Affected Products –Java SE JDK and JRE 6 update 23 and earlier JDK 5.0 Update 27 and earlier SDK 1.4.2_29 and earlier –JRockit R27.6.8 and earlier (JDK/JRE.

Slides:



Advertisements
Similar presentations
A Programmer's Introduction to Java - from a S/370 user (c) IDMS/SQL News
Advertisements

Introduction to Java The objectives of this chapter are: To describe the key aspects of Java To describe the Java software development kit (SDK) To explain.
Introduction to Java Programming
Introduction to Java ISYS 350. A Brief History Sun Microsystems released this language in 1996 – Versions: 1.0 – 1.6 Java Development Kit, JDK – Standard.
Introduction to Java.
Introduction to Java Programming Language Junji Zhi University of Toronto 1.
CS0007: Introduction to Computer Programming Setting Up Java.
01 Introduction to Java Technology. 2 Contents History of Java What is Java? Java Platforms Java Virtual Machine (JVM) Java Development Kit (JDK) Benefits.
Marlene Galea.  The JDK (Java Development Kit)  An IDE (Integrated Development Environment) ◦ Different IDEs include:  JCreator  NetBeans  BlueJ.
CMSC 341 Introduction to Java Based on tutorial by Rebecca Hasti at
Introduction to Java Presented by Daniel Rosenthal Friday, November 16 th, 2007.
Introduction to Java Programming. Contents 1. Java, etc. 2. Java's Advantages 3. Java's Disadvantages 4. Types of Java Code 5. Java Bytecodes 6. Steps.
Introducing Java.
M1G Introduction to Programming 2 4. Enhancing a class:Room.
MIS Week 5 Site:
CMSC 202 Computer Science II for Majors Object-Oriented Programming.
An intro to programming. The purpose of writing a program is to solve a problem or take advantage of an opportunity Consists of multiple steps:  Understanding.
19-Sep-15 Air Force Institute of Technology Electrical and Computer Engineering Object-Oriented Programming Design Topic : Applets Maj Joel Young
Session One Introduction. Personal Introduction Role of programmers Robot Examination HUD & HID Uploading Code.
FRST JAVA PROGRAM. Getting Started with Java Programming A Simple Java Application Compiling Programs Executing Applications.
The Basics of Javadoc Presented By: Wes Toland. Outline  Overview  Background  Environment  Features Javadoc Comment Format Javadoc Program HTML API.
1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.
Citrix MPS 3.0 Licensing Douglas A. Brown President
JAVA Java is a programming language and computing platform first released by Sun Microsystems in It was first developed by James Gosling at Sun Microsystems,
Java ACO101: Introduction to Computer Science. The History of Java Started out as a research project at Sun Microsystems in 1991 Code named “Green” Based.
Java and C# [this is a bonus – it is not a required lesson] ACO101: Introduction to Computer Science.
© 2012 Pearson Education, Inc. All rights reserved. 1-1 Why Java? Needed program portability – Program written in a language that would run on various.
POS 406 Java Technology And Beginning Java Code
( ) 1 ISYE 7210—Fall 2005 Design of Real-Time Interactive Simulations (in Java) Initial Notes Christine M. Mitchell Director & Professor Center for.
CS591x A very brief introduction to Java. Java Developed by Sun Microsystems was intended a language for embedded applications became a general purpose.
Java Programming Presented by Daniel Rosenthal Friday, November 30 th, 2007.
How to Run a Java Program CSE 1310 – Introduction to Computers and Programming Vassilis Athitsos University of Texas at Arlington 1.
How to Run a Java Program CSE 1310 – Introduction to Computers and Programming Vassilis Athitsos University of Texas at Arlington 1.
National Taiwan University Department of Computer Science and Information Engineering National Taiwan University Department of Computer Science and Information.
4-Nov-15 Air Force Institute of Technology Electrical and Computer Engineering Object-Oriented Programming Design Topic 1: The Java Environment Maj Joel.
CS Software Studio Java Lab 1 Meng-Ting Wang PLLAB, Computer Science Department, National Tsing-Hua University.
EIE375 BlueJ: Getting Started Dr Lawrence Cheung.
BEGINNING PROGRAMMING.  Literally – giving instructions to a computer so that it does what you want  Practically – using a programming language (such.
Core Java Introduction Byju Veedu Ness Technologies httpdownload.oracle.com/javase/tutorial/getStarted/intro/definition.html.
© 2012 Pearson Education, Inc. All rights reserved types of Java programs Application – Stand-alone program (run without a web browser) – Relaxed.
Today… “Hello World” ritual. Brief History of Java & How Java Works. Introduction to Java class structure. But first, next slide shows Java is No. 1 programming.
introductory lecture on java programming
©2016 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. CSC 110 – INTRO TO COMPUTING - PROGRAMMING Overview of Programming.
Spring 2009 Programming Fundamentals I Java Programming XuanTung Hoang Lecture No. 8.
NJIT 1 Apache Tomcat (Version 6.0) THETOPPERSWAY.COM.
3/5/2002e-business and Information Systems1 Java Java Java Virtual Machine (JVM) Java Application Program Interface (API) HW Kernel API Application Programs.
ITP 109 Week 2 Trina Gregory Introduction to Java.
MIS Week 5 Site:
Introduction to JAVA Programming
SESSION 1 Introduction in Java. Objectives Introduce classes and objects Starting with Java Introduce JDK Writing a simple Java program Using comments.
보안 취약점 비교 Linux vs. Windows
Introduction to Algorithm. What is Algorithm? an algorithm is any well-defined computational procedure that takes some value, or set of values, as input.
CS-140 Dick Steflik Lecture 3. Java C++ Interpreted optimized for the internet Runs on virtual ized machine Derived from C++ Good object model Widely.
CS210 Intermediate Computing with Data Structures (Java)
Running a Forms Developer Application
Remote Method Invocation
1. Environment Setting Minhaeng Lee.
תרגול 1: סביבת העבודה ומבוא ל-Java
תרגול 1: סביבת העבודה ומבוא ל-Java
Getting Started ARCS Lab..
תרגול 1: סביבת העבודה ומבוא ל-Java
How to Run a Java Program
תרגול 1: סביבת העבודה ומבוא ל-Java
How to Run a Java Program
(Computer fundamental Lab)
How Java Program Executes
Review of Previous Lesson
David Cleverly – Development Lead
Outcome of the Lecture Upon completion of this lecture you will be able to understand Fundamentals and Characteristics of Java Language Basic Terminology.
Presentation transcript:

