First published: Wed Mar 31 2010(Updated: )
The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and<br>the Sun Java 6 Software Development Kit.<br>This update fixes several vulnerabilities in the Sun Java 6 Runtime<br>Environment and the Sun Java 6 Software Development Kit. Further<br>information about these flaws can be found on the "Oracle Java SE and Java<br>for Business Critical Patch Update Advisory" page, listed in the<br>References section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,<br>CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,<br>CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,<br>CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,<br>CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,<br>CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)<br>For the CVE-2009-3555 issue, this update disables renegotiation in the Java<br>Secure Socket Extension (JSSE) component. Unsafe renegotiation can be<br>re-enabled using the sun.security.ssl.allowUnsafeRenegotiation property.<br>Refer to the following Knowledgebase article for details:<br><a href="http://kbase.redhat.com/faq/docs/DOC-20491" target="_blank">http://kbase.redhat.com/faq/docs/DOC-20491</a> Users of java-1.6.0-sun should upgrade to these updated packages, which<br>correct these issues. All running instances of Sun Java must be restarted<br>for the update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.