Red Hat 9038 Published by

Red Hat has released the following updates for RHEL: [RHSA-2012:1366-01] Important: kernel security and bug fix update, [RHSA-2012:1380-01] Low: python-django-horizon security update, [RHSA-2012:1379-01] Important: openstack-swift security update, [RHSA-2012:1378-01] Important: openstack-keystone security update, [RHSA-2012:1385-01] Important: java-1.6.0-openjdk security update, [RHSA-2012:1386-01] Important: java-1.7.0-openjdk security update, [RHSA-2012:1384-01] Critical: java-1.6.0-openjdk security update, [RHSA-2012:1391-01] Critical: java-1.7.0-oracle security update, and [RHSA-2012:1392-01] Critical: java-1.6.0-sun security update



[RHSA-2012:1366-01] Important: kernel security and bug fix update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2012:1366-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1366.html
Issue date: 2012-10-16
CVE Names: CVE-2012-3412
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issue:

* A flaw was found in the way socket buffers (skb) requiring TSO (TCP
segment offloading) were handled by the sfc driver. If the skb did not fit
within the minimum-size of the transmission queue, the network card could
repeatedly reset itself. A remote attacker could use this flaw to cause a
denial of service. (CVE-2012-3412, Important)

Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting
this issue.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct this issue, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

844714 - CVE-2012-3412 kernel: sfc: potential remote denial of service through TCP MSS option

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

i386:
kernel-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.11.1.el6.i686.rpm
kernel-devel-2.6.32-279.11.1.el6.i686.rpm
kernel-headers-2.6.32-279.11.1.el6.i686.rpm
perf-2.6.32-279.11.1.el6.i686.rpm
perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-279.11.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.11.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
kernel-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-headers-2.6.32-279.11.1.el6.x86_64.rpm
perf-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.11.1.el6.i686.rpm
perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm
python-perf-2.6.32-279.11.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

noarch:
kernel-doc-2.6.32-279.11.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.11.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
kernel-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-headers-2.6.32-279.11.1.el6.x86_64.rpm
perf-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

i386:
kernel-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.11.1.el6.i686.rpm
kernel-devel-2.6.32-279.11.1.el6.i686.rpm
kernel-headers-2.6.32-279.11.1.el6.i686.rpm
perf-2.6.32-279.11.1.el6.i686.rpm
perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-279.11.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.11.1.el6.noarch.rpm

ppc64:
kernel-2.6.32-279.11.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-279.11.1.el6.ppc64.rpm
kernel-debug-2.6.32-279.11.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-279.11.1.el6.ppc64.rpm
kernel-devel-2.6.32-279.11.1.el6.ppc64.rpm
kernel-headers-2.6.32-279.11.1.el6.ppc64.rpm
perf-2.6.32-279.11.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm

s390x:
kernel-2.6.32-279.11.1.el6.s390x.rpm
kernel-debug-2.6.32-279.11.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-279.11.1.el6.s390x.rpm
kernel-devel-2.6.32-279.11.1.el6.s390x.rpm
kernel-headers-2.6.32-279.11.1.el6.s390x.rpm
kernel-kdump-2.6.32-279.11.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-279.11.1.el6.s390x.rpm
perf-2.6.32-279.11.1.el6.s390x.rpm
perf-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.s390x.rpm

x86_64:
kernel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
kernel-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-headers-2.6.32-279.11.1.el6.x86_64.rpm
perf-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.11.1.el6.i686.rpm
perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm
python-perf-2.6.32-279.11.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm

ppc64:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-279.11.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm
python-perf-2.6.32-279.11.1.el6.ppc64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.ppc64.rpm

s390x:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-279.11.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
perf-debuginfo-2.6.32-279.11.1.el6.s390x.rpm
python-perf-2.6.32-279.11.1.el6.s390x.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.s390x.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

i386:
kernel-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.11.1.el6.i686.rpm
kernel-devel-2.6.32-279.11.1.el6.i686.rpm
kernel-headers-2.6.32-279.11.1.el6.i686.rpm
perf-2.6.32-279.11.1.el6.i686.rpm
perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm

noarch:
kernel-doc-2.6.32-279.11.1.el6.noarch.rpm
kernel-firmware-2.6.32-279.11.1.el6.noarch.rpm

x86_64:
kernel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
kernel-devel-2.6.32-279.11.1.el6.x86_64.rpm
kernel-headers-2.6.32-279.11.1.el6.x86_64.rpm
perf-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-279.11.1.el6.src.rpm

i386:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-279.11.1.el6.i686.rpm
perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm
python-perf-2.6.32-279.11.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.i686.rpm

x86_64:
kernel-debug-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-279.11.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-2.6.32-279.11.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-279.11.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-3412.html
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/kernel.html#RHSA-2012-1366

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.

