IBM Support

IZ63920: APAR TO FIX A SECURITY VULNERABILITY IN XML CODE.

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • A vulnerability in the Java Runtime Environment (JRE) with
    parsing XML data might allow a remote client to create a
    denial-of-service condition on the system that the JRE runs on.
    
    This is the issue described by CVE-2009-2625 / Sun Alert 263489.
    

Local fix

Problem summary

  • This version includes the fix for
    Updated version of XML4J 4.4.17
    

Problem conclusion

  • This defect will be fixed in:
    5.0.0 SR10
    .
     This version includes the fix for
    Updated version of XML4J 4.4.17
    .
    To obtain the fix:
    Install build 20090626 or later
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ63920

  • Reported component name

    JAVA 5 XML/XSL

  • Reported component ID

    620500126

  • Reported release

    500

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-10-29

  • Closed date

    2009-10-29

  • Last modified date

    2009-11-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA 5 XML/XSL

  • Fixed component ID

    620500126

Applicable component levels

  • R500 PSN

       UP



Document information

More support for: Runtimes for Java Technology
XML

Software version: 5.0

Reference #: IZ63920

Modified date: 18 November 2009