Bug 226996
Summary: | CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6731 CVE-2006-4339) | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Mark J. Cox <mjc> |
Component: | IBMJava2-JRE | Assignee: | Thomas Fitzsimmons <fitzsim> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | CC: | david_edwards |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | public=20060104,impact=critical | ||
Fixed In Version: | 1.3.1-12 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-02-07 18:56:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 143573 |
Description
Mark J. Cox
2007-02-02 15:40:37 UTC
I've requested new packages from IBM that will fix this issue. IBM sent me the latest IBM 1.3.1 JDK they have, but it is the same as what's currently shipping: $ java -version java version "1.3.1" Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1) Classic VM (build 1.3.1, J2RE 1.3.1 IBM build cxia32131ifx-20061109 (131SR10 + 110450 + 110188 + 111317) (JIT enabled: jitc)) I'm going to assume that 131SR10 + 110450 + 110188 + 111317 corresponds to "SR10a or later" as listed on this page: http://www-128.ibm.com/developerworks/java/jdk/alerts/ So the IBM 1.3.1 JRE and SDK update packages we shipped in January: IBMJava2-JRE-1.3.1-12 IBMJava2-SDK-1.3.1-11 already contain the fix for this problem. I'm going to CC David Edwards and close this as CURRENTRELEASE. David, please reopen the bug if these packages are not "SR10a or later". |