IBM 1.5.0 Java: Critical security update

Users of IBM 1.5.0 Java please be advised of a Critical security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

RHSA-2010:0807-01: [RHSA-2010:0807-01] Critical: java-1.5.0-ibm security update
Product: Red Hat Enterprise Linux Extras
Description:

The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and

the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime

Environment and the IBM Java 2 Software Development Kit. Detailed

vulnerability descriptions are linked from the IBM “Security alerts” page,

listed in the References section. (CVE-2010-1321, CVE-2010-3541,

CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556,

CVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568,

CVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)

The RHSA-2010:0130 update mitigated a man-in-the-middle attack in the way

the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols

handle session renegotiation by disabling renegotiation. This update

implements the TLS Renegotiation Indication Extension as defined in RFC

5746, allowing secure renegotiation between updated clients and servers.

(CVE-2009-3555)Read more at http://www.criticalwatch.com
 

Advertisements