Security Advisory Moderate: java-1.4.2-ibm-sap security update

Advisory: RHSA-2010:0586-1
Type: Security Advisory
Severity: Moderate
Issued on: 2010-08-02
Last updated on: 2010-08-02
Affected Products: Red Hat Enterprise Linux for SAP
CVEs ( CVE-2010-0084


Updated java-1.4.2-ibm-sap packages that fix several security issues are
now available for Red Hat Enterprise Linux 4 and 5 for SAP.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The IBM 1.4.2 SR13-FP5 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section. (CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,
CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0095, CVE-2010-0839,
CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)

Note: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to
correct a naming overlap; however, java-1.4.2-ibm-sap does not
automatically obsolete the previous java-1.4.2-ibm packages for Red Hat
Enterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and
RHBA-2010:0530 advisories, listed in the References, for further

All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4 and 5 for
SAP are advised to upgrade to these updated packages, which contain the IBM
1.4.2 SR13-FP5 Java release. All running instances of IBM Java must be
restarted for this update to take effect.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise Linux for SAP

File outdated by:  RHSA-2012:0343
    MD5: 915aacfd1bf3cda0caf5a47084dcdbc4
SHA-256: 6e7a47a061aac67eeb924879ac25c76e6007e04d01565908c5ad4db1831212ef
File outdated by:  RHSA-2012:1577
    MD5: 5790c868134f9fdbc0eaf842df8ceded
SHA-256: 169781dcde07b25f35458c262d8176e9979c9987d648a3dfc541ceb52c8c42f3
File outdated by:  RHSA-2012:0343
    MD5: ab7c286ee82b9456e266fdf8eb5ceb86
SHA-256: 6badfed0b7ffb594233cff8ac829d789331a6f7ec04e70962f8d08c1bd177b1c
File outdated by:  RHSA-2012:1577
    MD5: 0690da3f9032eed354d179ebcb3f483f
SHA-256: 2b26efa06e145a2000eb80a747347511e0f00aeb395f5a381f3d26c99b7ec84f
File outdated by:  RHSA-2012:0343
    MD5: d466e700df43b00380453411e8da5210
SHA-256: c63df097736d98e008a8208fd2e044ff2084e6c0dca80cacdb568e5290a3a048
File outdated by:  RHSA-2012:1577
    MD5: 00e85fcd44d87c833ba1a087e028e9db
SHA-256: 59c1466a5b1817858da8d0861c7f01c94d34dafbf0ddd266d319cf8812099942
File outdated by:  RHSA-2012:0343
    MD5: 116f9850ca36c6ec92f63e93faa2b633
SHA-256: 737a0c0e711f03630de2de00e6cc2ba3d94b159f2652bd51faff2a6a85bc9391
File outdated by:  RHSA-2012:1577
    MD5: b60a11c2773910f256b2e5679cfecd04
SHA-256: 7e43e02b7b00fc8822666f49eee1976cdf504f87dcf4e6e8cc18b718a62dbc6d
File outdated by:  RHSA-2012:0343
    MD5: b50dfffb368e4b2c8fe364ae816478bd
SHA-256: 9a03d970c993626ba909ea396df5ac99042ee04ea8b9a16b0391b89832cb48b3
File outdated by:  RHSA-2012:1577
    MD5: 22e170d72cd70b7548685fc0ce1546f8
SHA-256: f9097270c391a404d43960e6c28807525271ca00c323a8d2db3fd5f2785191cf
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)
575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)
575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)
575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823)
575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)
578430 - CVE-2010-0846 JDK unspecified vulnerability in ImageIO component
578432 - CVE-2010-0849 JDK unspecified vulnerability in Java2D component
578433 - CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component
578436 - CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities
578440 - CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at