IBM reported a problem with class file parsing in IBM JDK: IBM Runtimes for Java Technology is vulnerable to a denial of service, caused by an error in the class file parser. A remote authenticated attacker could exploit this vulnerability using a specially-crafted class file containing an invalid attribute length field to cause a segmentation fault. [1] The issue is fixed with JDK 1.4.2 SR13-FP9 , 5.0 SR12-FP4 and 6 SR9-FP1 [2] and APAR IZ89602 [3] [1] http://xforce.iss.net/xforce/xfdb/65189 [2] http://www.ibm.com/developerworks/java/jdk/alerts/ [3] http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:0490 https://rhn.redhat.com/errata/RHSA-2011-0490.html
This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2011:0870 https://rhn.redhat.com/errata/RHSA-2011-0870.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html
This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP RHEL 6 for SAP Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html