RHSA-2010:0786: Critical: java-1.4.2-ibm security update

First published: Wed Oct 20 2010(Updated: )

The IBM 1.4.2 SR13-FP6 Java release includes the IBM Java 2 Runtime<br>Environment and the IBM Java 2 Software Development Kit.<br>This update fixes several vulnerabilities in the IBM Java 2 Runtime<br>Environment and the IBM Java 2 Software Development Kit. These<br>vulnerabilities are summarized on the IBM "Security alerts" page listed in<br>the References section. (CVE-2010-3541, CVE-2010-3548, CVE-2010-3549,<br>CVE-2010-3551, CVE-2010-3553, CVE-2010-3556, CVE-2010-3557, CVE-2010-3562,<br>CVE-2010-3565, CVE-2010-3568, CVE-2010-3569, CVE-2010-3571, CVE-2010-3572)<br>The RHSA-2010:0155 update mitigated a man-in-the-middle attack in the way<br>the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols<br>handle session renegotiation by disabling renegotiation. This update<br>implements the TLS Renegotiation Indication Extension as defined in RFC<br>5746, allowing secure renegotiation between updated clients and servers.<br>(CVE-2009-3555)<br>All users of java-1.4.2-ibm are advised to upgrade to these updated<br>packages, which contain the IBM 1.4.2 SR13-FP6 Java release. All running<br>instances of IBM Java must be restarted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0786
• agent/software-canonical-lookup
• package-manager/redhat