1.63.2. RHSA-2011:0299: Moderate java-1.4.2-ibm-sap security update

Updated java-1.4.2-ibm-sap packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for example, if they parsed Double values in a specially-crafted HTTP request. (CVE-2010-4476)

Note: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to correct a naming overlap; however, java-1.4.2-ibm-sap does not automatically obsolete the previous java-1.4.2-ibm packages for Red Hat Enterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and RHBA-2010:0530 advisories, listed in the References, for further information.

All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for SAP are advised to upgrade to these updated packages, which contain the IBM 1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be restarted for this update to take effect.