A serious vulnerability in the JVM was identified via CVE and has been handled by Oracle/Sun. Please see the following article for more details:
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
This is an issue that affects all Java applications that may be performing Double-String operations.
In summary, JBoss AS users should try to upgrade to JDK 1.6 Update 23 and use the Floating Point Updater Tool from here.
JDK/JRE6 Update 24 (forthcoming) will fix the issue. Until then please run the updater tool.
Reference Page for JBoss AS Security Vulnerabilities: http://community.jboss.org/wiki/SecurityVulnerabilitiesNotificationtoCommunity
Additional information is available from Oracle Blog Post.
======================================================
1 comment:
should update to jdk1.6 update 24, the 23 is affected.
Post a Comment