Security Advisory Critical: java-1.6.0-ibm security update

Advisory: RHSA-2008:0906-12
Type: Security Advisory
Severity: Critical
Issued on: 2008-10-24
Last updated on: 2008-10-24
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
Red Hat Enterprise Linux Extras (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-3103
CVE-2008-3104
CVE-2008-3105
CVE-2008-3106
CVE-2008-3109
CVE-2008-3110
CVE-2008-3112
CVE-2008-3114

Details

Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise
Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and
the IBM Java 2 Software Development Kit.

A flaw was found in the Java Management Extensions (JMX) management agent.
When local monitoring is enabled, remote attackers could use this flaw to
perform illegal operations. (CVE-2008-3103)

Several flaws involving the handling of unsigned applets were found. A
remote attacker could misuse an unsigned applet in order to connect to
services on the host running the applet. (CVE-2008-3104)

Several flaws in the Java API for XML Web Services (JAX-WS) client and the
JAX-WS service implementation were found. A remote attacker who could cause
malicious XML to be processed by an application could access URLs, or cause
a denial of service. (CVE-2008-3105, CVE-2008-3106)

Several flaws within the Java Runtime Environment (JRE) scripting support
were found. A remote attacker could grant an untrusted applet extended
privileges, such as reading and writing local files, executing
local programs, or querying the sensitive data of other applets.
(CVE-2008-3109, CVE-2008-3110)

A flaw in Java Web Start was found. Using an untrusted Java Web
Start application, a remote attacker could create or delete arbitrary
files with the permissions of the user running the untrusted application.
(CVE-2008-3112)

A flaw in Java Web Start when processing untrusted applications was found.
An attacker could use this flaw to acquire sensitive information, such as
the location of the cache. (CVE-2008-3114)

All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM 1.6.0 SR2 Java release, which resolves these
issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Supplementary (v. 5 client)
IA-32:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.i386.rpm     d928d545b3078909d690b44aee12b4c4
java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5.i386.rpm     336db27bbcdec3b45dbb06b8d374d02a
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.i386.rpm     ac1af32922cd59fcf2a37cccbbf7830a
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.i386.rpm     2d4d71b3bd7542f0532f51b88103942c
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.i386.rpm     7169454884d28e4039bcbc8de310d6d7
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.i386.rpm     9e0251a236e93568ddfe99b8f80651ab
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el5.i386.rpm     91da67e54794493101aae440a9ac78bf
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.i386.rpm     d2e8edb6a7863fdbe9e4536ee616c482
 
x86_64:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.i386.rpm     d928d545b3078909d690b44aee12b4c4
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.x86_64.rpm     52f5f373b6826ad52f8f15d0edabb86f
java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5.x86_64.rpm     07b1bec45fe2d2eff1f5285554bb2f89
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.i386.rpm     ac1af32922cd59fcf2a37cccbbf7830a
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.x86_64.rpm     b8d980f46b409bc48e718d6b584da12c
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.i386.rpm     2d4d71b3bd7542f0532f51b88103942c
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.x86_64.rpm     2aa8e5022eafcd48c4eda94a9f0e8d89
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.i386.rpm     7169454884d28e4039bcbc8de310d6d7
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.x86_64.rpm     3ef74087aa132fdb4db237ca7b000eac
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.i386.rpm     9e0251a236e93568ddfe99b8f80651ab
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.x86_64.rpm     cfccd5673420a0b61cd49c86433590cb
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el5.i386.rpm     91da67e54794493101aae440a9ac78bf
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.i386.rpm     d2e8edb6a7863fdbe9e4536ee616c482
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.x86_64.rpm     b2d73d690d8c59c60184154845c80124
 
RHEL Supplementary (v. 5 server)
IA-32:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.i386.rpm     d928d545b3078909d690b44aee12b4c4
java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5.i386.rpm     336db27bbcdec3b45dbb06b8d374d02a
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.i386.rpm     ac1af32922cd59fcf2a37cccbbf7830a
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.i386.rpm     2d4d71b3bd7542f0532f51b88103942c
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.i386.rpm     7169454884d28e4039bcbc8de310d6d7
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.i386.rpm     9e0251a236e93568ddfe99b8f80651ab
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el5.i386.rpm     91da67e54794493101aae440a9ac78bf
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.i386.rpm     d2e8edb6a7863fdbe9e4536ee616c482
 
