Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 13 articles for you...
98
security advisorydenial of servicered hatRedHat Enterprise Linux 6: RHSA-2018:3003-01 Critical: Java Update
An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2018:3003-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3003 Issue date: 2018-10-24 CVE Names: CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3209 CVE-2018-3211 CVE-2018-3214 CVE-2018-13785 ==================================================================== 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 191. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * Oracle JDK:unspecified vulnerability fixed in 8u191 (JavaFX) (CVE-2018-3209) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * Oracle JDK: unspecified vulnerability fixed in 8u191 and 11.0.1 (Serviceability) (CVE-2018-3211) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1599943 - CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service 1639268 - CVE-2018-3183 OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) 1639293 - CVE-2018-3169 OpenJDK: Improper field access checks (Hotspot, 8199226) 1639301 - CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) 1639442 - CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) 1639484 - CVE-2018-3180 OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) 1639755 - CVE-2018-3136 OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security,8194534) 1639834 - CVE-2018-3149 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) 1639904 - CVE-2018-3209 Oracle JDK: unspecified vulnerability fixed in 8u191 (JavaFX) 1639906 - CVE-2018-3211 Oracle JDK: unspecified vulnerability fixed in 8u191 and 11.0.1 (Serviceability) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.191-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.191-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.8.0-oracle-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.191-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server6: i386: java-1.8.0-oracle-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.191-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.191-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.8.0-oracle-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.191-1jpp.1.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.191-1jpp.1.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.191-1jpp.1.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.191-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2018-3136 https://access.redhat.com/security/cve/CVE-2018-3139 https://access.redhat.com/security/cve/CVE-2018-3149 https://access.redhat.com/security/cve/CVE-2018-3169 https://access.redhat.com/security/cve/CVE-2018-3180 https://access.redhat.com/security/cve/CVE-2018-3183 https://access.redhat.com/security/cve/CVE-2018-3209 https://access.redhat.com/security/cve/CVE-2018-3211 https://access.redhat.com/security/cve/CVE-2018-3214 https://access.redhat.com/security/cve/CVE-2018-13785 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW9DtQdzjgjWX9erEAQhYAw/9Fk7QY5vgBcZ/OQZYsbVWzmMwr6K0VtJJ agyCXNXNFk9u/3Q8aN8kTXGaaXT3bkQde9JuojxdBhmA0uHyKBua7pT9No9tn+S2 hHr3xZcHUUyo6Onb0phNgkrfVFGupL76tTE+8lcQONAiyh5ZDKc4ouic0jQNAhgH xxG5KA8DLJRu38y5iCtB4pSmjVlavN2gJPumm0ZyYJ2K/CvsnagRYKx8ysRTNGJI 4pyb5S8S47vgxSeh2MPqxRojKQ0qU6CfzOPhg092SyYqtwm/0N2H+3X0pMDwnc4Z RqUcVYibw+c1Q1ZIQ/m0miLfE+YwOMxYXzBn860ONbn3MBVDyYIfYlRP11gX2lj0 pFx/KgFp/Gz6CWWadJIx/aO9n7OVkzbWkqz1nD0zcpHVTisUHpTIRBJT9QI1jZpb Gew7UhaqAaC3vXdx1mDa2r6CcBfJcC5f5m2AfiIzY3iWGif//KCCyHvzRJ38e67i 2GknaTFt27GX1tGM4QgqmPZ1KkSes/5HR22i7A2bWoD1hc2Dtr6UuMGbWuTPraKq Gfi68r/dk412cvKVZEDpNsG1T1jroLPMz790BMOkpwXAeylXYk6EXQhXlpW98PZY QpAxi/NwSy+xOzXVmNgHQ9PNz6bEX8PAXdL7XwPLdsv3UzEdBNmbxa3QjGLFutmh ZD1VOBSAYks=XOxY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 24, 2018
•Critical
Red Hat
98
security advisoryred hatcriticalRedHat 7: RHSA-2018-3001 Critical: Oracle Java 1.7 Update
An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2018:3001-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3001 Issue date: 2018-10-24 CVE Names: CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214 CVE-2018-13785 ==================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 201. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signedJar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1599943 - CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service 1639293 - CVE-2018-3169 OpenJDK: Improper field access checks (Hotspot, 8199226) 1639301 - CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) 1639442 - CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) 1639484 - CVE-2018-3180 OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) 1639755 - CVE-2018-3136 OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) 1639834 - CVE-2018-3149 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client (v.7): x86_64: java-1.7.0-oracle-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.201-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.201-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2018-3136 