|
Sun JSSE/Java Plug-In/Java Web Start Incorrect Certificate Validation Vulnerability
Solution: HP has released an advisory (HPSBUX0301-239) which addresses this issue. The advisory details manual upgrade steps for various Java releases on HP-UX platforms, in addition to other fix information. Please see the attached advisory for specific details on how to obtain and apply vendor fixes. To address this vulnerability in SDK and JRE, users are advised to upgrade to the most recent versions. The following is a list of fixed versions: JSSE in SDK and JRE 1.4.0_02 or later 1.4.0 releases JSSE 1.0.3_01 Java Plug-in in SDK and JRE 1.4.1_01 or later 1.4.1 releases Java Plug-in in SDK and JRE 1.4.0_03 or later 1.4.0 releases Java Plug-in in SDK and JRE 1.3.1_06 or later 1.3.1 releases Java Web Start in SDK and JRE 1.4.1_01 or later 1.4.1 releases This problem also affects Jetty, which uses the reference implementation of the SSL libraries included with the JSSE. A fixed version is available. SGI has released an advisory (20030303-01-I) which contains fixes. Please see the attached advisory for details on applying fixes. Fixes are available: Sun JSSE 1.0.3
HP HP-UX (VVOS) 11.0 4
Jetty Jetty 4.2.4
Jetty Jetty 4.2.5
Jetty Jetty 4.2.6
SGI IRIX 6.5
SGI IRIX 6.5.1
SGI IRIX 6.5.10
SGI IRIX 6.5.11
SGI IRIX 6.5.12
SGI IRIX 6.5.13
SGI IRIX 6.5.14
SGI IRIX 6.5.15
SGI IRIX 6.5.16
SGI IRIX 6.5.17
SGI IRIX 6.5.18
SGI IRIX 6.5.19
SGI IRIX 6.5.2
SGI IRIX 6.5.3
SGI IRIX 6.5.4
SGI IRIX 6.5.5
SGI IRIX 6.5.6
SGI IRIX 6.5.7
SGI IRIX 6.5.8
SGI IRIX 6.5.9
|
|
|
Privacy Statement |
