Security Advisory Moderate: java-1.4.2-ibm-sap security update

Advisory: RHSA-2012:1080-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-07-16
Last updated on: 2012-07-16
Affected Products: Red Hat Enterprise Linux for SAP
CVEs ( CVE-2011-3563


Updated java-1.4.2-ibm-sap packages that fix several security issues are
now available for Red Hat Enterprise Linux 5 and 6 for SAP.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime
Environment and the IBM Java 1.4.2 Software Development Kit.

This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime
Environment and the IBM Java 1.4.2 Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM "Security alerts" page,
listed in the References section. (CVE-2011-3563, CVE-2012-0499,
CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506)

All users of java-1.4.2-ibm-sap are advised to upgrade to these updated
packages, which contain the IBM 1.4.2 SR13-FP12 Java release. All running
instances of IBM Java must be restarted for this update to take effect.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

Updated packages

Red Hat Enterprise Linux for SAP

File outdated by:  RHSA-2012:1577
    MD5: 162d3598323c3e8acf2b137a541d19bb
SHA-256: 1096c8b81e95d9c287050ca310fba5ccf9e6c206e0bccdd0453c57d911d699b8
File outdated by:  RHSA-2012:1577
    MD5: b65865d59a6d2e23465d175629208ff5
SHA-256: bc7f135a35ef2f6ed94d75fa9116db32f589ee55fd22b55214e555487a307bb3
File outdated by:  RHSA-2012:1577
    MD5: 9020a47dba218a68e1cc65a42f3862db
SHA-256: 8a6fa4d87d919e673ad62297f5983c4c9af1cb8ba30636d310f81071409145e9
File outdated by:  RHSA-2012:1577
    MD5: 7c193f60c7cabcd2471a4eb265206c8d
SHA-256: 6fdc6ad573850fa73be5b43f1385eec22fccaa84fe16a5dd71bd8dc9f6246bb2
File outdated by:  RHSA-2012:1577
    MD5: 02e04c2c88e04631c37080cf70243076
SHA-256: 81fe39b74a93f5ea64a0cb2d50dd508b1f99445ef3b9f7ea77c573ae5d2f2e60
File outdated by:  RHSA-2012:1577
    MD5: 958e4958472bc3abbd374746ca3a0228
SHA-256: 0fbb14e9633c2c328199614c4f253e89b5a4c2ab759447fd64a94a7e8d6b5394
File outdated by:  RHSA-2012:1577
    MD5: f89bb8db95a9457cc7e9626b0f210713
SHA-256: 192faa06d9d53f5c99894b72091e3e7271041e1b24e3e485306d531f7e420852
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at