Security Advisory Moderate: java-1.4.2-ibm security update

Advisory: RHSA-2009:1551-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-11-04
Last updated on: 2009-11-04
Affected Products: Red Hat Enterprise Linux for SAP
CVEs ( CVE-2008-5349


Updated java-1.4.2-ibm packages that fix two security issues are now
available for Red Hat Enterprise Linux 4 and 5 for SAP.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The IBM 1.4.2 SR13-FP2 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.

This update fixes two vulnerabilities in the IBM Java 2 Runtime Environment
and the IBM Java 2 Software Development Kit. These vulnerabilities are
summarized on the IBM "Security alerts" page listed in the References
section. (CVE-2008-5349, CVE-2009-2625)

Warning: Do not install these java-1.4.2-ibm packages for SAP alongside the
java-1.4.2-ibm packages from the Red Hat Enterprise Linux Extras or
Supplementary channels on the Red Hat Network. Doing so could cause your
system to fail to update cleanly, among other possible problems.

All users of java-1.4.2-ibm for Red Hat Enterprise Linux 4 and 5 for SAP
are advised to upgrade to these updated packages, which contain the IBM
1.4.2 SR13-FP2 Java release. All running instances of IBM Java must be
restarted for this update to take effect.


Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise Linux for SAP

File outdated by:  RHSA-2010:0408
    MD5: e8a567aa93edea7a3cc5b21884dbc5b8
File outdated by:  RHSA-2010:0408
    MD5: d89a7b085c61eb109a8ff5aa54c0d2ef
File outdated by:  RHSA-2010:0408
    MD5: 99202ba2cad37c1c8214c4bea624c7e4
File outdated by:  RHSA-2010:0408
    MD5: af21c8266c3fa5edf0c862d125b0488b
File outdated by:  RHSA-2010:0408
    MD5: 702a3351c42cbf8be4dbea0beb2c5728
File outdated by:  RHSA-2010:0408
    MD5: d4236ad72be02087322bdc2378b6ea62
File outdated by:  RHSA-2010:0408
    MD5: 8182bbf1122168b6ada50a56c2195525
File outdated by:  RHSA-2010:0408
    MD5: d7e55ee599f46f3c1262be6d3dad4032
File outdated by:  RHSA-2010:0408
    MD5: 2396120be6435e506734b6e630d22525
File outdated by:  RHSA-2010:0408
    MD5: 331e905cb8fefa27d73abb9c366b1f58
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

472206 - CVE-2008-5349 OpenJDK RSA public key length denial-of-service (6497740)
512921 - CVE-2009-2625 OpenJDK: XML parsing Denial-Of-Service (6845701)


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at