This is a general alert for all Java applications. Hence affects the JBoss ecosystem users also.
Oracle has released update 24 of the JDK 1.6 to resolve the Security vulnerability as outlined in http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
So, please upgrade to Oracle JVM 1.6u24 asap.
As always, please refer to the community notification page at JBoss.
http://community.jboss.org/wiki/SecurityVulnerabilitiesNotificationtoCommunity
Showing posts with label jboss_vulnerabilities. Show all posts
Showing posts with label jboss_vulnerabilities. Show all posts
Monday, February 21, 2011
Wednesday, February 9, 2011
JBoss users upgrade to Oracle/Sun JVM JDK 1.6 Update 23 and apply FP Updater Tool
A serious vulnerability in the JVM was identified via CVE and has been handled by Oracle/Sun. Please see the following article for more details:
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
This is an issue that affects all Java applications that may be performing Double-String operations.
In summary, JBoss AS users should try to upgrade to JDK 1.6 Update 23 and use the Floating Point Updater Tool from here.
JDK/JRE6 Update 24 (forthcoming) will fix the issue. Until then please run the updater tool.
Reference Page for JBoss AS Security Vulnerabilities: http://community.jboss.org/wiki/SecurityVulnerabilitiesNotificationtoCommunity
Additional information is available from Oracle Blog Post.
======================================================
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
This is an issue that affects all Java applications that may be performing Double-String operations.
In summary, JBoss AS users should try to upgrade to JDK 1.6 Update 23 and use the Floating Point Updater Tool from here.
JDK/JRE6 Update 24 (forthcoming) will fix the issue. Until then please run the updater tool.
Reference Page for JBoss AS Security Vulnerabilities: http://community.jboss.org/wiki/SecurityVulnerabilitiesNotificationtoCommunity
Additional information is available from Oracle Blog Post.
======================================================
Wednesday, April 28, 2010
Security Issue: JBoss and CVE-2010-0738
This is a community courtesy notification for a severe security issue affecting some of the JBoss projects and products. Please refer to the following Red Hat KBase article for more information:
JBoss Products & CVE-2010-0738
As a Red Hat/JBoss enterprise customer (paying), you are already notified via the official channels: RHN, CSP etc. Patches/updated products are available to you.
If you are an user of the community project: JBoss Application Server, then you may be affected. Please refer to the kbase article for possible solutions.
Reference:
JBoss.org Wiki Page for Community Notification
JBoss Products & CVE-2010-0738
As a Red Hat/JBoss enterprise customer (paying), you are already notified via the official channels: RHN, CSP etc. Patches/updated products are available to you.
If you are an user of the community project: JBoss Application Server, then you may be affected. Please refer to the kbase article for possible solutions.
Reference:
JBoss.org Wiki Page for Community Notification
Subscribe to:
Posts (Atom)