[RHSA-2012:1380-01] Low: python-django-horizon security update
=====================================================================
Red Hat Security Advisory

Synopsis: Low: python-django-horizon security update
Advisory ID: RHSA-2012:1380-01
Product: Red Hat OpenStack
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1380.html
Issue date: 2012-10-16
CVE Names: CVE-2012-3540
=====================================================================

1. Summary:

Updated python-django-horizon packages that fix one security issue are now
available for Red Hat OpenStack Essex.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHOS Essex Release - noarch

3. Description:

Horizon is the OpenStack Dashboard (http://www.openstack.org), a web
interface for managing OpenStack services.

An open redirect flaw was found in the way Horizon handled authentication.
A remote attacker able to trick a victim into opening the Horizon login
page using a specially-crafted link could redirect the victim to an
arbitrary web page, and conduct phishing attacks, after the victim
successfully logs in. (CVE-2012-3540)

Red Hat would like to thank Thomas Biege of SUSE for reporting this issue.

All users of Horizon are advised to upgrade to these updated packages,
which correct this issue. After installing the updated packages, the httpd
daemon must be restarted ("service httpd restart") for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

852246 - CVE-2012-3540 OpenStack-Horizon: Open redirect through 'next' parameter

6. Package List:

RHOS Essex Release:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/python-django-horizon-2012.1.1-3.el6.src.rpm

noarch:
openstack-dashboard-2012.1.1-3.el6.noarch.rpm
python-django-horizon-2012.1.1-3.el6.noarch.rpm
python-django-horizon-doc-2012.1.1-3.el6.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-3540.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.

[RHSA-2012:1379-01] Important: openstack-swift security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: openstack-swift security update
Advisory ID: RHSA-2012:1379-01
Product: Red Hat OpenStack
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1379.html
Issue date: 2012-10-16
CVE Names: CVE-2012-4406
=====================================================================

1. Summary:

Updated openstack-swift packages that fix one security issue are now
available for Red Hat OpenStack Essex.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

RHOS Essex Release - noarch

3. Description:

OpenStack Swift (http://swift.openstack.org) is a highly available,
distributed, eventually consistent object/blob store.

It was found that OpenStack Swift used the Python pickle module in an
insecure way to serialize and deserialize data from memcached. As
memcached does not have authentication, an attacker on the local network,
or possibly an unprivileged user in a virtual machine hosted on OpenStack,
could use this flaw to inject specially-crafted data that would lead to
arbitrary code execution. (CVE-2012-4406)

Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.

Note: The fix for CVE-2012-4406 is not enabled by default, and requires
manual action on the affected Proxy nodes. This update adds a
"memcache_serialization_support" option. It is configured in
"/etc/swift/proxy-server.conf" and is set to "0" by default. This default
setting is vulnerable to CVE-2012-4406.

To enable the fix, this option must be changed; however, the required
changes can have a temporary, large performance impact. The following
instructions aim to minimize performance issues:

1) Install the updated openstack-swift packages.

2) In "/etc/swift/proxy-server.conf", set the
"memcache_serialization_support" option in the memcache/[filter:cache]
section to "1". (The default value, "0", leaves you vulnerable to
CVE-2012-4406.) When set to "1", the JSON (JavaScript Object Notation)
format is used but pickle is still supported. This configuration is still
vulnerable, but new data will be stored in JSON format.

3) After setting the option to "1", run "service openstack-swift-proxy
restart".

4) After 24 hours, set the "memcache_serialization_support" option in
"/etc/swift/proxy-server.conf" to "2". "2" is the secure option: only JSON
is used.

5) After setting the option to "2", run "service openstack-swift-proxy
restart".