https://access.redhat.com/security/cve/CVE-2018-3139 https://access.redhat.com/security/cve/CVE-2018-3149 https://access.redhat.com/security/cve/CVE-2018-3169 https://access.redhat.com/security/cve/CVE-2018-3180 https://access.redhat.com/security/cve/CVE-2018-3214 https://access.redhat.com/security/cve/CVE-2018-13785 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW9DtHNzjgjWX9erEAQjnNg//SDpItsDwcR0T/jTGMS3/9yciiTq5p/Sk 10VFXstWaiWMhl9935F4mHjF+/rfZJMa2lWipBa7XlqChKzBhT78pg/EVuQb4qLA VvLDLkChBuNxgDDVFxQEZGbX1Tnlvmx4qAaGUAWMERpcJmiZaMG0ae4Ydt/ftODY m5Jr5gtCk5PuvUHg/uBAVz1Qhl1xF7a6+lT8EyT3GUoTBOWHUFXQzwSKtbfo0Npj +prgY+rjaavh30k4iMZJbgw4MUGsgvfirDVwqOITt2WmCoMrwhr/uhaxoNb9Atj9 pf82JeRbygjQJc+mQJ39D9n1N6MgEVxb+d2CnoPrjbaGj+tDDpqfNR2Yj9gQMo2S TyW22wYHsrvC9MIz409jtnStAhu8lcCSa9sUTl96tDJGAIERYtoFPerVxrLyFZxj FUHsuj8WEamDaZNTBcA4oyjAjKdn0O01xRR+JN8f4OMWarH9tBYeAPqrS7CRT+XP it4lE+P1PGqtXantUCx/UpFbAniU5mYWJ3Nr4e/g/nhAxWEJCtIqJbnGptxnISmk o5lNYFrXSkOqn0S0jY2bEKC0lHtUwnPfwqpoi7NVzo7oPImkxJpUU/RkjxnwMPi3 nAi0fjucYXs1+T8lUMD5NvG16FD5jgYTzZq/NU1e9KUqbmCAC1Rm9FZM8exgxzQC MZkjP1Ut3y8=YHEa -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 24, 2018
•Critical
Red Hat
98
security advisorydenial of servicered hatRed Hat 7: RHSA-2018:3007-01 Important: Java Security Update
An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-sun security update Advisory ID: RHSA-2018:3007-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3007 Issue date: 2018-10-24 CVE Names: CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3180 CVE-2018-3214 CVE-2018-13785 ==================================================================== 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 211. Security Fix(es): * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK:insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1599943 - CVE-2018-13785 libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 1639301 - CVE-2018-3214 OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) 1639442 - CVE-2018-3139 OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) 1639484 - CVE-2018-3180 OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE,8202613) 1639755 - CVE-2018-3136 OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) 1639834 - CVE-2018-3149 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.211-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.211-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.6.0-sun-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.211-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v.7): x86_64: java-1.6.0-sun-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-demo-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.i686.rpm java-1.6.0-sun-devel-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.211-1jpp.1.el7.x86_64.rpm java-1.6.0-sun-src-1.6.0.211-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/cve/CVE-2018-3136 https://access.redhat.com/security/cve/CVE-2018-3139 https://access.redhat.com/security/cve/CVE-2018-3149 https://access.redhat.com/security/cve/CVE-2018-3180 https://access.redhat.com/security/cve/CVE-2018-3214 https://access.redhat.com/security/cve/CVE-2018-13785 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBW9DmutzjgjWX9erEAQj6hA//SWCsdPa+Sk5RK4FCZyBOl/KNcEFUz4hN zhgf/ADFIQUcTxoF6HuAsui4W4//n8hYJmeEMVr9Cp6kz+CTchrmKwTDxGepV+O0 gpysgsUHB4ojeu2VJD17t6gblrMnFL1GfdEr1sDdaIuFSCND+FOsakmSNalpbP9c FieN2d1oUrO0Mds6UWT45trHySQMqCqUbzQJTW9qXEWpP26HUoAdvDfde6nTdIHv l+h5FQqpodyNaD0CY5WCf6GQk/1lJKoVflB55D3rDg9vrvJr6jtR149zT8iuj7On 5kUYVXvh8kEtHcXNle908LfehJ+AbXYyJjlBWsnK8QHej5Ye3yuAVsBDDGhbIG77 A7kkc4KDrMkt1x5kJwaMMrU7XNh/KX0du3UvF00iBhovJmLR/BvIjuT8Fnt3W3r/ 5R4iO5DFOfi7AGmu+e3zDf2GKlFQqdogPeTAT3YcDxX3OYzJ2gJawzkIGe8v5tOX hLFN5tty7RQSjsUNwRrNDqDTC4G1+/Nx/PlF9BGB/AdJ5NmTuBoU1jQAEaoSARE0 9Bj4Knx1QAh70esAszWTKzphoST6xCD4Tix4jXLW2GtlIek8LMxxC+5+JS5rnYgI usQSlyEFHmYWMybSEvStj3GopYC9gfKFsMCCDwUIzNZ/N+9KPI8m551DJ2ebXyIr MHl53R5BUEs=sTwA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 24, 2018
•Important
Red Hat
98
security advisorysecurity issuered hatRed Hat Enterprise Linux 6: RHSA-2018-2256-01 Critical: Oracle Java Update
An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.8.0-oracle security update Advisory ID: RHSA-2018:2256-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2256 Issue date: 2018-07-24 CVE Names: CVE-2018-2940 CVE-2018-2941 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 ==================================================================== 1. Summary: An update for java-1.8.