FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Enterprise Watch List

 
 
LinkBack Thread Tools
 
Old 07-14-2008, 03:32 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2008:0594-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0594.html
Issue date: 2008-07-14
CVE Names: CVE-2008-3103 CVE-2008-3104 CVE-2008-3105
CVE-2008-3106 CVE-2008-3107 CVE-2008-3109
CVE-2008-3110 CVE-2008-3112 CVE-2008-3114
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The Java Runtime Environment (JRE) contains the software and tools that
users need to run applets and applications written using the Java
programming language.

A vulnerability was found in the Java Management Extensions (JMX)
management agent, when local monitoring is enabled. This allowed remote
attackers to perform illegal operations. (CVE-2008-3103)

Multiple vulnerabilities with unsigned applets were reported. A remote
attacker could misuse an unsigned applet to connect to localhost services
running on the host running the applet. (CVE-2008-3104)

Several vulnerabilities in the Java API for XML Web Services (JAX-WS)
client and service implementation were found. A remote attacker who caused
malicious XML to be processed by a trusted or untrusted application was
able access URLs or cause a denial of service. (CVE-2008-3105, CVE-2008-3106)

A JRE vulnerability could be triggered by an untrusted application or
applet. A remote attacker could grant an untrusted applet or application
extended privileges such as being able to read and write local files, or
execute local programs. (CVE-2008-3107)

Several vulnerabilities within the JRE scripting support were reported. A
remote attacker could grant an untrusted applet extended privileges such as
reading and writing local files, executing local programs, or querying the
sensitive data of other applets. (CVE-2008-3109, CVE-2008-3110)

A vulnerability in Java Web Start was found. A remote attacker was able to
create arbitrary files with the permissions of the user running the
untrusted Java Web Start application. (CVE-2008-3112)

Another vulnerability in Java Web Start when processing untrusted
applications was reported. An attacker was able to acquire sensitive
information, such as the cache location. (CVE-2008-3114)

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

452649 - CVE-2008-3105 CVE-2008-3106 OpenJDK JAX-WS unauthorized URL access (6542088)
452658 - CVE-2008-3107 JDK untrusted applet/application privilege escalation (6661918)
452659 - CVE-2008-3103 OpenJDK JMX allows illegal operations with local monitoring (6332953)
454601 - CVE-2008-3104 Java RE allows Same Origin Policy to be Bypassed (6687932)
454603 - CVE-2008-3109 CVE-2008-3110 Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
454606 - CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
454608 - CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)

6. Package List:

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.6.0-sun-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.7-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.7-1jpp.1.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.6.0-sun-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.7-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.7-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.7-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.7-1jpp.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIe3GCXlSAg2UNWIIRArt1AJ45wdIc73WX8WmHSdNW6x Xu8BbuVACfYLR6
OKHPr6bal50QVb1whF6263o=
=tpsU
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 12-04-2008, 03:56 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2008:1018-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-1018.html
Issue date: 2008-12-04
CVE Names: CVE-2008-2086
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64

3. Description:

The Java Runtime Environment (JRE) contains the software and tools that
users need to run applets and applications written using the Java
programming language.

A vulnerability was found in in Java Web Start. If a user visits a
malicious website, an attacker could misuse this flaw to execute arbitrary
code. (CVE-2008-2086)

Additionally, these packages fix several other critical vulnerabilities.
These are summarized in the "Advance notification of Security Updates for
Java SE" from Sun Microsystems.

