Synopsis

Moderate: java-1.4.2-ibm-sap security update

Type/Severity

Security Advisory: Moderate

Topic

Updated java-1.4.2-ibm-sap packages that fix one security issue are now
available for Red Hat Enterprise Linux 4, 5 and 6 for SAP.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

The IBM 1.4.2 SR13-FP8 Java release includes the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit.

A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
Java based applications to hang, for example, if they parsed Double values
in a specially-crafted HTTP request. (CVE-2010-4476)

Note: The java-1.4.2-ibm packages were renamed to java-1.4.2-ibm-sap to
correct a naming overlap; however, java-1.4.2-ibm-sap does not
automatically obsolete the previous java-1.4.2-ibm packages for Red Hat
Enterprise Linux 4 and 5 for SAP. Refer to the RHBA-2010:0491 and
RHBA-2010:0530 advisories, listed in the References, for further
information.

All users of java-1.4.2-ibm-sap for Red Hat Enterprise Linux 4, 5 and 6 for
SAP are advised to upgrade to these updated packages, which contain the IBM
1.4.2 SR13-FP8 Java release. All running instances of IBM Java must be
restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux for SAP 6 x86_64
• Red Hat Enterprise Linux for SAP 5 x86_64
• Red Hat Enterprise Linux for SAP 4 x86_64
• Red Hat Enterprise Linux for SAP from RHUI 6 x86_64
• Red Hat Enterprise Linux for SAP from RHUI 5 x86_64
• RHEL for SAP - Extended Update Support 6.7 x86_64

Fixes

• BZ - 674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service

CVEs

• CVE-2010-4476

References

• https://access.redhat.com/security/updates/classification/#moderate
• http://www.ibm.com/developerworks/java/jdk/alerts/
• https://rhn.redhat.com/errata/RHBA-2010-0491.html
• https://rhn.redhat.com/errata/RHBA-2010-0530.html

Red Hat Enterprise Linux for SAP 6

SRPM
x86_64
java-1.4.2-ibm-sap-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm	SHA-256: 3f611993eefaf9f62a66c4abffd7cd133fbaa95a1ad61b7c38ecd9ca9545ce77
java-1.4.2-ibm-sap-devel-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm	SHA-256: 808be646809170f2f66103575dd8e61eaaa8e92a3cd4998d26d292cbc87b97c5

Red Hat Enterprise Linux for SAP 5

SRPM
x86_64
java-1.4.2-ibm-sap-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: bd5ad5a97c2bf0d7e6de023fa4bd4891f351560e0658d7b1ae4ecbe4d972cceb
java-1.4.2-ibm-sap-demo-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: 158bc25ecabcda0e44d0c74520676b9baf86a69fbfae1a6628f10c5c65850367
java-1.4.2-ibm-sap-devel-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: 1d6476745a5c844250d30831f5300feb1102c8318dba0a43d6638074a119a77f
java-1.4.2-ibm-sap-javacomm-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: a4ddafbf1f59296901787ab66b7b67d7ff09bbc5f7f7c71ecfc6600102bb46b6
java-1.4.2-ibm-sap-src-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: 82ba4d0226335d45ae5043fd2a416cb996eb915858eb1b461523a6064907261a

Red Hat Enterprise Linux for SAP from RHUI 6

SRPM
x86_64
java-1.4.2-ibm-sap-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm	SHA-256: 3f611993eefaf9f62a66c4abffd7cd133fbaa95a1ad61b7c38ecd9ca9545ce77
java-1.4.2-ibm-sap-devel-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm	SHA-256: 808be646809170f2f66103575dd8e61eaaa8e92a3cd4998d26d292cbc87b97c5

Red Hat Enterprise Linux for SAP from RHUI 5

SRPM
x86_64
java-1.4.2-ibm-sap-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: bd5ad5a97c2bf0d7e6de023fa4bd4891f351560e0658d7b1ae4ecbe4d972cceb
java-1.4.2-ibm-sap-demo-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: 158bc25ecabcda0e44d0c74520676b9baf86a69fbfae1a6628f10c5c65850367
java-1.4.2-ibm-sap-devel-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: 1d6476745a5c844250d30831f5300feb1102c8318dba0a43d6638074a119a77f
java-1.4.2-ibm-sap-javacomm-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: a4ddafbf1f59296901787ab66b7b67d7ff09bbc5f7f7c71ecfc6600102bb46b6
java-1.4.2-ibm-sap-src-1.4.2.13.8.sap-1jpp.2.el5.x86_64.rpm	SHA-256: 82ba4d0226335d45ae5043fd2a416cb996eb915858eb1b461523a6064907261a

RHEL for SAP - Extended Update Support 6.7

SRPM
x86_64
java-1.4.2-ibm-sap-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm	SHA-256: 3f611993eefaf9f62a66c4abffd7cd133fbaa95a1ad61b7c38ecd9ca9545ce77
java-1.4.2-ibm-sap-devel-1.4.2.13.8.sap-1jpp.1.el6.x86_64.rpm	SHA-256: 808be646809170f2f66103575dd8e61eaaa8e92a3cd4998d26d292cbc87b97c5