Google Site Search

Google
 

Wednesday, February 9, 2011

JBoss users upgrade to Oracle/Sun JVM JDK 1.6 Update 23 and apply FP Updater Tool

A serious vulnerability in the JVM was identified via CVE and has been handled by Oracle/Sun. Please see the following article for more details:


http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html


This is an issue that affects all Java applications that may be performing Double-String operations.

In summary, JBoss AS users should try to upgrade to JDK 1.6 Update 23 and use the Floating Point Updater Tool from here.

JDK/JRE6 Update 24 (forthcoming) will fix the issue. Until then please run the updater tool.

Reference Page for JBoss AS Security Vulnerabilities: http://community.jboss.org/wiki/SecurityVulnerabilitiesNotificationtoCommunity

Additional information is available from Oracle Blog Post.


======================================================

1 comment:

Unknown said...

should update to jdk1.6 update 24, the 23 is affected.