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el4.x86_64.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.6.0-sun-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.6.0-sun-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.11-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.11-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.11-1jpp.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2086
http://www.redhat.com/security/updates/classification/#critical
http://blogs.sun.com/security/entry/advance_notification_of_security_updates3

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFJOAusXlSAg2UNWIIRAoRbAJ9by81uvCDhJypmcz0PPk dh83oPpwCggmNd
FaHEy+hvADpQv7NeAIQH/fg=
=ubuU
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 11-09-2009, 03:18 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2009:1560-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-1560.html
Issue date: 2009-11-09
CVE Names: CVE-2009-2409 CVE-2009-3728 CVE-2009-3729
CVE-2009-3865 CVE-2009-3866 CVE-2009-3867
CVE-2009-3868 CVE-2009-3869 CVE-2009-3871
CVE-2009-3872 CVE-2009-3873 CVE-2009-3874
CVE-2009-3875 CVE-2009-3876 CVE-2009-3877
CVE-2009-3879 CVE-2009-3880 CVE-2009-3881
CVE-2009-3882 CVE-2009-3883 CVE-2009-3884
CVE-2009-3886
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865,
CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871,
CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876,
CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

510197 - CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
530053 - CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)
530057 - CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
530061 - CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
530062 - CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)
530063 - CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)
530067 - CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643)
530098 - CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533)
530173 - CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650)
530175 - CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138)
530296 - CVE-2009-3880 OpenJDK UI logging information leakage(6664512)
530297 - CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)
530300 - CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265)
532904 - CVE-2009-3729 JRE TrueType font parsing crash (6815780)
532906 - CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)
532914 - CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531)
533211 - CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
533212 - CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824)
533214 - CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)
533215 - CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.1.el4.x86_64.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.6.0-sun-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.2.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.2.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.6.0-sun-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.2.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.2.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.17-1jpp.2.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.17-1jpp.2.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3886
http://www.redhat.com/security/updates/classification/#critical
http://blogs.sun.com/security/entry/advance_notification_of_security_updates6

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFK+ECyXlSAg2UNWIIRAkULAJ9TTJw8p1/11xdnQQXISeLnHPR1nQCeL0DD
4PNMBtBUYrX43aL30kry0Dc=
=joCY
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 04-01-2010, 03:00 AM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2010:0337-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0337.html
Issue date: 2010-03-31
CVE Names: CVE-2009-3555 CVE-2010-0082 CVE-2010-0084
CVE-2010-0085 CVE-2010-0087 CVE-2010-0088
CVE-2010-0089 CVE-2010-0090 CVE-2010-0091
CVE-2010-0092 CVE-2010-0093 CVE-2010-0094
CVE-2010-0095 CVE-2010-0837 CVE-2010-0838
CVE-2010-0839 CVE-2010-0840 CVE-2010-0841
CVE-2010-0842 CVE-2010-0843 CVE-2010-0844
CVE-2010-0845 CVE-2010-0846 CVE-2010-0847
CVE-2010-0848 CVE-2010-0849
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the "Oracle Java SE and Java
for Business Critical Patch Update Advisory" page, listed in the
References section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,
CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,
CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,
CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)

For the CVE-2009-3555 issue, this update disables renegotiation in the Java
Secure Socket Extension (JSSE) component. Unsafe renegotiation can be
re-enabled using the sun.security.ssl.allowUnsafeRenegotiation property.
Refer to the following Knowledgebase article for details:
http://kbase.redhat.com/faq/docs/DOC-20491

