remote code execution

Please Install the Updated Packages.

Various security problems and bugs have been fixed in the IBMJava JRE and SDK. The IBM Java packages were updated to: - IBM Java 1.4.2 to Service Refresh 7. - IBM JAVA 1.3.10 to Service Refresh 10. It contains several security fixes also fixed in SUN Java including: - CVE-2006-4339: fix for the RSA exponent padding attack. - CVE-2006-6737: 2 unspecified vulnerabilities that allow untrusted applets to access data in other applets. - CVE-2006-6745: Multiple unspecified vulnerabilities that allow applets to gain privileges related to serialization bugs in the JRE. - CVE-2006-6731: Multiple buffer overflows in java image handling routines that allow attackers to potentially read/write/execute local files. A full overview is at: http://www-128.ibm.com/developerworks/java/jdk/alerts/ The update also contains important timezone updates: - US daylight saving time update starting 2007. - Western Australia daylight savings time introduction in December 2006. - A general update to current timezone data-set.

IBMJava2 on SuSE Linux Enterprise Server 8, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLES 10

• http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html

---

Updated on 2015-03-25