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Security Fix(es): * Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX) (CVE-2018-2941) * Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment) (CVE-2018-2964) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)(CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1600925 - CVE-2018-2952 OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) 1602142 - CVE-2018-2964 Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment) 1602143 - CVE-2018-2941 Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX) 1602145 - CVE-2018-2973 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) 1602146 - CVE-2018-2940 Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPCNode 6: x86_64: java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.i686.rpm java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.i686.rpm x86_64: java-1.8.0-oracle-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-devel-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-javafx-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-jdbc-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-plugin-1.8.0.181-1jpp.2.el6.x86_64.rpm java-1.8.0-oracle-src-1.8.0.181-1jpp.2.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2018-2940 https://access.redhat.com/security/cve/CVE-2018-2941 https://access.redhat.com/security/cve/CVE-2018-2952 https://access.redhat.com/security/cve/CVE-2018-2964 https://access.redhat.com/security/cve/CVE-2018-2973 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW1eVvdzjgjWX9erEAQivCQ//YV3cgPc9loPIBkSB7F9ZDB/uQT54h5NM ce5/nnrzwrHFWuRStrMoGDDHTtcPWhN31lLvYWhP/mqQi79g6pjQrZ2ljUbqWBlX vHQ45wgbparwoC2Q60HBo9kDu+bb9Z9NtpbnRSjTa5OWgEpqG5V8J2H1eqKxwIUd MKGmKjjI1VfV833AX1H3dKWSlaEsKVZ+Q/+xBFHQ5duSIwp25VYepUlWIF5z0oTY fy2NJ+bud70X5maj/gkrogAlAOMiUR1lB1EO6B/P3y4fIVOCEO62j3VbL+3SGRf4 3TVSr00ngR3stoHX+Ia1/FG+cDYbzNekCHQAKKZcoX1D0TC7lqWHEBp9zL8oBfSI B1HUPut0Ge7QNapv30dQ/iTBKgfF7tobIiiFWKgG+hBu/tYksc9RaCXPaeHWBLxn QhrAJD89TdyZi0YHgF/FA7YskzDHMRep+PM2kk6Q+zOo6duJSfFCzJR3bA+cwnfz 1r9aI/8H0FADoH5BYa5rpdqKh9PePAha/7m1vfSzHuFx+U2phvpkwFWyJjA6otIT udTONlProb6hS2frTR2idzUF3AoNZNSXzm5r2YP3Og8+aTYUUmSZMuPEf2NmfmJE Hi1gbSKXOP6DSxBKHZ0qrFIR+rUeEHCuw2noi/ApAtIppNdPcuJdv/lycSarpFqm MilIlLGRdVc=VUFb -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 24, 2018
•Critical
Red Hat
98
security advisoryred hatsecurity fixRed Hat 7 RHSA-2018:1201-01 Critical: Oracle Java Update
An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.7.0-oracle security update Advisory ID: RHSA-2018:1201-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1201 Issue date: 2018-04-23 CVE Names: CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815 ==================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 181. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS keystores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1567121 - CVE-2018-2814 OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) 1567126 - CVE-2018-2794 OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) 1567351 - CVE-2018-2795 OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) 1567537 - CVE-2018-2815 OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) 1567542 - CVE-2018-2799 OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) 1567543 - CVE-2018-2798 OpenJDK: unbounded memoryallocation during deserialization in Container (AWT, 8189989) 1567545 - CVE-2018-2797 OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) 1567546 - CVE-2018-2796 OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) 1568163 - CVE-2018-2800 OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) 1568515 - CVE-2018-2790 OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.181-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.181-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.181-1jpp.1.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v.7): x86_64: java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.181-1jpp.1.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.181-1jpp.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-2790 https://access.redhat.com/security/cve/CVE-2018-2794 https://access.redhat.com/security/cve/CVE-2018-2795 https://access.redhat.com/security/cve/CVE-2018-2796 https://access.redhat.com/security/cve/CVE-2018-2797 https://access.redhat.com/security/cve/CVE-2018-2798 https://access.redhat.com/security/cve/CVE-2018-2799 https://access.redhat.com/security/cve/CVE-2018-2800 https://access.redhat.com/security/cve/CVE-2018-2814 https://access.redhat.com/security/cve/CVE-2018-2815 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFa3hOtXlSAg2UNWIIRAtrVAKCUMm+Um2KterTmuH2l3tVEFXqHPwCeJJyf XRp6f5+OMSLKFZjEril6K3w=fhst -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 23, 2018
•Critical
Red Hat
98
security advisoryred hatsecurity fixRed Hat Enterprise Linux: Oracle Java Security Fix RHSA-2017-3046-01
