RHSA-2011:0299: java-1.4.2-ibm-sap security update
Description
The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 RuntimeEnvironment and the IBM Java 2 Software Development Kit.A denial of service flaw was found in the way certain strings wereconverted to Double objects. A remote attacker could use this flaw to causeJava based applications to hang, for example, if they parsed Double valuesin a specially-crafted HTTP request. (CVE-2010-4476)Note: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap tocorrect a naming overlap; however, java-1.4.2-ibm-sap does notautomatically obsolete the previous java-1.4.2-ibm packages for Red HatEnterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 andRHBA-2010:0530 advisories, listed in the References, for furtherinformation.All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 forSAP are advised to upgrade to these updated packages, which contain the IBM1.4.2 SR13-FP8 Java release. All running instances of IBM Java must berestarted for this update to take effect.
Solution(s)
- redhat-upgrade-java-1-4-2-ibm-sap
- redhat-upgrade-java-1-4-2-ibm-sap-demo
- redhat-upgrade-java-1-4-2-ibm-sap-devel
- redhat-upgrade-java-1-4-2-ibm-sap-javacomm
- redhat-upgrade-java-1-4-2-ibm-sap-src
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center