If "memcache_serialization_support" is set directly from "0" to "2", all
data in memcached will be flushed and re-created. This can lead to a
temporary, large performance impact.

All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

854757 - CVE-2012-4406 Openstack-Swift: insecure use of python pickle()

6. Package List:

RHOS Essex Release:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-swift-1.4.8-5.el6.src.rpm

noarch:
openstack-swift-1.4.8-5.el6.noarch.rpm
openstack-swift-account-1.4.8-5.el6.noarch.rpm
openstack-swift-container-1.4.8-5.el6.noarch.rpm
openstack-swift-doc-1.4.8-5.el6.noarch.rpm
openstack-swift-object-1.4.8-5.el6.noarch.rpm
openstack-swift-proxy-1.4.8-5.el6.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-4406.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
[RHSA-2012:1378-01] Important: openstack-keystone security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: openstack-keystone security update
Advisory ID: RHSA-2012:1378-01
Product: Red Hat OpenStack
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1378.html
Issue date: 2012-10-16
CVE Names: CVE-2012-3542 CVE-2012-4413 CVE-2012-4456
CVE-2012-4457
=====================================================================

1. Summary:

Updated openstack-keystone packages that fix multiple security issues are
now available for Red Hat OpenStack Essex.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHOS Essex Release - noarch

3. Description:

Keystone is a Python implementation of the OpenStack
(http://www.openstack.org) identity service API.

It was found that Keystone incorrectly handled authorization failures. If
a client attempted to change their tenant membership to one they are not
authorized to join, Keystone correctly returned a not authorized error;
however, the client was still added to the tenant. Users able to access the
Keystone administrative API could use this flaw to add any user to any
tenant. (CVE-2012-3542)

When logging into Keystone, the user receives a token to use for
authentication with other services managed by Keystone. It was found that
Keystone failed to revoke tokens if privileges were revoked, allowing users
to retain access to resources they should no longer be able to access while
their token remains valid. (CVE-2012-4413)

It was found that the Keystone administrative API was missing
authentication for certain actions. Users able to access the Keystone
administrative API could use this flaw to add, start, and stop services, as
well as list the roles for any user. (CVE-2012-4456)

It was found that Keystone incorrectly handled disabled tenants. A user
belonging to a disabled tenant could use this flaw to continue accessing
resources as if the tenant were not disabled. (CVE-2012-4457)

Red Hat would like to thank Dolph Mathews for reporting CVE-2012-3542 and
CVE-2012-4413.

All users of openstack-keystone are advised to upgrade to these updated
packages, which upgrade openstack-keystone to upstream version 2012.1.2
and correct these issues. After installing the updated packages, the
Keystone service (openstack-keystone) will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

852510 - CVE-2012-3542 OpenStack Keystone: Lack of authorization for adding users to tenants
855491 - CVE-2012-4413 OpenStack-Keystone: role revocation token issues
861179 - CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API
861180 - CVE-2012-4457 OpenStack Keystone 2012.1.1: fails to raise Unauthorized user error for disabled tenant

6. Package List:

RHOS Essex Release:

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHOS/SRPMS/openstack-keystone-2012.1.2-4.el6.src.rpm

noarch:
openstack-keystone-2012.1.2-4.el6.noarch.rpm
openstack-keystone-doc-2012.1.2-4.el6.noarch.rpm
python-keystone-2012.1.2-4.el6.noarch.rpm
python-keystone-auth-token-2012.1.2-4.el6.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-3542.html
https://www.redhat.com/security/data/cve/CVE-2012-4413.html
https://www.redhat.com/security/data/cve/CVE-2012-4456.html
https://www.redhat.com/security/data/cve/CVE-2012-4457.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
[RHSA-2012:1385-01] Important: java-1.6.0-openjdk security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: java-1.6.0-openjdk security update
Advisory ID: RHSA-2012:1385-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1385.html
Issue date: 2012-10-17
CVE Names: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068
CVE-2012-5069 CVE-2012-5071 CVE-2012-5072
CVE-2012-5073 CVE-2012-5075 CVE-2012-5077
CVE-2012-5079 CVE-2012-5081 CVE-2012-5084
CVE-2012-5085 CVE-2012-5086 CVE-2012-5089
=====================================================================

