IBM Support

IZ68349: INTEGRATE SUN SECURITY BULLETIN:6664512 IN IBM JAVA 5.0

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
    .
    Stack Trace: N/A
    .
    

Local fix

Problem summary

  • The Abstract Window Toolkit (AWT) in Java Runtime Environment
    does not properly restrict the objects that may be sent to
    loggers, which allows attackers to obtain sensitive information
    via vectors related to the implementation of Components
    KeyboardFocusManager and DefaultKeyboardFocusManager
    

Problem conclusion

  • This defect will be fixed in:
    5.0.0 SR11 FP2
    .
    Ported the SSB 6664512 which properly restricts the objects sent
    to loggers so that it is not possible for attackers to obtain
    sensitive information via vectors
    .
    To obtain the fix:
    Install build 20100419 or later
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ68349

  • Reported component name

    JAVA 5 CLASS LI

  • Reported component ID

    620500130

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-01-21

  • Closed date

    2010-04-25

  • Last modified date

    2010-04-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA 5 CLASS LI

  • Fixed component ID

    620500130

Applicable component levels

  • R500 PSN

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCVQ3Y","label":"Java Class Libraries"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
25 April 2010