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
575736 - CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)
575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)
575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)
575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
575760 - CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
575764 - CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
575769 - CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
575775 - CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
575808 - CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
575818 - CVE-2010-0837 OpenJDK JAR "unpack200" must verify input parameters (6902299)
575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)
575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823)
575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)
578430 - CVE-2010-0846 JDK unspecified vulnerability in ImageIO component
578432 - CVE-2010-0849 JDK unspecified vulnerability in Java2D component
578433 - CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component
578436 - CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities
578437 - CVE-2010-0090 JDK unspecified vulnerability in JavaWS/Plugin component
578440 - CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.x86_64.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3555.html
https://www.redhat.com/security/data/cve/CVE-2010-0082.html
https://www.redhat.com/security/data/cve/CVE-2010-0084.html
https://www.redhat.com/security/data/cve/CVE-2010-0085.html
https://www.redhat.com/security/data/cve/CVE-2010-0087.html
https://www.redhat.com/security/data/cve/CVE-2010-0088.html
https://www.redhat.com/security/data/cve/CVE-2010-0089.html
https://www.redhat.com/security/data/cve/CVE-2010-0090.html
https://www.redhat.com/security/data/cve/CVE-2010-0091.html
https://www.redhat.com/security/data/cve/CVE-2010-0092.html
https://www.redhat.com/security/data/cve/CVE-2010-0093.html
https://www.redhat.com/security/data/cve/CVE-2010-0094.html
https://www.redhat.com/security/data/cve/CVE-2010-0095.html
https://www.redhat.com/security/data/cve/CVE-2010-0837.html
https://www.redhat.com/security/data/cve/CVE-2010-0838.html
https://www.redhat.com/security/data/cve/CVE-2010-0839.html
https://www.redhat.com/security/data/cve/CVE-2010-0840.html
https://www.redhat.com/security/data/cve/CVE-2010-0841.html
https://www.redhat.com/security/data/cve/CVE-2010-0842.html
https://www.redhat.com/security/data/cve/CVE-2010-0843.html
https://www.redhat.com/security/data/cve/CVE-2010-0844.html
https://www.redhat.com/security/data/cve/CVE-2010-0845.html
https://www.redhat.com/security/data/cve/CVE-2010-0846.html
https://www.redhat.com/security/data/cve/CVE-2010-0847.html
https://www.redhat.com/security/data/cve/CVE-2010-0848.html
https://www.redhat.com/security/data/cve/CVE-2010-0849.html
http://www.redhat.com/security/updates/classification/#critical
http://kbase.redhat.com/faq/docs/DOC-20491
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLtAwVXlSAg2UNWIIRAmdlAJ0QyCnBc/FEO+Y+FVUhJpktSzIBIACfZ8C2
xmDF/nzfgr7jp1i3gerSzac=
=5sMq
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 04-19-2010, 10:59 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2010:0356-02
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0356.html
Issue date: 2010-04-19
CVE Names: CVE-2010-0886 CVE-2010-0887
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that fix two security issues are now
available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes two vulnerabilities in the Sun Java 6 Runtime Environment
and the Sun Java 6 Software Development Kit. Further information about
these flaws can be found on the Oracle Security Alert page listed in the
References section. (CVE-2010-0886, CVE-2010-0887)

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

581237 - CVE-2010-0886 CVE-2010-0887 Sun Java: Java Web Start arbitrary command line injection

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el4.x86_64.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.6.0-sun-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.6.0-sun-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.20-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.20-1jpp.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-0886.html
https://www.redhat.com/security/data/cve/CVE-2010-0887.html
http://www.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFLzOBdXlSAg2UNWIIRAgH3AJ9eIAGVDngSiWwXNoE1qa 0PzxMIuACgpSny
vrMeBq6hmgHRalCN7XE4fI4=
=Aohb
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 10-14-2010, 01:59 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2010:0770-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2010-0770.html
Issue date: 2010-10-14
CVE Names: CVE-2009-3555 CVE-2010-1321 CVE-2010-3541
CVE-2010-3548 CVE-2010-3549 CVE-2010-3550
CVE-2010-3551 CVE-2010-3552 CVE-2010-3553
CVE-2010-3554 CVE-2010-3555 CVE-2010-3556
CVE-2010-3557 CVE-2010-3558 CVE-2010-3559
CVE-2010-3560 CVE-2010-3561 CVE-2010-3562
CVE-2010-3563 CVE-2010-3565 CVE-2010-3566
CVE-2010-3567 CVE-2010-3568 CVE-2010-3569
CVE-2010-3570 CVE-2010-3571 CVE-2010-3572
CVE-2010-3573 CVE-2010-3574
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the "Oracle Java SE and Java
for Business Critical Patch Update Advisory" page, listed in the References
section. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549,
CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554,
CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559,
CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,
CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570,
CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)

