Security Advisory Moderate: java-1.4.2-ibm-sap security update

Advisory: RHSA-2011:1265-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-09-06
Last updated on: 2011-09-06
Affected Products: Red Hat Enterprise Linux for SAP
CVEs ( CVE-2011-0311


Updated java-1.4.2-ibm-sap packages that fix several security issues are
now available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 1.4.2 Runtime
Environment and the IBM Java 1.4.2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime
Environment and the IBM Java 1.4.2 Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM "Security alerts" page,
listed in the References section. (CVE-2011-0311, CVE-2011-0802,
CVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871)

Note: The RHSA-2011:0870 java-1.4.2-ibm-sap update did not, unlike the
erratum text stated, provide a complete fix for the CVE-2011-0311 issue.

All users of java-1.4.2-ibm-sap are advised to upgrade to these updated
packages, which contain the IBM 1.4.2 SR13-FP10 Java release. All running
instances of IBM Java must be restarted for this update to take effect.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise Linux for SAP

File outdated by:  RHSA-2012:0343
    MD5: 8cc35a6b0d45e6a9de9f559a7309fb30
SHA-256: 91fcee1df2ce3f4f73cd80320879ce19dd7f1da6cc3ac3bd940324ffa7ee3656
File outdated by:  RHSA-2012:1577
    MD5: a41d8d9dc5b2c25aa1325b6530d8f43c
SHA-256: 757ded5face8934710e359f175b2d8724355e0dc6883e3215b7962e9d5d64acd
File outdated by:  RHSA-2012:1577
    MD5: 263be19d79695202f135c5f43766707b
SHA-256: 86e4c0a708565f42e3e06abe6ec671b6c2513f6f0ca88ea35ebc71d58fe8f53a
File outdated by:  RHSA-2012:0343
    MD5: a6b541a0652bdfeb19f28d12c27676e5
SHA-256: 5eb68dde6a6a1486dd5eca976ac6788868e15ccd5234e26dd733ce9c05e7fe08
File outdated by:  RHSA-2012:1577
    MD5: a0ff1b24edf8e3b6f937130a9c40f55e
SHA-256: ba7089ad2d6c43682095bd6e8a30eb035fbec55236871ee32a262ee5771841a3
File outdated by:  RHSA-2012:0343
    MD5: eb2a9dda0618bcb31458d17e1e07b403
SHA-256: 9089d36a67516bea49b4550feba0386f408932d94e83b43b7eea9ed09ab040a0
File outdated by:  RHSA-2012:1577
    MD5: 1a20fd11bcb7e2931e559d76d7ad2cbd
SHA-256: 43d0151b3e660e7b93336c0a03fde52cfccbe2de42ff460a1c2509c6460074da
File outdated by:  RHSA-2012:1577
    MD5: 9a31a13e839d0bbf2cc298f27a67cab6
SHA-256: ce3b2558c9df4c63bac8512fb7fb527dd367d21d21413c292d161ecd91b0edc3
File outdated by:  RHSA-2012:0343
    MD5: 889d2e6ccd3e0e0d933fdeea6e3576ee
SHA-256: 8a9f42e7dc89b3f190b21e4458ce7ef698152ee1113123cdfc8e401f9042ce2b
File outdated by:  RHSA-2012:1577
    MD5: 82fea3c3f2d92bdb4398b32d8a50ff03
SHA-256: ed92db635150a3f47e41d975d92ebfaebbb4256a01544f596ba3f8db18054713
File outdated by:  RHSA-2012:0343
    MD5: b753405a0f79d5e5b143732d569b7ec1
SHA-256: 111b100aa5a0e117e1697f28d48e31b87417ea710bf52629cea37bdfe47dc60e
File outdated by:  RHSA-2012:1577
    MD5: fba85c82a975ee5293fdf912ec029e07
SHA-256: b4c15368ca5db4a811eaf25e7f440abc5da65f6a152aa8924828ba991ff0cd1e
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

702349 - CVE-2011-0311 IBM JDK Class file parsing denial-of-service
706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
711677 - CVE-2011-0802 CVE-2011-0814 Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 (Sound)


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at