Description
This update fixes several vulnerabilities in the IBM Java 2 Runtime
Environment and the IBM Java 2 Software Development Kit. These
vulnerabilities are summarized on the IBM "Security alerts" page listed in
the References section.
The RHSA-2010:0155 update mitigated a man-in-the-middle attack in the way
the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation by disabling renegotiation. This update
implements the TLS Renegotiation Indication Extension as defined in RFC
5746, allowing secure renegotiation between updated clients and servers.
(CVE-2009-3555)