Fix Readme
Abstract
xxx
Content
Readme file for: VIOS 2.2.0.10 UpdateInstallerforJava Interim Fix
Product/Component Release: 2.2
Update Name: VIOS 2.2.0.10-FP24 UpdateInstallerforJava Interim Fix
Fix ID: VIOS_2.2.0.10_UpdateInstallerforJava
Publication Date: 22 June 2011
Last modified date: 22 June 2011
Contents
Installation information
Download location
Below is a list of components, platforms, and file names that apply to this Readme file.
Product/Component Name: | Platform: | Fix: |
---|---|---|
Virtual I/O Server | VIOS 2.2.0.10 | VIOS_2.2.0.10_UpdateInstallerforJava |
Installation information
Installing
Follow these steps to apply Interim Fix security vulnerability CVE-2010-4476.
- Log in to VIOS as padmin .
- Run the following command to check the IOSLEVEL
$ ioslevel
The command output must be one of the following:
2.2.0.10-FP-24
OR
2.2.0.11-FP-24 SP01
OR
2.2.0.12-FP-24 SP02
Do not apply this fix if the IOSLEVEL is not one of these three levels. - Create a directory to store the fix package, and then change directories to the new directory.
$ mkdir /home/padmin/java
$ cd /home/padmin/java - Download the following files from Fix Central to the new directory you created in the previous step:
VIOS_2.2.0.10_UpdateInstallerforJava.tar.Z
IZ94423_FIX_1.jar - Commit previous updates by running the following command:
$ updateios -commit
- Next, apply the update by running the following command
$ oem_setp_env
# cd /home/padmin/java
# ls | grep jar
# compress -d VIOS_2.2.0.10_UpdateInstallerforJava.tar.Z
# tar -xvf VIOS_2.2.0.10_UpdateInstallerforJava.tar
# /usr/java6/jre/bin/java -jar /home/padmin/java/JavaUpdateInstaller.jar -discover all -install update /usr/java6
# /usr/java6/jre/bin/java -jar /home/padmin/java/VIOS_2.2.0.10_JavaUpdateInstaller.jar -install /home/padmin/java/VIOS_2.2.0.10_IZ94423_FIX_1.jar /usr/java6
# exit
$
List of fixes
Security vulnerability alert
On February 8, 2011, Oracle published a security vulnerability CVE-2010-4476 concerning a critical class library security vulnerability.
Issue
Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number.
Impact
This vulnerability can be used as a denial of service attack against application servers.
What is affected
This vulnerability affects all versions and releases of IBM Developer Kits and Runtime Environments on all platforms earlier than and including these releases:
- Java SE 6 SR9
- Java SE 5.0 SR12-FP3
- J2SE 1.4.2 SR13-FP8
Interim Fix security vulnerability CVE-2010-4476 for VIOS for IOSLEVEL 2.2.0.10-FP-24, 2.2.0.11-FP-24 SP01, or 2.2.0.12-FP-24 SP02
This fix, Interim Fix security vulnerability CVE-2010-4476 , applies to you if your VIOS is at any of the following levels:
- Fix Pack 24 (VIOS 2.2.0.10-FP-24)
- Fix Pack 24 with Service Pack 01 (VIOS 2.2.0.11-FP-24 SP-01)
- Fix Pack 24 with Service Pack 02 (VIOS 2.2.0.12-FP-24 SP-02)
Document change history
Date | Description of change |
Was this topic helpful?
Document Information
Modified date:
19 February 2022
UID
isg400000547