The RHSA-2010:0337 update mitigated a man-in-the-middle attack in the way
the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation by disabling renegotiation. This update
implements the TLS Renegotiation Indication Extension as defined in RFC
5746, allowing secure renegotiation between updated clients and servers.
(CVE-2009-3555)

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
582466 - CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)
639876 - CVE-2010-3568 OpenJDK Deserialization Race condition (6559775)
639880 - CVE-2010-3554 CVE-2010-3561 OpenJDK corba reflection vulnerabilities (6891766,6925672)
639897 - CVE-2010-3562 OpenJDK IndexColorModel double-free (6925710)
639904 - CVE-2010-3557 OpenJDK Swing mutable static (6938813)
639909 - CVE-2010-3548 OpenJDK DNS server IP address information leak (6957564)
639920 - CVE-2010-3565 OpenJDK JPEG writeImage remote code execution (6963023)
639922 - CVE-2010-3566 OpenJDK ICC Profile remote code execution (6963489)
639925 - CVE-2010-3569 OpenJDK Serialization inconsistencies (6966692)
642167 - CVE-2010-3553 OpenJDK Swing unsafe reflection usage (6622002)
642180 - CVE-2010-3549 OpenJDK HttpURLConnection request splitting (6952017)
642187 - CVE-2010-3551 OpenJDK local network address disclosure (6952603)
642197 - CVE-2010-3567 OpenJDK ICU Opentype layout engine crash (6963285)
642202 - CVE-2010-3541 CVE-2010-3573 OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)
642215 - CVE-2010-3574 OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)
642558 - CVE-2010-3555 JDK unspecified vulnerability in Deployment component
642559 - CVE-2010-3550 JDK unspecified vulnerability in Java Web Start component
642561 - CVE-2010-3570 JDK unspecified vulnerability in Deployment Toolkit
642573 - CVE-2010-3560 JDK unspecified vulnerability in Networking component
642576 - CVE-2010-3556 JDK unspecified vulnerability in 2D component
642585 - CVE-2010-3571 JDK unspecified vulnerability in 2D component
642589 - CVE-2010-3563 JDK unspecified vulnerability in Deployment component
642593 - CVE-2010-3558 JDK unspecified vulnerability in Java Web Start component
642600 - CVE-2010-3552 JDK unspecified vulnerability in New Java Plugin component
642606 - CVE-2010-3559 JDK unspecified vulnerability in Sound component
642611 - CVE-2010-3572 JDK unspecified vulnerability in Sound component

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el4.x86_64.rpm

RHEL Desktop Supplementary (v. 5 client):

i386:
java-1.6.0-sun-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el5.x86_64.rpm

RHEL Supplementary (v. 5 server):

i386:
java-1.6.0-sun-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.22-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.22-1jpp.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-3555.html
https://www.redhat.com/security/data/cve/CVE-2010-1321.html
https://www.redhat.com/security/data/cve/CVE-2010-3541.html
https://www.redhat.com/security/data/cve/CVE-2010-3548.html
https://www.redhat.com/security/data/cve/CVE-2010-3549.html
https://www.redhat.com/security/data/cve/CVE-2010-3550.html
https://www.redhat.com/security/data/cve/CVE-2010-3551.html
https://www.redhat.com/security/data/cve/CVE-2010-3552.html
https://www.redhat.com/security/data/cve/CVE-2010-3553.html
https://www.redhat.com/security/data/cve/CVE-2010-3554.html
https://www.redhat.com/security/data/cve/CVE-2010-3555.html
https://www.redhat.com/security/data/cve/CVE-2010-3556.html
https://www.redhat.com/security/data/cve/CVE-2010-3557.html
https://www.redhat.com/security/data/cve/CVE-2010-3558.html
https://www.redhat.com/security/data/cve/CVE-2010-3559.html
https://www.redhat.com/security/data/cve/CVE-2010-3560.html
https://www.redhat.com/security/data/cve/CVE-2010-3561.html
https://www.redhat.com/security/data/cve/CVE-2010-3562.html
https://www.redhat.com/security/data/cve/CVE-2010-3563.html
https://www.redhat.com/security/data/cve/CVE-2010-3565.html
https://www.redhat.com/security/data/cve/CVE-2010-3566.html
https://www.redhat.com/security/data/cve/CVE-2010-3567.html
https://www.redhat.com/security/data/cve/CVE-2010-3568.html
https://www.redhat.com/security/data/cve/CVE-2010-3569.html
https://www.redhat.com/security/data/cve/CVE-2010-3570.html
https://www.redhat.com/security/data/cve/CVE-2010-3571.html
https://www.redhat.com/security/data/cve/CVE-2010-3572.html
https://www.redhat.com/security/data/cve/CVE-2010-3573.html
https://www.redhat.com/security/data/cve/CVE-2010-3574.html
http://www.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
https://access.redhat.com/kb/docs/DOC-20491

