Users of IBM 1.5.0 Java please be advised of a Critical security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RHSA-2010:0807-01: [RHSA-2010:0807-01] Critical: java-1.5.0-ibm security update
Product: Red Hat Enterprise Linux Extras
Description:
The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.
This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM "Security alerts" page,
listed in the References section. (CVE-2010-1321, CVE-2010-3541,
CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3556,
CVE-2010-3559, CVE-2010-3562, CVE-2010-3565, CVE-2010-3566, CVE-2010-3568,
CVE-2010-3569, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)
The RHSA-2010:0130 update mitigated a man-in-the-middle attack in the way
the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation by disabling renegotiation. This update
implements the TLS Renegotiation Indication Extension as defined in RFC
5746, allowing secure renegotiation between updated clients and servers.
(CVE-2009-3555)Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/e7y0
No comments:
Post a Comment