1. Summary:

Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans,
Swing, and JMX components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)

Multiple improper permission check issues were discovered in the Scripting,
JMX, Concurrency, Libraries, and Security components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,
CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)

It was discovered that java.util.ServiceLoader could create an instance of
an incompatible class while performing provider lookup. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2012-5079)

It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS
implementation did not properly handle handshake records containing an
overly large data length value. An unauthenticated, remote attacker could
possibly use this flaw to cause an SSL/TLS server to terminate with an
exception. (CVE-2012-5081)

It was discovered that the JMX component in OpenJDK could perform certain
actions in an insecure manner. An untrusted Java application or applet
could possibly use this flaw to disclose sensitive information.
(CVE-2012-5075)

A bug in the Java HotSpot Virtual Machine optimization code could cause it
to not perform array initialization in certain cases. An untrusted Java
application or applet could use this flaw to disclose portions of the
virtual machine's memory. (CVE-2012-4416)

It was discovered that the SecureRandom class did not properly protect
against the creation of multiple seeders. An untrusted Java application or
applet could possibly use this flaw to disclose sensitive information.
(CVE-2012-5077)

It was discovered that the java.io.FilePermission class exposed the hash
code of the canonicalized path name. An untrusted Java application or
applet could possibly use this flaw to determine certain system paths, such
as the current working directory. (CVE-2012-3216)

This update disables Gopher protocol support in the java.net package by
default. Gopher support can be enabled by setting the newly introduced
property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085)

This erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. Refer
to the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.28.1.10.10.el5_8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4416.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5077.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5085.html
https://www.redhat.com/security/data/cve/CVE-2012-5086.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#important
http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.10/NEWS
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.

[RHSA-2012:1386-01] Important: java-1.7.0-openjdk security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: java-1.7.0-openjdk security update
Advisory ID: RHSA-2012:1386-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1386.html
Issue date: 2012-10-17
CVE Names: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068
CVE-2012-5069 CVE-2012-5070 CVE-2012-5071
CVE-2012-5072 CVE-2012-5073 CVE-2012-5074
CVE-2012-5075 CVE-2012-5076 CVE-2012-5077
CVE-2012-5079 CVE-2012-5081 CVE-2012-5084
CVE-2012-5085 CVE-2012-5086 CVE-2012-5087
CVE-2012-5088 CVE-2012-5089
=====================================================================

1. Summary:

Updated java-1.7.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans,
Libraries, Swing, and JMX components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass Java sandbox
restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084,
CVE-2012-5089)

The default Java security properties configuration did not restrict access
to certain com.sun.org.glassfish packages. An untrusted Java application
or applet could use these flaws to bypass Java sandbox restrictions. This
update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074)

Multiple improper permission check issues were discovered in the Scripting,
JMX, Concurrency, Libraries, and Security components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,
CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)

It was discovered that java.util.ServiceLoader could create an instance of
an incompatible class while performing provider lookup. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2012-5079)

It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS
implementation did not properly handle handshake records containing an
overly large data length value. An unauthenticated, remote attacker could
possibly use this flaw to cause an SSL/TLS server to terminate with an
exception. (CVE-2012-5081)

It was discovered that the JMX component in OpenJDK could perform certain
actions in an insecure manner. An untrusted Java application or applet
could possibly use these flaws to disclose sensitive information.
(CVE-2012-5070, CVE-2012-5075)

A bug in the Java HotSpot Virtual Machine optimization code could cause it
to not perform array initialization in certain cases. An untrusted Java
application or applet could use this flaw to disclose portions of the
virtual machine's memory. (CVE-2012-4416)

It was discovered that the SecureRandom class did not properly protect
against the creation of multiple seeders. An untrusted Java application or
applet could possibly use this flaw to disclose sensitive information.
(CVE-2012-5077)

It was discovered that the java.io.FilePermission class exposed the hash
code of the canonicalized path name. An untrusted Java application or
applet could possibly use this flaw to determine certain system paths, such
as the current working directory. (CVE-2012-3216)

This update disables Gopher protocol support in the java.net package by
default. Gopher support can be enabled by setting the newly introduced
property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085)

This erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865350 - CVE-2012-5070 OpenJDK: EnvHelp information disclosure (JMX, 7158796)
865352 - CVE-2012-5076 OpenJDK: com.sun.org.glassfish.* not restricted packages (JAX-WS, 7163198)
865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865359 - CVE-2012-5074 OpenJDK: com.sun.org.glassfish.* not restricted packages (JAX-WS, 7169887)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)
865434 - CVE-2012-5087 OpenJDK: PropertyElementHandler insufficient access checks (Beans, 7195549)
865471 - CVE-2012-5088 OpenJDK: MethodHandle insufficient access control checks (Libraries, 7196190)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm

i386:
java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm

x86_64:
java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.9-2.3.3.el6_3.1.src.rpm

i386:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.i686.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.i686.rpm

noarch:
java-1.7.0-openjdk-javadoc-1.7.0.9-2.3.3.el6_3.1.noarch.rpm

x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.9-2.3.3.el6_3.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4416.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5070.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5074.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5076.html
https://www.redhat.com/security/data/cve/CVE-2012-5077.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5085.html
https://www.redhat.com/security/data/cve/CVE-2012-5086.html
https://www.redhat.com/security/data/cve/CVE-2012-5087.html
https://www.redhat.com/security/data/cve/CVE-2012-5088.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#important
http://icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.3/NEWS
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
[RHSA-2012:1384-01] Critical: java-1.6.0-openjdk security update
=====================================================================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-openjdk security update
Advisory ID: RHSA-2012:1384-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1384.html
Issue date: 2012-10-17
CVE Names: CVE-2012-3216 CVE-2012-4416 CVE-2012-5068
CVE-2012-5069 CVE-2012-5071 CVE-2012-5072
CVE-2012-5073 CVE-2012-5075 CVE-2012-5077
CVE-2012-5079 CVE-2012-5081 CVE-2012-5084
CVE-2012-5085 CVE-2012-5086 CVE-2012-5089
=====================================================================

1. Summary:

Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Multiple improper permission check issues were discovered in the Beans,
Swing, and JMX components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2012-5086, CVE-2012-5084, CVE-2012-5089)

Multiple improper permission check issues were discovered in the Scripting,
JMX, Concurrency, Libraries, and Security components in OpenJDK. An
untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071,
CVE-2012-5069, CVE-2012-5073, CVE-2012-5072)

It was discovered that java.util.ServiceLoader could create an instance of
an incompatible class while performing provider lookup. An untrusted Java
application or applet could use this flaw to bypass certain Java sandbox
restrictions. (CVE-2012-5079)

It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS
implementation did not properly handle handshake records containing an
overly large data length value. An unauthenticated, remote attacker could
possibly use this flaw to cause an SSL/TLS server to terminate with an
exception. (CVE-2012-5081)

It was discovered that the JMX component in OpenJDK could perform certain
actions in an insecure manner. An untrusted Java application or applet
could possibly use this flaw to disclose sensitive information.
(CVE-2012-5075)

A bug in the Java HotSpot Virtual Machine optimization code could cause it
to not perform array initialization in certain cases. An untrusted Java
application or applet could use this flaw to disclose portions of the
virtual machine's memory. (CVE-2012-4416)

It was discovered that the SecureRandom class did not properly protect
against the creation of multiple seeders. An untrusted Java application or
applet could possibly use this flaw to disclose sensitive information.
(CVE-2012-5077)

It was discovered that the java.io.FilePermission class exposed the hash
code of the canonicalized path name. An untrusted Java application or
applet could possibly use this flaw to determine certain system paths, such
as the current working directory. (CVE-2012-3216)

This update disables Gopher protocol support in the java.net package by
default. Gopher support can be enabled by setting the newly introduced
property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085)

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

This erratum also upgrades the OpenJDK package to IcedTea6 1.11.5. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.src.rpm

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.50.1.11.5.el6_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4416.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5077.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5085.html
https://www.redhat.com/security/data/cve/CVE-2012-5086.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#critical
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.5/NEWS
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
[RHSA-2012:1391-01] Critical: java-1.7.0-oracle security update
=====================================================================
Red Hat Security Advisory