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2010 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFMtwxKXlSAg2UNWIIRAlgwAJ9KMcd1PVkEGwsitqZSg+ uotdwRNQCZAeDJ
BX63d4j9vqwHVwEjpwl90pY=
=2GD2
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 02-17-2011, 05:49 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2011:0282-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0282.html
Issue date: 2011-02-17
CVE Names: CVE-2010-4422 CVE-2010-4447 CVE-2010-4448
CVE-2010-4450 CVE-2010-4451 CVE-2010-4452
CVE-2010-4454 CVE-2010-4462 CVE-2010-4463
CVE-2010-4465 CVE-2010-4466 CVE-2010-4467
CVE-2010-4468 CVE-2010-4469 CVE-2010-4470
CVE-2010-4471 CVE-2010-4472 CVE-2010-4473
CVE-2010-4475 CVE-2010-4476
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the "Oracle Java SE and Java
for Business Critical Patch Update Advisory" page, listed in the References
section. (CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450,
CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463,
CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469,
CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4475,
CVE-2010-4476)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which resolve these issues. All running instances of Sun Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
675942 - CVE-2010-4472 OpenJDK untrusted code allowed to replace DSIG/C14N implementation (6994263)
675958 - CVE-2010-4469 OpenJDK Hotspot verifier heap corruption (6878713)
675984 - CVE-2010-4465 OpenJDK Swing timer-based security manager bypass (6907662)
676005 - CVE-2010-4470 OpenJDK JAXP untrusted component state manipulation (6927050)
676019 - CVE-2010-4471 OpenJDK Java2D font-related system property leak (6985453)
676023 - CVE-2010-4448 OpenJDK DNS cache poisoning by untrusted applets (6981922)
676026 - CVE-2010-4450 OpenJDK Launcher incorrect processing of empty library path entries (6983554)
677957 - CVE-2010-4475 JDK unspecified vulnerability in Deployment component
677958 - CVE-2010-4473 JDK unspecified vulnerability in Sound component
677959 - CVE-2010-4468 JDK unspecified vulnerability in JDBC component
677960 - CVE-2010-4467 JDK unspecified vulnerability in Deployment component
677961 - CVE-2010-4466 JDK unspecified vulnerability in Deployment component
677963 - CVE-2010-4463 JDK unspecified vulnerability in Deployment component
677966 - CVE-2010-4462 JDK unspecified vulnerability in Sound component
677967 - CVE-2010-4454 JDK unspecified vulnerability in Sound component
677968 - CVE-2010-4452 JDK unspecified vulnerability in Deployment component
677969 - CVE-2010-4451 JDK unspecified vulnerability in Install component
677970 - CVE-2010-4447 JDK unspecified vulnerability in Deployment component
677971 - CVE-2010-4422 JDK unspecified vulnerability in Deployment component

