RHSA-2010:0807: Critical: java-1.5.0-ibm security update

First published: Wed Oct 27 2010(Updated: )

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and<br>the IBM Java 2 Software Development Kit.<br>This update fixes several vulnerabilities in the IBM Java 2 Runtime<br>Environment and the IBM Java 2 Software Development Kit. Detailed<br>vulnerability descriptions are linked from the IBM "Security alerts" page,<br>listed in the References section. (CVE-2010-1321, CVE-2010-3541,<br>CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556,<br>CVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568,<br>CVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)<br>The RHSA-2010:0130 update mitigated a man-in-the-middle attack in the way<br>the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols<br>handle session renegotiation by disabling renegotiation. This update<br>implements the TLS Renegotiation Indication Extension as defined in RFC<br>5746, allowing secure renegotiation between updated clients and servers.<br>(CVE-2009-3555)<br>All users of java-1.5.0-ibm are advised to upgrade to these updated<br>packages, containing the IBM 1.5.0 SR12-FP2 Java release. All running<br>instances of IBM Java must be restarted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• source/Red Hat
• anchor-id/RHSA-2010:0807
• agent/software-canonical-lookup
• package-manager/redhat