PPC:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.ppc.rpm     6a70543fb2b0a9b53d46e448547635a1
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.ppc64.rpm     010ddd33722624a8fc01efa61f5bc527
java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5.ppc.rpm     1afa6704289534725dae04eb8b0a6665
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.ppc.rpm     e881d7554348f2cd448a28f23e4e7a29
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.ppc64.rpm     b08fdef1adb54639db47cff407a98c66
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.ppc.rpm     58b4e8de5e3fdcf14e5e77a563217e3c
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.ppc64.rpm     7b29f8848280351c8261b89fbdea0c2d
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.ppc.rpm     9dd12c959eaf6f63526beb14841ab9f9
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.ppc64.rpm     50b5d4c9ce67dc748799c8ec8ea309b7
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.ppc.rpm     45f55fb234532367c11733797cb87c65
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.ppc64.rpm     f65159b91506f31190c96a905257ff8a
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el5.ppc.rpm     69cab0f6e1b93b3d6ee2789e89e46e4f
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.ppc.rpm     e870b1fb38451ffe8ae7170b37ccb08e
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.ppc64.rpm     f240d0e03b65249fb29edac56061ffaa
 
s390x:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.s390.rpm     186b076b833921c5c7764557849e3bf4
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.s390x.rpm     c45e283712740a5a0e16bf96c1abdcd4
java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5.s390x.rpm     6cb0d50494c043fd08e31d1602c4a502
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.s390.rpm     1b1aaf7fbb60609d67045b724a39f538
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.s390x.rpm     68324720cfd73c1ce621e5835218d52b
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.s390.rpm     58dfaad8e4591d43b4f109a52ca8ef72
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.s390x.rpm     d33ed9d0f981a31feb5f2b477e18d498
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.s390.rpm     92c919a3c00d7203d9c96f7b02c6cf5b
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.s390x.rpm     8af13c809213f947033ce5ee004d9844
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.s390.rpm     6ead79c2584e99f6a3bb463096a9ab06
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.s390x.rpm     cf37c5589c417775ab4d7a63512656c4
 
x86_64:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.i386.rpm     d928d545b3078909d690b44aee12b4c4
java-1.6.0-ibm-1.6.0.2-1jpp.2.el5.x86_64.rpm     52f5f373b6826ad52f8f15d0edabb86f
java-1.6.0-ibm-accessibility-1.6.0.2-1jpp.2.el5.x86_64.rpm     07b1bec45fe2d2eff1f5285554bb2f89
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.i386.rpm     ac1af32922cd59fcf2a37cccbbf7830a
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el5.x86_64.rpm     b8d980f46b409bc48e718d6b584da12c
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.i386.rpm     2d4d71b3bd7542f0532f51b88103942c
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el5.x86_64.rpm     2aa8e5022eafcd48c4eda94a9f0e8d89
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.i386.rpm     7169454884d28e4039bcbc8de310d6d7
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el5.x86_64.rpm     3ef74087aa132fdb4db237ca7b000eac
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.i386.rpm     9e0251a236e93568ddfe99b8f80651ab
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el5.x86_64.rpm     cfccd5673420a0b61cd49c86433590cb
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el5.i386.rpm     91da67e54794493101aae440a9ac78bf
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.i386.rpm     d2e8edb6a7863fdbe9e4536ee616c482
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el5.x86_64.rpm     b2d73d690d8c59c60184154845c80124
 