An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.7.0-oracle security update Advisory ID: RHSA-2017:3046-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:3046 Issue date: 2017-10-24 CVE Names: CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 ==================================================================== 1. Summary: An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat EnterpriseLinux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 7. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1367357 - CVE-2016-10165 lcms2: Out-of-bounds read in Type_MLU_Read() 1402345 - CVE-2016-9840 zlib: Out-of-bounds pointer arithmetic in inftrees.c 1402346 - CVE-2016-9841 zlib: Out-of-bounds pointer arithmetic in inffast.c 1402348 - CVE-2016-9842 zlib: Undefined left shift of negative number 1402351 - CVE-2016-9843 zlib: Big-endian out-of-bounds pointer 1501868 - CVE-2017-10285 OpenJDK: incorrect privilege use when handling unreferenced objects (RMI, 8174966) 1501873 -CVE-2017-10346 OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) 1502038 - CVE-2017-10388 OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794) 1502053 - CVE-2017-10274 OpenJDK: CardImpl incorrect state handling (Smart Card IO, 8169026) 1502611 - CVE-2017-10349 OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327) 1502614 - CVE-2017-10357 OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597) 1502629 - CVE-2017-10348 OpenJDK: multiple unbounded memory allocations in deserialization (Libraries, 8181432) 1502632 - CVE-2017-10347 OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323) 1502640 - CVE-2017-10350 OpenJDK: unbounded memory allocation in JAXWSExceptionBase deserialization (JAX-WS, 8181100) 1502649 - CVE-2017-10281 OpenJDK: multiple unbounded memory allocations in deserialization (Serialization, 8174109) 1502687 - CVE-2017-10295 OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751) 1502858 - CVE-2017-10345 OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370) 1502869 - CVE-2017-10355 OpenJDK: no default network operations timeouts in FtpClient (Networking, 8181612) 1503169 - CVE-2017-10356 OpenJDK: weak protection of key stores against brute forcing (Security, 8181692) 1503320 - CVE-2017-10293 Oracle JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop6: i386: java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.3.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.3.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node 6: x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.3.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server6: i386: java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.3.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.3.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation 6: i386: java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.3.el6.i686.rpm x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.3.el6.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.3.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v.7): x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.4.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.4.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v. 7): x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.4.el7.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.i686.rpm java-1.7.0-oracle-devel-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-javafx-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-jdbc-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-plugin-1.7.0.161-1jpp.4.el7.x86_64.rpm java-1.7.0-oracle-src-1.7.0.161-1jpp.4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2016-10165 https://access.redhat.com/security/cve/CVE-2016-9840 https://access.redhat.com/security/cve/CVE-2016-9841 https://access.redhat.com/security/cve/CVE-2016-9842 https://access.redhat.com/security/cve/CVE-2016-9843 https://access.redhat.com/security/cve/CVE-2017-10274 https://access.redhat.com/security/cve/CVE-2017-10281 https://access.redhat.com/security/cve/CVE-2017-10285 https://access.redhat.com/security/cve/CVE-2017-10293 https://access.redhat.com/security/cve/CVE-2017-10295 https://access.redhat.com/security/cve/CVE-2017-10345 https://access.redhat.com/security/cve/CVE-2017-10346 https://access.redhat.com/security/cve/CVE-2017-10347 https://access.redhat.com/security/cve/CVE-2017-10348 https://access.redhat.com/security/cve/CVE-2017-10349 https://access.redhat.com/security/cve/CVE-2017-10350 https://access.redhat.com/security/cve/CVE-2017-10355 https://access.redhat.com/security/cve/CVE-2017-10356 https://access.redhat.com/security/cve/CVE-2017-10357 https://access.redhat.com/security/cve/CVE-2017-10388 https://access.redhat.com/security/updates/classification#important https://www.oracle.com/security-alerts/cpuoct2017.html https://www.oracle.com/java/technologies/javase/7-support-relnotes.html https://www.oracle.com/technetwork/java/javase/eol-135779.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZ7y8JXlSAg2UNWIIRAh/bAJ44H9pTfJ5FLK4tvqgamAoYwZ8sNwCaAy2H hJPyOuP1h15wEOY2V+Z5hVc=xtRz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 24, 2017
•Important
Red Hat
98
security advisorymoderatered hatRed Hat 6 & 7 RHSA-2017-1119-01 Moderate: Java Security Update
