Back to search

RHSA-2010:0408: java-1.4.2-ibm security update

Severity CVSS Published Added Modified
9 (AV:N/AC:M/Au:N/C:C/I:C/A:C) November 05, 2009 May 13, 2010 December 05, 2013

Available Exploits 

Description

Updated java-1.4.2-ibm packages that fix various security issues are now available for Red Hat Enterprise Linux 4 and 5 for SAP. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes various vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM "Security alerts" page listed in the References section. (CVE-2009-3555, CVE-2009-3867, CVE-2009-3869, CVE-2009-3871, CVE-2009-3874, CVE-2009-3875) For the CVE-2009-3555 issue, this update disables renegotiation in the non-default IBM JSSE2 provider for the Java Secure Socket Extension (JSSE) component. The default JSSE provider is not updated with this fix. Refer to the IBMJSSE2 Provider Reference Guide, linked to in the References, for instructions on how to configure the IBM Java 2 Runtime Environment to use the JSSE2 provider by default. When using the JSSE2 provider, unsafe renegotiation can be re-enabled using the com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase article for details: http://kbase.redhat.com/faq/docs/DOC-20491 Warning: Do not install these java-1.4.2-ibm packages for SAP alongside the java-1.4.2-ibm packages from the Red Hat Enterprise Linux Extras or Supplementary channels on the Red Hat Network. Doing so could cause your system to fail to update cleanly, among other possible problems. All users of java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP4 Java release. All running instances of IBM Java must be restarted for this update to take effect.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

  • Red Hat Enterprise Linux 4 (x86_64)

    Upgrade java-1.4.2-ibm

    Update java-1.4.2-ibm to the latest version available from Red Hat, using tools like yum or up2date.

  • Red Hat Enterprise Linux 4 (x86_64)

    Upgrade java-1.4.2-ibm-demo

    Update java-1.4.2-ibm-demo to the latest version available from Red Hat, using tools like yum or up2date.

  • Red Hat Enterprise Linux 4 (x86_64)

    Upgrade java-1.4.2-ibm-devel

    Update java-1.4.2-ibm-devel to the latest version available from Red Hat, using tools like yum or up2date.

  • Red Hat Enterprise Linux 4 (x86_64)

    Upgrade java-1.4.2-ibm-javacomm

    Update java-1.4.2-ibm-javacomm to the latest version available from Red Hat, using tools like yum or up2date.

  • Red Hat Enterprise Linux 4 (x86_64)

    Upgrade java-1.4.2-ibm-src

    Update java-1.4.2-ibm-src to the latest version available from Red Hat, using tools like yum or up2date.

Related Vulnerabilities