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.24-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.24-1jpp.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4422.html
https://www.redhat.com/security/data/cve/CVE-2010-4447.html
https://www.redhat.com/security/data/cve/CVE-2010-4448.html
https://www.redhat.com/security/data/cve/CVE-2010-4450.html
https://www.redhat.com/security/data/cve/CVE-2010-4451.html
https://www.redhat.com/security/data/cve/CVE-2010-4452.html
https://www.redhat.com/security/data/cve/CVE-2010-4454.html
https://www.redhat.com/security/data/cve/CVE-2010-4462.html
https://www.redhat.com/security/data/cve/CVE-2010-4463.html
https://www.redhat.com/security/data/cve/CVE-2010-4465.html
https://www.redhat.com/security/data/cve/CVE-2010-4466.html
https://www.redhat.com/security/data/cve/CVE-2010-4467.html
https://www.redhat.com/security/data/cve/CVE-2010-4468.html
https://www.redhat.com/security/data/cve/CVE-2010-4469.html
https://www.redhat.com/security/data/cve/CVE-2010-4470.html
https://www.redhat.com/security/data/cve/CVE-2010-4471.html
https://www.redhat.com/security/data/cve/CVE-2010-4472.html
https://www.redhat.com/security/data/cve/CVE-2010-4473.html
https://www.redhat.com/security/data/cve/CVE-2010-4475.html
https://www.redhat.com/security/data/cve/CVE-2010-4476.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html#AppendixJAVA

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFNXWzfXlSAg2UNWIIRAsxnAKCWB7ECxJqIdxr4actkCd VXQDDlWACeIB6U
Ny/X8FBK3G6Sj1dVIHjeGVA=
=1ULT
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 06-08-2011, 03:43 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2011:0860-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0860.html
Issue date: 2011-06-08
CVE Names: CVE-2011-0802 CVE-2011-0814 CVE-2011-0862
CVE-2011-0863 CVE-2011-0864 CVE-2011-0865
CVE-2011-0867 CVE-2011-0868 CVE-2011-0869
CVE-2011-0871 CVE-2011-0873
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the "Oracle Java SE Critical
Patch Update Advisory" page, listed in the References section.
(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864,
CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871,
CVE-2011-0873)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide JDK and JRE 6 Update 26 and resolve these issues.
All running instances of Sun Java must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
711675 - CVE-2011-0873 Oracle JDK: unspecified vulnerability fixed in 6u26 (2D)
711676 - CVE-2011-0863 Oracle JDK: unspecified vulnerability fixed in 6u26 (Deployment)
711677 - CVE-2011-0802 CVE-2011-0814 Oracle JDK: unspecified vulnerabilities fixed in 6u26 (Sound)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0802.html
https://www.redhat.com/security/data/cve/CVE-2011-0814.html
https://www.redhat.com/security/data/cve/CVE-2011-0862.html
https://www.redhat.com/security/data/cve/CVE-2011-0863.html
https://www.redhat.com/security/data/cve/CVE-2011-0864.html
https://www.redhat.com/security/data/cve/CVE-2011-0865.html
https://www.redhat.com/security/data/cve/CVE-2011-0867.html
https://www.redhat.com/security/data/cve/CVE-2011-0868.html
https://www.redhat.com/security/data/cve/CVE-2011-0869.html
https://www.redhat.com/security/data/cve/CVE-2011-0871.html
https://www.redhat.com/security/data/cve/CVE-2011-0873.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

