Red Hat Security Advisory: java-1.7.0-oracle security update Security Advisory secalert@redhat.com Red Hat Security Response Team RHSA-2013:0156 Final 1 1 2013-01-14T20:41:00Z Current version 2013-01-14T20:41:00Z 2013-01-14T20:41:00Z Red Hat rhsa-to-cvrf 1.0.1910 2013-04-09T09:08:04Z Updated java-1.7.0-oracle packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. (CVE-2012-3174, CVE-2013-0422) Red Hat is aware that a public exploit for CVE-2013-0422 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 11 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. Please see https://www.redhat.com/footer/terms-of-use.html Copyright © 2013 Red Hat, Inc. All rights reserved. Critical https://rhn.redhat.com/errata/RHSA-2013-0156.html https://rhn.redhat.com/errata/RHSA-2013-0156.html https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html Red Hat Enterprise Linux Server Supplementary (v. 6) Red Hat Enterprise Linux HPC Node Supplementary (v. 6) Red Hat Enterprise Linux Desktop Supplementary (v. 6) Red Hat Enterprise Linux Desktop Supplementary (v. 5) Red Hat Enterprise Linux Workstation Supplementary (v. 6) Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9.x86_64.rpm java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3.x86_64.rpm java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6) java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux HPC Node Supplementary (v. 6) java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6) java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5) java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6) java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5) This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. 2013-01-13T00:00:00Z 2013-01-13T00:00:00Z CVE-2012-3174 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 6Client-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 Critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0156.html https://www.redhat.com/security/data/cve/CVE-2012-3174.html CVE-2012-3174 https://bugzilla.redhat.com/show_bug.cgi?id=894934 bz#894934: CVE-2012-3174 OpenJDK: MethodHandles incorrect permission checks (Libraries, 8004933) This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. Red Hat is aware that a public exploit for CVE-2013-0422 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled. 2013-01-10T00:00:00Z 2013-01-10T00:00:00Z CVE-2013-0422 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 5Client-Supplementary-5.9.Z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el5_9 5Server-Supplementary-5.9.Z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el5_9 6Client-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 6Client-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6ComputeNode-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 6Server-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-devel-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-javafx-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-jdbc-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-plugin-1.7.0.11-1jpp.3.el6_3 6Workstation-Supplementary-6.3.z:java-1.7.0-oracle-src-1.7.0.11-1jpp.3.el6_3 Critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 https://rhn.redhat.com/errata/RHSA-2013-0156.html https://www.redhat.com/security/data/cve/CVE-2013-0422.html CVE-2013-0422 https://bugzilla.redhat.com/show_bug.cgi?id=894172 bz#894172: CVE-2013-0422 OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)