Possible Security Vulnerability Using the Java Runtime Environment (JRE) Summary: This document addresses the security advisories published by Oracle, HP and IBM in the first quarter of 2011 relating to a JRE hang when converting "2.2250738585072012e-308" to a binary floating point number. This vulnerability can result in the unauthorized ability to cause a hang or repeatable crash (denial of service) of the Java Runtime Environment. Java based application and web servers are at risk from this vulnerability. Patch updates to address this vulnerability are available from the JRE vendors. Actions From Sybase Sybase products that can be affected by the JRE vulnerabilities, along with the action taken, are listed below: Downloads EBFs/ESDs are obtained from the Sybase EBFs and Maintenance site. Follow the instructions in the EBF/ESD cover letter to install the EBF. If you require further assistance please contact your local support center. The contact numbers can be found in the About Support section under Support & Services at the www.sybase.com website. http://www.sybase.com/contactus/support Copyright © 2011 Sybase, Inc. All rights reserved.
Product
Version
Action Taken
Adaptive Server Enterprise
15.7
Version includes the JRE patches
Adaptive Server Enterprise - Cluster Edition
15.5 ESD #4
ESD includes the JRE patches
Adaptive Server Enterprise
15.0.3 ESD #4
ESD is certified to work with the vendor updates for the JRE issue
Adaptive Server Enterprise - Cluster Edition
15.0.3
Version is certified to work with the vendor updates for the JRE issue
Aleri Streaming Platform
3.2 ESD #1
ESD includes the JRE patches
Sybase CEP
R4 ESD #3
ESD is certified to work with the vendor updates for the JRE issue
EAServer (Windows, Linux, HP-UX, IBM-AIX)
6.3.1 ESD #3
ESD is certified to work with the vendor updates for the JRE issue
EAServer (Solaris)
6.3.1 EBF 19623
EBF is certified to work with the vendor updates for the JRE issue
InfoMaker
12.5
Version is certified to work with the vendor updates for the JRE issue
InfoMaker
12.1 EBF 19259
EBF is certified to work with the vendor updates for the JRE issue
InfoMaker
11.5.1 EBF 19091
EBF is certified to work with the vendor updates for the JRE issue
IQ
15.2
Vulnerability is isolated to the IQ Client only. Workaround is to restart the client. Sybase will release IQ 15.4 ESD #1 with the updated JRE 1.6 patches in the first half of 2012. Customers are advised to upgrade to 15.4 ESD #1.
IQ
12.7
Vulnerability is isolated to the IQ Client only. Workaround is to restart the client. Customers are advised to upgrade to 15.x.
PowerBuilder
12.5
Version is certified to work with the vendor updates for the JRE issue
PowerBuilder
12.1 EBF 19259
EBF is certified to work with the vendor updates for the JRE issue
PowerBuilder
11.5.1 EBF 19091
EBF is certified to work with the vendor updates for the JRE issue
PowerDesigner
15.3
Version is certified to work with the vendor updates for the JRE issue
RepConnector
15.0.2 ESD #3
ESD is certified to work with the vendor updates for the JRE issue
RepServer Options
15.6
Version includes the JRE patches
RepServer Options
15.2 ESD #3
ESD is certified to work with the vendor updates for the JRE issue
Mirror Activator
15.2 ESD #2
ESD is certified to work with the vendor updates for the JRE issue
RepServer Messaging Edition
15.2
Version is certified to work with the vendor updates for the JRE issue
RepServer Heterogeneous Edition
15.6
Version includes the JRE patches
RepServer Heterogeneous Edition
15.2
Version is certified to work with the vendor updates for the JRE issue
Sybase Control Center
3.2.1
Version includes the JRE patches
SQL Anywhere
12.01 EBF 3356
EBF is certified to work with the vendor updates for the JRE issue
SQL Anywhere
11.0.1 EBF 2596
EBF is certified to work with the vendor updates for the JRE issue
Sybase Unwired Platform
2.0
Version includes the JRE patches
Sybase Unwired Platform
1.5.5 ESD #1
ESD is certified to work with the vendor updates for the JRE issue
Back to Top
