Back to search

CESA-2010:0408: java-1.4.2-ibm security update

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:N/C:C/I:C/A:C) November 04, 2009 August 29, 2010 November 25, 2014

Available Exploits 

Description

Updated java-1.4.2-ibm packages that fix various security issues are now available for CentOS Linux 4 and 5 for SAP. The CentOS Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes various vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2009-3555, CVE-2009-3867, CVE-2009-3869, CVE-2009-3871, CVE-2009-3874, CVE-2009-3875) For the CVE-2009-3555 issue, this update disables renegotiation in the non-default IBM JSSE2 provider for the Java Secure Socket Extension (JSSE) component. The default JSSE provider is not updated with this fix. Refer to the IBMJSSE2 Provider Reference Guide, linked to in the References, for instructions on how to configure the IBM Java 2 Runtime Environment to use the JSSE2 provider by default. When using the JSSE2 provider, unsafe renegotiation can be re-enabled using the com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase article for details: http://kbase.redhat.com/faq/docs/DOC-20491 Warning: Do not install these java-1.4.2-ibm packages for SAP alongside the java-1.4.2-ibm packages from the CentOS Linux Extras or Supplementary channels on the CentOS Network. Doing so could cause your system to fail to update cleanly, among other possible problems. All users of java-1.4.2-ibm for CentOS Linux 4 and 5 for SAP are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP4 Java release. All running instances of IBM Java must be restarted for this update to take effect.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

linuxrpm-upgrade-centos40-x86_64-java-1_4_2-ibm

Related Vulnerabilities