RHSA-2010:0130: Moderate: java-1.5.0-ibm security update

First published: Wed Mar 03 2010(Updated: )

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and<br>the IBM Java 2 Software Development Kit.<br>A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure<br>Sockets Layer) protocols handle session renegotiation. A man-in-the-middle<br>attacker could use this flaw to prefix arbitrary plain text to a client's<br>session (for example, an HTTPS connection to a website). This could force<br>the server to process an attacker's request as if authenticated using the<br>victim's credentials. (CVE-2009-3555)<br>This update disables renegotiation in the Java Secure Socket Extension<br>(JSSE) component. Unsafe renegotiation can be re-enabled using the<br>com.ibm.jsse2.renegotiate property. Refer to the following Knowledgebase<br>article for details: <a href="http://kbase.redhat.com/faq/docs/DOC-20491" target="_blank">http://kbase.redhat.com/faq/docs/DOC-20491</a> All users of java-1.5.0-ibm are advised to upgrade to these updated<br>packages, containing the IBM 1.5.0 SR11-FP1 Java release. All running<br>instances of IBM Java must be restarted for this update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0130
• agent/software-canonical-lookup
• package-manager/redhat