- Vulnerability/
- RHSA-2010:0807
RHSA-2010:0807: Critical: java-1.5.0-ibm security update
First published: Wed Oct 27 2010(Updated: )
The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and<br>the IBM Java 2 Software Development Kit.<br>This update fixes several vulnerabilities in the IBM Java 2 Runtime<br>Environment and the IBM Java 2 Software Development Kit. Detailed<br>vulnerability descriptions are linked from the IBM "Security alerts" page,<br>listed in the References section. (CVE-2010-1321, CVE-2010-3541,<br>CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556,<br>CVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568,<br>CVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)<br>The RHSA-2010:0130 update mitigated a man-in-the-middle attack in the way<br>the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols<br>handle session renegotiation by disabling renegotiation. This update<br>implements the TLS Renegotiation Indication Extension as defined in RFC<br>5746, allowing secure renegotiation between updated clients and servers.<br>(CVE-2009-3555)<br>All users of java-1.5.0-ibm are advised to upgrade to these updated<br>packages, containing the IBM 1.5.0 SR12-FP2 Java release. All running<br>instances of IBM Java must be restarted for this update to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.5.0-ibm-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-demo-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-devel-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-javacomm-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-jdbc-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-jdbc-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-plugin-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-plugin-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-src-1.5.0.12.2-1jpp.1.el5 |
| redhat/java | <1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5 | 1.5.0-ibm-accessibility-1.5.0.12.2-1jpp.1.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=533125
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=582466
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=639876
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=639897
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=639909
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=639920
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=639922
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=639925
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642180
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642187
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642202
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642215
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642559
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642576
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642606
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=642611
- http://www.redhat.com/security/updates/classification/#critical
- http://www.ibm.com/developerworks/java/jdk/alerts/
- https://access.redhat.com/kb/docs/DOC-20491
- https://access.redhat.com/errata/RHSA-2010:0807 (Advisory)
Frequently Asked Questions
What are the main vulnerabilities addressed by RHSA-2010:0807?
RHSA-2010:0807 addresses several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
How can I resolve the issues identified in RHSA-2010:0807?
To resolve the issues in RHSA-2010:0807, you should update to the latest version available for your affected IBM Java packages.
What versions of IBM Java are affected by RHSA-2010:0807?
RHSA-2010:0807 affects IBM Java version 1.5.0-ibm up to 1.5.0-ibm-1.5.0.12.2-1jpp.1.el5.
Is RHSA-2010:0807 applicable for both x86 and x86_64 architectures?
Yes, RHSA-2010:0807 is applicable for both x86 and x86_64 architectures as specified in the affected software list.
Does RHSA-2010:0807 involve security risks for my applications?
Yes, vulnerabilities addressed in RHSA-2010:0807 could expose applications to security risks, necessitating immediate updates.
- agent/severity
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0807
- agent/software-canonical-lookup
- agent/remedy
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat