm     a04b84dc213b79c0d4cff62473414266
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.s390.rpm     6b3507060a2337b41a92fce56b8ad62c
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.s390x.rpm     8859ab10b8b1c63c305fc070e3eecd68
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el5.s390.rpm     3c72915782ba87bfc2e9c2e61f86e31f
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.s390.rpm     bf5d9108900593b6c2a3df18e733168d
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.s390x.rpm     7d7a9f9bf4b419ef8b08c30bb7ffc17f
 
x86_64:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.i386.rpm     4069826a5ae32578fd243e52c064f28b
java-1.5.0-ibm-1.5.0.8-1jpp.1.el5.x86_64.rpm     22349bec871f7a81e584b69f054481df
java-1.5.0-ibm-accessibility-1.5.0.8-1jpp.1.el5.x86_64.rpm     a28693f4202955e099e44d80168f9c49
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.i386.rpm     922fca3563ab0fe24d0962c592542a65
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el5.x86_64.rpm     b3ff8864b0771d432f31308486dd1ae1
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.i386.rpm     129657ec6478a8d516793e8d1d443922
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el5.x86_64.rpm     8e765b068701f34949853d309c680656
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.i386.rpm     13ec3260ec54277c123966cedf7e65e5
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el5.x86_64.rpm     9db410c8e3442cb9a90f24536f4a8855
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el5.i386.rpm     07d4c3338805c7729fc648a49914a820
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el5.i386.rpm     01431d232b7a15c41cb013746073564d
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.i386.rpm     61f53a4baa9e037ab82d8c0ddeb80c87
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el5.x86_64.rpm     1421338342e6f707ea8154c587434b8a
 
Red Hat Enterprise Linux Extras (v. 4)
IA-32:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.i386.rpm     44e3953af0e1cf6e9257c46ea1019453
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.i386.rpm     44e3953af0e1cf6e9257c46ea1019453
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.i386.rpm     44e3953af0e1cf6e9257c46ea1019453
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.i386.rpm     44e3953af0e1cf6e9257c46ea1019453
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.i386.rpm     e7fb0fb69ffd8a84d6914206512c2772
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.i386.rpm     e7fb0fb69ffd8a84d6914206512c2772
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.i386.rpm     e7fb0fb69ffd8a84d6914206512c2772
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.i386.rpm     e7fb0fb69ffd8a84d6914206512c2772
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.i386.rpm     6630d3c955b57b74ed8f72fd5c545a53
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.i386.rpm     6630d3c955b57b74ed8f72fd5c545a53
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.i386.rpm     6630d3c955b57b74ed8f72fd5c545a53
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.i386.rpm     6630d3c955b57b74ed8f72fd5c545a53
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.i386.rpm     3ff62d20aec05814dff5b97e1aad8c78
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.i386.rpm     3ff62d20aec05814dff5b97e1aad8c78
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.i386.rpm     3ff62d20aec05814dff5b97e1aad8c78
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.i386.rpm     3ff62d20aec05814dff5b97e1aad8c78
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el4.i386.rpm     87683a524a5d23a1b52125a912141b07
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el4.i386.rpm     87683a524a5d23a1b52125a912141b07
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el4.i386.rpm     87683a524a5d23a1b52125a912141b07
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el4.i386.rpm     87683a524a5d23a1b52125a912141b07
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el4.i386.rpm     75c2f02aa30471f5152b6df09f0789ee
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el4.i386.rpm     75c2f02aa30471f5152b6df09f0789ee
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el4.i386.rpm     75c2f02aa30471f5152b6df09f0789ee
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el4.i386.rpm     75c2f02aa30471f5152b6df09f0789ee
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.i386.rpm     9131db89f34a1820c42885fac0d25644
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.i386.rpm     9131db89f34a1820c42885fac0d25644
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.i386.rpm     9131db89f34a1820c42885fac0d25644
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.i386.rpm     9131db89f34a1820c42885fac0d25644
 
PPC:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.ppc.rpm     e877f0f4be8992c9347f795fd8c10dfb
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.ppc.rpm     8543a50f9bef2b6bf4e34001dc633037
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.ppc.rpm     1d24db2c5e66d7ed2e7e173d49a1ea93
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.ppc.rpm     d8838c1cca60875490dd4405935716f0
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el4.ppc.rpm     06f51eefe6d889cea12d59075872264a
java-1.5.0-ibm-plugin-1.5.0.8-1jpp.1.el4.ppc.rpm     46c62dfbac4cd93d74031bb2fd2e5def
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.ppc.rpm     e18113da0263f9522b9f816d1b735b8d
 
s390:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.s390.rpm     4225afb69c5a0e45fe4e0c3c56c4600b
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.s390.rpm     601d8b8cb89290013c310ed211327d52
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.s390.rpm     f0e83f89327522c99c174e1d3603717a
java-1.5.0-ibm-jdbc-1.5.0.8-1jpp.1.el4.s390.rpm     b8f896b6a83f72df2c377ccee18b86fc
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.s390.rpm     a11940533903ace0f45bdf329d3f3235
 
s390x:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.s390x.rpm     4e2e589e3b71b316539bb793461cddcb
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.s390x.rpm     bc166c4c8395239c3c3b50e3478d7ee1
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.s390x.rpm     30aab8b015aa4f744b5b51808fcd612f
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.s390x.rpm     ae08669d77506d1c5193a62a61f2d0b4
 
x86_64:
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2283c06e192d63dbe810dd96881fe716
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2283c06e192d63dbe810dd96881fe716
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2283c06e192d63dbe810dd96881fe716
java-1.5.0-ibm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2283c06e192d63dbe810dd96881fe716
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.x86_64.rpm     aff747c2200d9117bc583294e40b2022
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.x86_64.rpm     aff747c2200d9117bc583294e40b2022
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.x86_64.rpm     aff747c2200d9117bc583294e40b2022
java-1.5.0-ibm-demo-1.5.0.8-1jpp.1.el4.x86_64.rpm     aff747c2200d9117bc583294e40b2022
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.x86_64.rpm     cde5d3e2531047395478458e47b47282
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.x86_64.rpm     cde5d3e2531047395478458e47b47282
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.x86_64.rpm     cde5d3e2531047395478458e47b47282
java-1.5.0-ibm-devel-1.5.0.8-1jpp.1.el4.x86_64.rpm     cde5d3e2531047395478458e47b47282
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2f1c95e6006d9793c2de91239d981dd3
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2f1c95e6006d9793c2de91239d981dd3
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2f1c95e6006d9793c2de91239d981dd3
java-1.5.0-ibm-javacomm-1.5.0.8-1jpp.1.el4.x86_64.rpm     2f1c95e6006d9793c2de91239d981dd3
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.x86_64.rpm     a361772401d6fb1c0904f14bc059d68c
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.x86_64.rpm     a361772401d6fb1c0904f14bc059d68c
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.x86_64.rpm     a361772401d6fb1c0904f14bc059d68c
java-1.5.0-ibm-src-1.5.0.8-1jpp.1.el4.x86_64.rpm     a361772401d6fb1c0904f14bc059d68c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

452649 - CVE-2008-3105 CVE-2008-3106 OpenJDK JAX-WS unauthorized URL access (6542088)
454601 - CVE-2008-3104 Java RE allows Same Origin Policy to be Bypassed (6687932)
454604 - CVE-2008-3108 Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)
454605 - CVE-2008-3111 Java Web Start Buffer overflow vulnerabilities (6557220)
454606 - CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
454607 - CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
454608 - CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/


[***** End Red Hat  RHSA-2008:0790-9 *****]
CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/