On most AIX 7.1 systems, I find stray object files in /.

I finally got around to looking at them, and they are libiconv shared objects.

This is most likely an error in packaging of bos.rte.iconv.

The ones inside of /usr/lib/libiconv.a are from 2010 (,
but the ones in / are from 2011 (

It's rare to run into NLS problems, so it's not been worth the hassle of calling in.

I typically leave them there, in case there is a real reason, or if IBM fixes/cleans them up in a future PTF.
Pretty obscure, but worth passing on anyway.

Denial of Service Security Exposure with Java JRE/JDK hanging when converting 2.2250738585072012e-308 number (CVE-2010-4476) (PM32387)

This Security Alert addresses a serious security issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability can cause the Java Runtime Environment to go into a hang, infinite loop, and/or crash resulting in a denial of service exposure. This same hang can occur if the number is written without scientific notation (324 decimal places). In addition to the Application Server being exposed to this attack, any Java program using the Double.parseDouble method is also at risk of this exposure including any customer written application or third party written application.

The following IBM Tivoli products contain affected versions of the Java Runtime Environment:
big list )
Program Services is the IBM support structure for defects, PTF orders, etc when a customer has not paif for how-to/usage support.

Internet Program Service problem reports are submitted at :


Fax Program Service problem reports are sent to:
IBM Corporation

Attn: AIX Program Services
FAX phone: (512) 823-7634 or t/l 793-7634
793-7634 is forwarded to the Dallas site for processing

US Mail Program Service problem reports are sent to:
IBM Corporation

Department CST
IMAD: 30-01-0C
13800 Diplomat Drive
Dallas, TX 75234


