Red Hat CERTIFICATE SYSTEM 7.3 - RELEASE NOTES Release Note page 8

Release Notes
Bug
Errata RHSA-2007-0829
Bug #239660
Bug #250725
Bug #250729
Bug #242595
Bug #250733
Bug #246765
Bug #248864
Bug #249533
Errata RHSA-2010-0130
Bug #533125
Table 2. CVEs Fixed in JRE/JDK Errata Updates
3.3.1.2. Installing the Required JRE and JDK on Red Hat Enterprise Linux 4
1. Download the java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4 and java-1.5.0-ibm-
devel-1.5.0.11.1-1jpp.3.el4 packages from the latest errata update,
3
RHSA-2010-0130
2. Install the packages. For example, for the 32-bit packages:
rpm --Uvh java-1.5.0-ibm-1.5.0.11.1-1jpp.3.el4.i386.rpm java-1.5.0-ibm-
devel-1.5.0.11.1-1jpp.3.el4.i386.rpm
3. Make sure that the IBM Java 1.5.0 is selected as the default JRE and the the IBM 5.0 JDK is
available:
/usr/sbin/alternatives ---config java
There are 2 programs which provide -'java'.
Selection Command
-----------------------------------------------
*+ 1 -/usr/lib/jvm/jre-1.5.0-ibm/bin/java
2 -/usr/lib/jvm/jre-1.4.2-sun/bin/java
Enter to keep the current selection[+], or type selection number: 1
/usr/sbin/alternatives ---config javac
8
1
2
.
Description
CVE-2007-2435 javaws vulnerabilities
CVE-2007-2788 Integer overflow in the
embedded ICC profile image parser in Sun Java
Development Kit
CVE-2007-2789 BMP image parser vulnerability
CVE-2007-3004 Integer overflow in IBM JDK's
ICC profile parser
CVE-2007-3005 Unspecified vulnerability in Sun
JRE
CVE-2007-3503 HTML files generated with
Javadoc are vulnerable to a XSS
CVE-2007-3655 A buffer overflow vulnerability in
Java Web Start URL parsing code
CVE-2007-3922 Vulnerability in the Java
Runtime Environment May Allow an Untrusted
Applet to Circumvent Network Access
Restrictions
CVE-2009-3555 TLS: MITM attacks via session
renegotiation
Errata