Security Advisory Moderate: java-1.4.2-ibm-sap security update

Advisory: RHSA-2011:0870-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-06-15
Last updated on: 2011-06-15
Affected Products: Red Hat Enterprise Linux for SAP
CVEs ( CVE-2010-4447


Updated java-1.4.2-ibm-sap packages that fix several security issues are
now available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The IBM 1.4.2 SR13-FP9 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM "Security alerts" page,
listed in the References section. (CVE-2010-4447, CVE-2010-4448,
CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4473,
CVE-2010-4475, CVE-2011-0311)

All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for
SAP are advised to upgrade to these updated packages, which contain the IBM
1.4.2 SR13-FP9 Java release. All running instances of IBM Java must be
restarted for this update to take effect.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise Linux for SAP

File outdated by:  RHSA-2012:0343
    MD5: b50614f262998ac958ca2b8862c6bfd0
SHA-256: 31c0b763ebce646cfead3f901944f5b871dded960f9a0f968bb3f5e864052ed6
File outdated by:  RHSA-2012:1577
    MD5: ff20e8c716739ecd75c0fa31d5a6f816
SHA-256: 85da112787c0a9df23f007dc95f62283f723930b2a7acb7de5f07f530d4184df
File outdated by:  RHSA-2012:1577
    MD5: 433ce611dfc9d7351c8404cb4d11531b
SHA-256: 56e46b69e8a0ebe2c4ad953da4db6f8d7a5d0a50bd03ec13e60810bf2a0b9034
File outdated by:  RHSA-2012:0343
    MD5: 1ffdb8921b56438be10575b3790c5916
SHA-256: 53ec1c6882158b07a722e39d4683d9ff3437fdb00d916c8945e1c12839a477d3
File outdated by:  RHSA-2012:1577
    MD5: 5c6dd23745dd211d9d51c823e98c7e36
SHA-256: b2da49b6aae26c7eb836c6c0f3189d824c18666f942b94734f6e3c26aae99b68
File outdated by:  RHSA-2012:0343
    MD5: 54aabd08d903a807c60734b2db06451c
SHA-256: a8d7d1f2361b60efcd0eafdf7c4c4fb5e99b66dd4f7e2bf1724500a4b34e79be
File outdated by:  RHSA-2012:1577
    MD5: 84df40d7d734fd05f6133b0081107fd9
SHA-256: f426039df7e3956b9cfc50434d04033c2342f920ad4e37d8945869e42563cbb4
File outdated by:  RHSA-2012:1577
    MD5: f42cd769d52a789bba5e2ba87b3d0220
SHA-256: ceec9d0ec2f72b72d9bbf2aa327ddbbba896068a9fe48e1d003cc6f0f6f88772
File outdated by:  RHSA-2012:0343
    MD5: 3bffe42057860c6f9aafd7254dbbd1d3
SHA-256: 6bbcf7ab2c63a68a9e2b12672193404e012646b2cf999e880fc3e00a410f5191
File outdated by:  RHSA-2012:1577
    MD5: f62a540be4162eaa9180ca73a623945e
SHA-256: d382533d9edafe0bd41c6da723b986c77521f2065a2efaf3f758d954b2c0da5f
File outdated by:  RHSA-2012:0343
    MD5: 76b46c2f41fd9e2a55224b1ebcb55eb4
SHA-256: 42640b5af6f603a02ac41a8d9fdc7d1630b53e04345c2c8c800906d1abdd05ce
File outdated by:  RHSA-2012:1577
    MD5: 05d358919e0bceab24240a62bb69a7be
SHA-256: 5d0d7625f6a985e89464cbbb00c25746b4dd8e4c48fddcb0e342111d09065340
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)
676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922)
677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component
677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component
677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component
677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component
677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component
677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component
702349 - CVE-2011-0311 IBM JDK Class file parsing denial-of-service


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at