Affected Products –Java SE JDK and JRE 6 update 23 and earlier JDK 5.0 Update 27 and earlier SDK 1.4.2_29 and earlier –JRockit R and earlier (JDK/JRE 1.4.2,5,6) R and earlier (JDK/JRE 5,6)

class runhang { public static void main(String[] args) { System.out.println("Test:"); double d = Double.parseDouble(" e- 308"); System.out.println("Value: " + d); } } class compilehang { public static void main(String[] args) { double d = e-308; System.out.println("Value: " + d); } }

1. Update the Java Runtime Environment (JRE). The JRE provides the libraries, the Java Virtual Machine, and other components to run applets and applications. 2. Update your application server's Java Developer Kit (J Summary: This old bug says that Double.parseDouble(s) hangs for decimal strings in range (Double.MIN_NORMAL- 0.5*Double.MIN_VALUE,Double.MIN_NORMAL), and returns incorrect result for decimal string Double.MIN_NORMAL-0.5*Double.MIN_VALUE. This bug

This is because current code in FloatingDecimal.doubleValue() incorrectly defines the condition when nextDown(dValue) - dValue == - 0.5*ulp(dValue). The current code considers that these are all numbers 2^n which are represented as normal doubles, and nextDown(dValue) - dValue == - 1.0*ulp(dValue) for other doubles (subnormal or not 2-powers). However, this is not correct for dValue == Double.MIN_NORMAL, because nextDown(Double.MIN_NORMAL) - Double.MIN_NORMAL == - 1.0*ulp(Double.MIN_NORMAL)

Affected product releases and versions: Java SE JDK and JRE 6 Update 23 and earlier for Windows, Solaris, and Linux JDK 5.0 Update 27 and earlier for Solaris 9 SDK 1.4.2_29 and earlier for Solaris 8 Java for Business JDK and JRE 6 Update 23 and earlier for Windows, Solaris and Linux JDK and JRE 5.0 Update 27 and earlier for Windows, Solaris and Linux SDK and JRE 1.4.2_29 and earlier for Windows, Solaris and Linux JRockit R and earlier (JDK/JRE 1.4.2, 5, 6) R and earlier (JDK/JRE 5, 6)

Affected Tomcat versions: Tomcat 7 earlier than Tomcat 6 earlier than Tomcat 5.5 earlier than

Severity and impact High severity The vulnerability allows an adversary to trivially execute a *denial of service attack* removing target CAS-running Tomcat instances from service. No end user data is exposed. No passwords are compromised. No system access is illicitly granted. The only impact of this vulnerability is to cause service outages.

Manually updating the JVM Oracle has released a tool for updating affected JVMs. Note however that this tool breaks auto- updating of the JVM, so this tool should only be used in environments that are manually maintained (and in such environments, it may be cleaner and simpler to simply replace the installed ad-hoc JVM with the Update 24 release rather than patching it in place.)a tool for updating affected JVMs Oracle fpupdater tool

Introduction The FPUpdater tool allows you to update installed Java Development Kit (JDK) and Java Runtime Environment (JRE) software to address the hang that occurs when parsing strings like " e-308" to a binary floating point number, as described in Security Alert for CVE Released.Security Alert for CVE Released

System Requirements The FPUpdater tool is recommended for the Oracle JRE releases shown in the following table: JRE/JDK ReleaseCommentsJ2SE 1.4.2Required for updates prior to, and including, 1.4.2_29J2SE 5.0Required for updates prior to, and including, 5.0u27J2SE for Embedded 5.0Required for updates prior to, and including, 5.0u27Java SE 6Required for updates prior to, and including, 6u23Java SE for Embedded 6Required for updates prior to, and including, 6u23Java Real-Time System 2Required for updates prior to, and including, 2.2u1JRockit R27Required for updates prior to, and including, R27.6.8JRockit R28Required for updates prior to, and including, R28.1.1

As a result of running the tool, the /lib/rt.jar file is modified and the tool leaves behind the following files: /lib/rt.jar.fpupdater Copy of rt.jar before the fix. /lib/.fpupdater.log Zero-length file indicating that the update has taken place. If either of these two files are already present, the tool will not perform the update and exits with a warning. Run the fpupdater tool with the following command. /bin/java -jar fpupdater.jar -u -v C:\Program Files\Java\jre6\bin\java

要先關閉所有 JAVA 程式

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.