Sybase Business Intelligence Solutions - Database Management, Data Warehousing Software, Mobile Enterprise Applications and Messaging
Sybase Brand Color Bar
delete

Search for    in all of Sybase.com
view all search results right arrow
  blank
 
 
 
 
 
 
 
 
 
 

 
 
CLICK TO EXPAND NAVIGATION
CLICK TO EXPAND NAVIGATION
 
 
 
 
Support > Technical Documents > Document Types > Technote > Sybase products affected by the JRE security vulne...  
RSS Feed
 
 
 

Possible Security Vulnerability Using the Java Runtime Environment (JRE)

Summary: This document addresses the security advisories published by Oracle, HP and IBM in the first quarter of 2011 relating to a JRE hang when converting "2.2250738585072012e-308" to a binary floating point number. This vulnerability can result in the unauthorized ability to cause a hang or repeatable crash (denial of service) of the Java Runtime Environment. Java based application and web servers are at risk from this vulnerability. Patch updates to address this vulnerability are available from the JRE vendors.


Actions From Sybase

Sybase products that can be affected by the JRE vulnerabilities, along with the action taken, are listed below:

Product Version Action Taken
Adaptive Server Enterprise 15.7 Version includes the JRE patches
Adaptive Server Enterprise - Cluster Edition 15.5 ESD #4 ESD includes the JRE patches
Adaptive Server Enterprise 15.0.3 ESD #4 ESD is certified to work with the vendor updates for the JRE issue
Adaptive Server Enterprise - Cluster Edition 15.0.3 Version is certified to work with the vendor updates for the JRE issue
Aleri Streaming Platform 3.2 ESD #1 ESD includes the JRE patches
Sybase CEP R4 ESD #3 ESD is certified to work with the vendor updates for the JRE issue
EAServer (Windows, Linux, HP-UX, IBM-AIX) 6.3.1 ESD #3 ESD is certified to work with the vendor updates for the JRE issue
EAServer (Solaris) 6.3.1 EBF 19623 EBF is certified to work with the vendor updates for the JRE issue
InfoMaker 12.5 Version is certified to work with the vendor updates for the JRE issue
InfoMaker 12.1 EBF 19259 EBF is certified to work with the vendor updates for the JRE issue
InfoMaker 11.5.1 EBF 19091 EBF is certified to work with the vendor updates for the JRE issue
IQ 15.2 Vulnerability is isolated to the IQ Client only. Workaround is to restart the client. Sybase will release IQ 15.4 ESD #1 with the updated JRE 1.6 patches in the first half of 2012. Customers are advised to upgrade to 15.4 ESD #1.
IQ 12.7 Vulnerability is isolated to the IQ Client only. Workaround is to restart the client. Customers are advised to upgrade to 15.x.
PowerBuilder 12.5 Version is certified to work with the vendor updates for the JRE issue
PowerBuilder 12.1 EBF 19259 EBF is certified to work with the vendor updates for the JRE issue
PowerBuilder 11.5.1 EBF 19091 EBF is certified to work with the vendor updates for the JRE issue
PowerDesigner 15.3 Version is certified to work with the vendor updates for the JRE issue
RepConnector 15.0.2 ESD #3 ESD is certified to work with the vendor updates for the JRE issue
RepServer Options 15.6 Version includes the JRE patches
RepServer Options 15.2 ESD #3 ESD is certified to work with the vendor updates for the JRE issue
Mirror Activator 15.2 ESD #2 ESD is certified to work with the vendor updates for the JRE issue
RepServer Messaging Edition 15.2 Version is certified to work with the vendor updates for the JRE issue
RepServer Heterogeneous Edition 15.6 Version includes the JRE patches
RepServer Heterogeneous Edition 15.2 Version is certified to work with the vendor updates for the JRE issue
Sybase Control Center 3.2.1 Version includes the JRE patches
SQL Anywhere 12.01 EBF 3356 EBF is certified to work with the vendor updates for the JRE issue
SQL Anywhere 11.0.1 EBF 2596 EBF is certified to work with the vendor updates for the JRE issue
Sybase Unwired Platform 2.0 Version includes the JRE patches
Sybase Unwired Platform 1.5.5 ESD #1 ESD is certified to work with the vendor updates for the JRE issue

Downloads

EBFs/ESDs are obtained from the Sybase EBFs and Maintenance site.

http://downloads.sybase.com/

Follow the instructions in the EBF/ESD cover letter to install the EBF.


If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website.

http://www.sybase.com/contactus/support


Copyright © 2011 Sybase, Inc. All rights reserved.


 

DOCUMENT ATTRIBUTES
Last Revised: Oct 19, 2011
Product: EAServer, PowerAMC, InfoMaker, Sybase IQ, Sybase CEP, PowerBuilder, SQL Anywhere, PowerDesigner, Mirror Activator, Replication Agent, Replication Server, Sybase Control Center, Sybase Unwired Platform, Aleri Streaming Platform, Adaptive Server Enterprise
Business or Technical: Technical
  
Content Id: 1095248
Infotype: Technote
 
 
 

 
© Copyright 2014, Sybase Inc. - v 7.6 Home / Contact Us / Help / Jobs / Legal / Privacy / Code of Ethics