Rapid7 VulnDB

RHSA-2010:0786: java-1.4.2-ibm security update

Back to Search

RHSA-2010:0786: java-1.4.2-ibm security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
10/19/2010
Created
07/25/2018
Added
10/25/2010
Modified
07/04/2017

Description

The IBM 1.4.2 SR13-FP6 Java release includes the IBM Java 2 RuntimeEnvironment and the IBM Java 2 Software Development Kit.This update fixes several vulnerabilities in the IBM Java 2 RuntimeEnvironment and the IBM Java 2 Software Development Kit. Thesevulnerabilities are summarized on the IBM "Security alerts" page listed inthe References section. (CVE-2010-3541, CVE-2010-3548, CVE-2010-3549,CVE-2010-3551, CVE-2010-3553, CVE-2010-3556, CVE-2010-3557, CVE-2010-3562,CVE-2010-3565, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572)The RHSA-2010:0155 update mitigated a man-in-the-middle attack in the waythe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocolshandle session renegotiation by disabling renegotiation. This updateimplements the TLS Renegotiation Indication Extension as defined in RFC5746, allowing secure renegotiation between updated clients and servers.(CVE-2009-3555)All users of java-1.4.2-ibm are advised to upgrade to these updatedpackages, which contain the IBM 1.4.2 SR13-FP6 Java release. All runninginstances of IBM Java must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-java-1-4-2-ibm
  • redhat-upgrade-java-1-4-2-ibm-demo
  • redhat-upgrade-java-1-4-2-ibm-devel
  • redhat-upgrade-java-1-4-2-ibm-javacomm
  • redhat-upgrade-java-1-4-2-ibm-jdbc
  • redhat-upgrade-java-1-4-2-ibm-plugin
  • redhat-upgrade-java-1-4-2-ibm-src

References

  • redhat-upgrade-java-1-4-2-ibm
  • redhat-upgrade-java-1-4-2-ibm-demo
  • redhat-upgrade-java-1-4-2-ibm-devel
  • redhat-upgrade-java-1-4-2-ibm-javacomm
  • redhat-upgrade-java-1-4-2-ibm-jdbc
  • redhat-upgrade-java-1-4-2-ibm-plugin
  • redhat-upgrade-java-1-4-2-ibm-src

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;