Synopsis: Critical: java-1.7.0-oracle security update
Advisory ID: RHSA-2012:1391-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1391.html
Issue date: 2012-10-18
CVE Names: CVE-2012-1531 CVE-2012-1532 CVE-2012-1533
CVE-2012-3143 CVE-2012-3159 CVE-2012-3216
CVE-2012-4416 CVE-2012-5067 CVE-2012-5068
CVE-2012-5069 CVE-2012-5070 CVE-2012-5071
CVE-2012-5072 CVE-2012-5073 CVE-2012-5074
CVE-2012-5075 CVE-2012-5076 CVE-2012-5077
CVE-2012-5079 CVE-2012-5081 CVE-2012-5083
CVE-2012-5084 CVE-2012-5085 CVE-2012-5086
CVE-2012-5087 CVE-2012-5088 CVE-2012-5089
=====================================================================

1. Summary:

Updated java-1.7.0-oracle packages that fix several security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-3143, CVE-2012-3159,
CVE-2012-3216, CVE-2012-4416, CVE-2012-5067, CVE-2012-5068, CVE-2012-5069,
CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074,
CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081,
CVE-2012-5083, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087,
CVE-2012-5088, CVE-2012-5089)

All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 9. All running instances of
Oracle Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865350 - CVE-2012-5070 OpenJDK: EnvHelp information disclosure (JMX, 7158796)
865352 - CVE-2012-5076 OpenJDK: com.sun.org.glassfish.* not restricted packages (JAX-WS, 7163198)
865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865359 - CVE-2012-5074 OpenJDK: com.sun.org.glassfish.* not restricted packages (JAX-WS, 7169887)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)
865434 - CVE-2012-5087 OpenJDK: PropertyElementHandler insufficient access checks (Beans, 7195549)
865471 - CVE-2012-5088 OpenJDK: MethodHandle insufficient access control checks (Libraries, 7196190)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867192 - CVE-2012-5067 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3.i686.rpm

x86_64:
java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3.i686.rpm

x86_64:
java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3.i686.rpm
java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3.i686.rpm

x86_64:
java-1.7.0-oracle-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-devel-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-javafx-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-jdbc-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-plugin-1.7.0.9-1jpp.3.el6_3.x86_64.rpm
java-1.7.0-oracle-src-1.7.0.9-1jpp.3.el6_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4416.html
https://www.redhat.com/security/data/cve/CVE-2012-5067.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5070.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5074.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5076.html
https://www.redhat.com/security/data/cve/CVE-2012-5077.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5085.html
https://www.redhat.com/security/data/cve/CVE-2012-5086.html
https://www.redhat.com/security/data/cve/CVE-2012-5087.html
https://www.redhat.com/security/data/cve/CVE-2012-5088.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.
[RHSA-2012:1392-01] Critical: java-1.6.0-sun security update
=====================================================================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2012:1392-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1392.html
Issue date: 2012-10-18
CVE Names: CVE-2012-0547 CVE-2012-1531 CVE-2012-1532
CVE-2012-1533 CVE-2012-3143 CVE-2012-3159
CVE-2012-3216 CVE-2012-4416 CVE-2012-5068
CVE-2012-5069 CVE-2012-5071 CVE-2012-5072
CVE-2012-5073 CVE-2012-5075 CVE-2012-5077
CVE-2012-5079 CVE-2012-5081 CVE-2012-5083
CVE-2012-5084 CVE-2012-5085 CVE-2012-5086
CVE-2012-5089
=====================================================================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Oracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory and Oracle Security Alert pages, listed in the
References section. (CVE-2012-0547, CVE-2012-1531, CVE-2012-1532,
CVE-2012-1533, CVE-2012-3143, CVE-2012-3159, CVE-2012-3216, CVE-2012-4416,
CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073,
CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5083,
CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 37. All running instances of
Oracle Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
856124 - CVE-2012-4416 OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865354 - CVE-2012-5077 OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865428 - CVE-2012-5086 OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865541 - CVE-2012-5085 OpenJDK: disable Gopher support by default (Gopher, 7189567)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.i586.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el5_8.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.i686.rpm
java-1.6.0-sun-devel-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.37-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-sun-src-1.6.0.37-1jpp.1.el6_3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4416.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5077.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5085.html
https://www.redhat.com/security/data/cve/CVE-2012-5086.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2012 Red Hat, Inc.