The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment andthe IBM Java 2 Software Development Kit.A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. A man-in-the-middleattacker could use this flaw to prefix arbitrary plain text to a client'ssession (for example, an HTTPS connection to a website). This could forcethe server to process an attacker's request as if authenticated using thevictim's credentials. (CVE-2009-3555)This update disables renegotiation in the Java Secure Socket Extension(JSSE) component. Unsafe renegotiation can be re-enabled using thecom.ibm.jsse2.renegotiate property. Refer to the following Knowledgebasearticle for details: http://kbase.redhat.com/faq/docs/DOC-20491All users of java-1.5.0-ibm are advised to upgrade to these updatedpackages, containing the IBM 1.5.0 SR11-FP1 Java release. All runninginstances of IBM Java must be restarted for this update to take effect.