PM13394: SUN SECURITY BULLETIN 6914823

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: A security vulnerability in the Java Runtime
    Environment with creating image objects may allow an untrusted
    applet or Java Web Start application to escalate privileges.
    .
    Stack Trace: N/A
    .
    N/A
    

Local fix

  • N/A
    

Problem summary

  • A huge scansize value or a pixel region which exceeds bounds of
    image raster causing a memory corruption in the native part of
    image representation and resulting in a crash.
    

Problem conclusion

  • This defect will be fixed in:
    1.4.2 SR13 FP5
    .
    JVM has been updated to avoid the vulnerability and memory
    corruption.
    .
    To obtain the fix:
    Install build 20100521 or later
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM13394

  • Reported component name

    JAVA(1.3/1.4 CO

  • Reported component ID

    5648C9800

  • Reported release

    42A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-04-30

  • Closed date

    2010-06-22

  • Last modified date

    2010-06-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA(1.3/1.4 CO

  • Fixed component ID

    5648C9800

Applicable component levels

  • R42A PSN

       UP

  • R42L PSN

       UP

  • R42W PSN

       UP

  • R420 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

z/OS family

Software version:

1.4.2

Reference #:

PM13394

Modified date:

2010-06-22

Translate my page

Machine Translation

Content navigation