Red Hat RHSA-2011:0292-01 Moderate Java-1.4.2-ibm DoS Fix
red hat
February 22, 2011
Updated java-1.4.2-ibm packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Summary
The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.
A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Java based applications to hang, for example, if they parsed Double values
in a specially-crafted HTTP request. (CVE-2010-4476)
All users of java-1.4.2-ibm are advised to upgrade to these updated
packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running
instances of IBM Java must be restarted for this update to take effect.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2010-4476 https://access.redhat.com/security/updates/classification/#moderate
Package List
Red Hat Enterprise Linux AS version 4 Extras:
i386:
java-1.4.2-ibm-1.4.2.13.8-1jpp.4.el4.i386.rpm
java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.4.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.4.el4.i386.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.4.el4.i386.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.4.el4.i386.rpm
java-1.4.2-ibm-plugin-1.4.2.13.8-1jpp.4.el4.i386.rpm
java-1.4.2-ibm-src-1.4.2.13.8-1jpp.4.el4.i386.rpm
ia64:
java-1.4.2-ibm-1.4.2.13.8-1jpp.4.el4.ia64.rpm
java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.4.el4.ia64.rpm
java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.4.el4.ia64.rpm
java-1.4.2-ibm-src-1.4.2.13.8-1jpp.4.el4.ia64.rpm
ppc:
java-1.4.2-ibm-1.4.2.13.8-1jpp.4.el4.ppc.rpm
java-1.4.2-ibm-1.4.2.13.8-1jpp.4.el4.ppc64.rpm
java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.4.el4.ppc.rpm
java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.4.el4.ppc64.rpm
java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.4.el4.ppc.rpm
java-1.4.2-ibm-devel-1.4.2.13.8-1jpp.4.el4.ppc64.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.4.el4.ppc.rpm
java-1.4.2-ibm-javacomm-1.4.2.13.8-1jpp.4.el4.ppc64.rpm
java-1.4.2-ibm-jdbc-1.4.2.13.8-1jpp.4.el4.ppc.rpm
java-1.4.2-ibm-src-1.4.2.13.8-1jpp.4.el4.ppc.rpm
java-1.4.2-ibm-src-1.4.2.13.8-1jpp.4.el4.ppc64.rpm
s390:
java-1.4.2-ibm-1.4.2.13.8-1jpp.4.el4.s390.rpm
java-1.4.2-ibm-demo-1.4.2.13.8-1jpp.4.el4.s390.rpm
Read the Full Advisory
PREVIOUS
NEXT
Advisory ID: RHSA-2011:0292-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://access.redhat.com/errata/RHSA-2011:0292.html
Issue date: 2011-02-22
Topic
Updated java-1.4.2-ibm packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 4 Extras and Red Hat EnterpriseLinux 5 Supplementary.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.
Topics Covered
Relevant Releases Architectures
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64
Bugs Fixed
674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!