An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.6.0-sun security update Advisory ID: RHSA-2017:1119-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1119 Issue date: 2017-04-24 CVE Names: CVE-2017-3509 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 ==================================================================== 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgradesOracle Java SE 6 to version 6 Update 151. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3509, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1443052 - CVE-2017-3509 OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520) 1443068 - CVE-2017-3544 OpenJDK: newline injection in the SMTP client (Networking, 8171533) 1443083 - CVE-2017-3533 OpenJDK: newline injection in the FTP client (Networking, 8170222) 1443097 - CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121) 1443252 - CVE-2017-3526 OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011) 6. Package List: Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node6: i386: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation6: i386: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el6.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v.7): x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.151-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.151-1jpp.1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2017-3509 https://access.redhat.com/security/cve/CVE-2017-3526 https://access.redhat.com/security/cve/CVE-2017-3533 https://access.redhat.com/security/cve/CVE-2017-3539 https://access.redhat.com/security/cve/CVE-2017-3544 https://access.redhat.com/security/updates/classification#moderate https://www.oracle.com/security-alerts/cpuapr2017.html https://www.oracle.com/java/technologies/javase/6-relnotes.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY/eCVXlSAg2UNWIIRAryQAKCgtUC0Msx0lOkFj9tO/A4VBttsYQCeOmpK xYceePDrSie861FXVjEL744=XDJG -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Apr 24, 2017
Red Hat
98
security advisoryred hatcriticalRed Hat: RHSA-2017-0177-01 Critical: java-1.6.0-sun Update
An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2017:0177-01 Product: Oracle Java for Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:0177.html Issue date: 2017-01-19 CVE Names: CVE-2016-5546 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 ==================================================================== 1. Summary: An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Server 5 - i386, x86_64 Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64 Oracle Java for Red Hat Enterprise LinuxWorkstation (v. 7) - x86_64 Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 141. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of Oracle Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344) 1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988) 1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147) 1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934) 1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223) 1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrectuserDN extraction (JAAS, 8161743) 1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714) 1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728) 1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802) 1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment) 6. Package List: Oracle Java for Red Hat Enterprise Linux Client 5: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server5: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el5_11.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.i586.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el5_11.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Desktop 6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux HPC Node6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server 6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation6: i386: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.i686.rpm x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el6_8.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el6_8.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Client (v. 7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Server (v.7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm Oracle Java for Red Hat Enterprise Linux Workstation (v. 7): x86_64: java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-demo-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.i686.rpm java-1.6.0-sun-devel-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.141-1jpp.1.el7_3.x86_64.rpm java-1.6.0-sun-src-1.6.0.141-1jpp.1.el7_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2016-5546 https://access.redhat.com/security/cve/CVE-2016-5548 https://access.redhat.com/security/cve/CVE-2016-5552 https://access.redhat.com/security/cve/CVE-2017-3231 https://access.redhat.com/security/cve/CVE-2017-3241 https://access.redhat.com/security/cve/CVE-2017-3252 https://access.redhat.com/security/cve/CVE-2017-3253 https://access.redhat.com/security/cve/CVE-2017-3259 https://access.redhat.com/security/cve/CVE-2017-3261 https://access.redhat.com/security/cve/CVE-2017-3272 https://access.redhat.com/security/updates/classification#critical https://www.oracle.com/security-alerts/cpujan2017.html https://www.oracle.com/java/technologies/javase/6-relnotes.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iD8DBQFYgM1+XlSAg2UNWIIRAm27AJ9EGMQzzxN1bUrT8syLYld7CcaPRQCfYsqY 9KAHvLsl8r9T7HgcFDl/58c=i/Al -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 19, 2017
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!