8. Contact:

The Red Hat security contact is &lt;secalert@redhat.com&gt;. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFN75hZXlSAg2UNWIIRAk+VAKCkNkXBxoJkONj189Gi/rL1JhUzPgCfcwNr
txYYEeTJnX7m4ZXT7Nsd+lY=
=aePx
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 10-19-2011, 06:00 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2011:1384-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html
Issue date: 2011-10-19
CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521
CVE-2011-3544 CVE-2011-3545 CVE-2011-3546
CVE-2011-3547 CVE-2011-3548 CVE-2011-3549
CVE-2011-3550 CVE-2011-3551 CVE-2011-3552
CVE-2011-3553 CVE-2011-3554 CVE-2011-3555
CVE-2011-3556 CVE-2011-3557 CVE-2011-3558
CVE-2011-3560 CVE-2011-3561
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch page, listed in the References section. (CVE-2011-3389,
CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546,
CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551,
CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556,
CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide JDK and JRE 6 Update 29 and resolve these issues.
All running instances of Sun Java must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)
745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)
745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)
745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)
745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)
745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)
745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)
745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)
745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)
745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)
745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)
745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134)
747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)
747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)
747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE)
747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3389.html
https://www.redhat.com/security/data/cve/CVE-2011-3516.html
https://www.redhat.com/security/data/cve/CVE-2011-3521.html
https://www.redhat.com/security/data/cve/CVE-2011-3544.html
https://www.redhat.com/security/data/cve/CVE-2011-3545.html
https://www.redhat.com/security/data/cve/CVE-2011-3546.html
https://www.redhat.com/security/data/cve/CVE-2011-3547.html
https://www.redhat.com/security/data/cve/CVE-2011-3548.html
https://www.redhat.com/security/data/cve/CVE-2011-3549.html
https://www.redhat.com/security/data/cve/CVE-2011-3550.html
https://www.redhat.com/security/data/cve/CVE-2011-3551.html
https://www.redhat.com/security/data/cve/CVE-2011-3552.html
https://www.redhat.com/security/data/cve/CVE-2011-3553.html
https://www.redhat.com/security/data/cve/CVE-2011-3554.html
https://www.redhat.com/security/data/cve/CVE-2011-3555.html
https://www.redhat.com/security/data/cve/CVE-2011-3556.html
https://www.redhat.com/security/data/cve/CVE-2011-3557.html
https://www.redhat.com/security/data/cve/CVE-2011-3558.html
https://www.redhat.com/security/data/cve/CVE-2011-3560.html
https://www.redhat.com/security/data/cve/CVE-2011-3561.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8L kDemBYzQCbBrE3
0MJzQCB587rTzSRSo+gGytc=
=809z
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
Old 02-16-2012, 06:20 PM
 
Default Critical: java-1.6.0-sun security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ===================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2012:0139-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0139.html
Issue date: 2012-02-16
CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035
CVE-2012-0498 CVE-2012-0499 CVE-2012-0500
CVE-2012-0501 CVE-2012-0502 CVE-2012-0503
CVE-2012-0505 CVE-2012-0506
================================================== ===================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch page, listed in the References section. (CVE-2011-3563,
CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500,
CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide JDK and JRE 6 Update 31 and resolve these issues.
All running instances of Sun Java must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)
788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm
java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm
java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-3563.html
https://www.redhat.com/security/data/cve/CVE-2011-3571.html
https://www.redhat.com/security/data/cve/CVE-2011-5035.html
https://www.redhat.com/security/data/cve/CVE-2012-0498.html
https://www.redhat.com/security/data/cve/CVE-2012-0499.html
https://www.redhat.com/security/data/cve/CVE-2012-0500.html
https://www.redhat.com/security/data/cve/CVE-2012-0501.html
https://www.redhat.com/security/data/cve/CVE-2012-0502.html
https://www.redhat.com/security/data/cve/CVE-2012-0503.html
https://www.redhat.com/security/data/cve/CVE-2012-0505.html
https://www.redhat.com/security/data/cve/CVE-2012-0506.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFPPVa5XlSAg2UNWIIRAn6xAJ932rg7KVwp+jyL7jwxMv OiZHAqtQCgmt4n
dZEXYZPhMUvix7Sd5jUeKng=
=Czkl
-----END PGP SIGNATURE-----


--
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 

Thread Tools




All times are GMT. The time now is 12:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org