IBM Support

The Virtual I/O Server 2.2 VIOS 2.2.0.10-FP24 UpdateInstallerforJava Interim Fix Readme

Fix Readme


Abstract

xxx

Content

Readme file for: VIOS 2.2.0.10 UpdateInstallerforJava Interim Fix
Product/Component Release: 2.2
Update Name: VIOS 2.2.0.10-FP24 UpdateInstallerforJava Interim Fix
Fix ID: VIOS_2.2.0.10_UpdateInstallerforJava
Publication Date: 22 June 2011
Last modified date: 22 June 2011

Contents

Download location

Installation information

   Installing

List of fixes
Document change history

Download location

Below is a list of components, platforms, and file names that apply to this Readme file.

Fix Download for Others

Product/Component Name: Platform: Fix:
Virtual I/O Server VIOS 2.2.0.10
 VIOS_2.2.0.10_UpdateInstallerforJava

Installation information

Installing

Follow these steps to apply Interim Fix security vulnerability CVE-2010-4476.

  1. Log in to VIOS as padmin .
  2. Run the following command to check the IOSLEVEL
    $ ioslevel
    The command output must be one of the following:
    2.2.0.10-FP-24
    OR
    2.2.0.11-FP-24 SP01
    OR
    2.2.0.12-FP-24 SP02
    Do not apply this fix if the IOSLEVEL is not one of these three levels.
  3. Create a directory to store the fix package, and then change directories to the new directory.
    $ mkdir /home/padmin/java
    $ cd /home/padmin/java
  4. Download the following files from Fix Central to the new directory you created in the previous step:
    VIOS_2.2.0.10_UpdateInstallerforJava.tar.Z
    IZ94423_FIX_1.jar
  5. Commit previous updates by running the following command:
    $ updateios -commit
  6. Next, apply the update by running the following command
    $ oem_setp_env
    # cd /home/padmin/java
    # ls | grep jar
    # compress -d VIOS_2.2.0.10_UpdateInstallerforJava.tar.Z
    # tar -xvf VIOS_2.2.0.10_UpdateInstallerforJava.tar
    # /usr/java6/jre/bin/java -jar /home/padmin/java/JavaUpdateInstaller.jar -discover all -install update /usr/java6
    # /usr/java6/jre/bin/java -jar /home/padmin/java/VIOS_2.2.0.10_JavaUpdateInstaller.jar -install /home/padmin/java/VIOS_2.2.0.10_IZ94423_FIX_1.jar /usr/java6
    # exit
    $

List of fixes

Security vulnerability alert

On February 8, 2011, Oracle published a security vulnerability CVE-2010-4476 concerning a critical class library security vulnerability.

Issue

Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number.

Impact

This vulnerability can be used as a denial of service attack against application servers.

What is affected

This vulnerability affects all versions and releases of IBM Developer Kits and Runtime Environments on all platforms earlier than and including these releases:

  • Java SE 6 SR9
  • Java SE 5.0 SR12-FP3
  • J2SE 1.4.2 SR13-FP8

Interim Fix security vulnerability CVE-2010-4476 for VIOS for IOSLEVEL 2.2.0.10-FP-24, 2.2.0.11-FP-24 SP01, or 2.2.0.12-FP-24 SP02

This fix, Interim Fix security vulnerability CVE-2010-4476 , applies to you if your VIOS is at any of the following levels:

  • Fix Pack 24 (VIOS 2.2.0.10-FP-24)
  • Fix Pack 24 with Service Pack 01 (VIOS 2.2.0.11-FP-24 SP-01)
  • Fix Pack 24 with Service Pack 02 (VIOS 2.2.0.12-FP-24 SP-02)

Document change history


Date Description of change




























































[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\/O Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
19 February 2022

UID

isg400000547

Page Feedback