Red Hat Security Advisory: java-1.6.0-openjdk security update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2012:1384 Final 1 1 2012-10-17T15:50:00Z Current version 2012-10-17T15:50:00Z 2012-10-17T15:50:00Z Red Hat rhsa-to-cvrf 1.0.1484 2012-10-17T16:09:27Z Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. (CVE-2012-3216) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.5. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2012 Red Hat, Inc. All rights reserved. Critical https://rhn.redhat.com/errata/RHSA-2012-1384.html https://rhn.redhat.com/errata/RHSA-2012-1384.html https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.5/NEWS http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.5/NEWS http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html Red Hat Enterprise Linux HPC Node Optional (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux Desktop Optional (v. 6) Red Hat Enterprise Linux Workstation Optional (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server Optional (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux HPC Node Optional (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux Server (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux Workstation (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux Desktop Optional (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux Workstation Optional (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux HPC Node (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux Desktop (v. 6) java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 as a component of Red Hat Enterprise Linux Server Optional (v. 6) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-3216 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Low 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html https://www.redhat.com/security/data/cve/CVE-2012-3216.html CVE-2012-3216 https://bugzilla.redhat.com/show_bug.cgi?id=865346 bz#865346: CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. 2012-09-11T00:00:00Z 2012-09-07T00:00:00Z CVE-2012-4416 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-4416.html CVE-2012-4416 https://bugzilla.redhat.com/show_bug.cgi?id=856124 bz#856124: CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5068 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5068.html CVE-2012-5068 https://bugzilla.redhat.com/show_bug.cgi?id=865348 bz#865348: CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5069 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5069.html CVE-2012-5069 https://bugzilla.redhat.com/show_bug.cgi?id=865531 bz#865531: CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5071 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5071.html CVE-2012-5071 https://bugzilla.redhat.com/show_bug.cgi?id=865519 bz#865519: CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5072 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Moderate 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5072.html CVE-2012-5072 https://bugzilla.redhat.com/show_bug.cgi?id=865365 bz#865365: CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5073 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Moderate 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5073.html CVE-2012-5073 https://bugzilla.redhat.com/show_bug.cgi?id=865357 bz#865357: CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5075 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Moderate 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5075.html CVE-2012-5075 https://bugzilla.redhat.com/show_bug.cgi?id=865363 bz#865363: CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5077 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Low 2.6 AV:N/AC:H/Au/N/C:P/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5077.html CVE-2012-5077 https://bugzilla.redhat.com/show_bug.cgi?id=865354 bz#865354: CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5079 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5079.html CVE-2012-5079 It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5081 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Moderate 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5081.html CVE-2012-5081 https://bugzilla.redhat.com/show_bug.cgi?id=865370 bz#865370: CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286) Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5084 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5084.html CVE-2012-5084 https://bugzilla.redhat.com/show_bug.cgi?id=865511 bz#865511: CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, "jdk.net.registerGopherProtocol", to true. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5085 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Low 0.0 AV:N/AC:M/Au:S/C:N/I:N/A:N Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5085.html CVE-2012-5085 https://bugzilla.redhat.com/show_bug.cgi?id=865541 bz#865541: CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567) Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5086 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5086.html CVE-2012-5086 https://bugzilla.redhat.com/show_bug.cgi?id=865428 bz#865428: CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917) Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. 2012-10-11T00:00:00Z 2012-10-16T00:00:00Z CVE-2012-5089 6Client-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Client-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6ComputeNode-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Server-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 6Workstation-optional-6.3.z:java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3 Important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2012-1384.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html https://www.redhat.com/security/data/cve/CVE-2012-5089.html CVE-2012-5089 https://bugzilla.redhat.com/show_bug.cgi?id=865514 bz#865514: CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)