Red Hat Enterprise Linux Extras (v. 4)
IA-32:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.i386.rpm     c10ea40be0e969eb78309c0b350a9c36
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.i386.rpm     c10ea40be0e969eb78309c0b350a9c36
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.i386.rpm     c10ea40be0e969eb78309c0b350a9c36
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.i386.rpm     c10ea40be0e969eb78309c0b350a9c36
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.i386.rpm     b6a4877d3bc44b17fa4c4b8278fb25b8
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.i386.rpm     b6a4877d3bc44b17fa4c4b8278fb25b8
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.i386.rpm     b6a4877d3bc44b17fa4c4b8278fb25b8
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.i386.rpm     b6a4877d3bc44b17fa4c4b8278fb25b8
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.i386.rpm     bfece5253c1429174d287bacac7ec8a3
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.i386.rpm     bfece5253c1429174d287bacac7ec8a3
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.i386.rpm     bfece5253c1429174d287bacac7ec8a3
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.i386.rpm     bfece5253c1429174d287bacac7ec8a3
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.i386.rpm     0781aa09beb96823c68430b4c1f4637c
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.i386.rpm     0781aa09beb96823c68430b4c1f4637c
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.i386.rpm     0781aa09beb96823c68430b4c1f4637c
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.i386.rpm     0781aa09beb96823c68430b4c1f4637c
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.i386.rpm     18c373d7a14f8b45b8654b984a52b748
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.i386.rpm     18c373d7a14f8b45b8654b984a52b748
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.i386.rpm     18c373d7a14f8b45b8654b984a52b748
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.i386.rpm     18c373d7a14f8b45b8654b984a52b748
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el4.i386.rpm     7c95430a53a85e01f289eb30fdd180b0
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el4.i386.rpm     7c95430a53a85e01f289eb30fdd180b0
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el4.i386.rpm     7c95430a53a85e01f289eb30fdd180b0
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el4.i386.rpm     7c95430a53a85e01f289eb30fdd180b0
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.i386.rpm     2947392e1f826d93584392da4c671352
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.i386.rpm     2947392e1f826d93584392da4c671352
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.i386.rpm     2947392e1f826d93584392da4c671352
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.i386.rpm     2947392e1f826d93584392da4c671352
 
PPC:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.ppc.rpm     d21f24ce98db197f541ba8954df9c1b1
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.ppc.rpm     dfe0b5f2e144e36bde33655de02aabf6
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.ppc.rpm     d8c64978bab57140cffcf358fbf9edc8
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.ppc.rpm     8781dede2d7b7d9f41616e6dd3d567a3
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.ppc.rpm     61165bc9ec16a10e6603e0bb64568473
java-1.6.0-ibm-plugin-1.6.0.2-1jpp.2.el4.ppc.rpm     f35d22e00e36669c7a00951f9de5b040
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.ppc.rpm     c2ae07a7b76ca3852f1b516b99ed7b00
 
s390:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.s390.rpm     13ee739b54abf2644765d1ef7a74cece
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.s390.rpm     75608a56788917753ab48ca1049c2f9b
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.s390.rpm     1e0efaf44ec2fe70bfbf91a50e3a393d
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.s390.rpm     fd7442a85d5be197c2e2399a00da4dfd
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.s390.rpm     717e7dc5ead3faf9ab23e5d51cfcc737
 
s390x:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.s390x.rpm     dc382e9d7c641721b0313f3cdc41a888
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.s390x.rpm     302fec3d8cec4e9db82075c91f192da4
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.s390x.rpm     2641ce70152cfd3773a6c8a67081b317
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.s390x.rpm     d8c6e740d702828c9ca032ee09d7d8ef
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.s390x.rpm     f3534b71e7a03884f8689f8f45e0f289
 
x86_64:
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.x86_64.rpm     1564e8bdcb14b9ee54d3823869cde0e9
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.x86_64.rpm     1564e8bdcb14b9ee54d3823869cde0e9
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.x86_64.rpm     1564e8bdcb14b9ee54d3823869cde0e9
java-1.6.0-ibm-1.6.0.2-1jpp.2.el4.x86_64.rpm     1564e8bdcb14b9ee54d3823869cde0e9
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.x86_64.rpm     b67d32425d2d97686128766daf0e8a72
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.x86_64.rpm     b67d32425d2d97686128766daf0e8a72
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.x86_64.rpm     b67d32425d2d97686128766daf0e8a72
java-1.6.0-ibm-demo-1.6.0.2-1jpp.2.el4.x86_64.rpm     b67d32425d2d97686128766daf0e8a72
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.x86_64.rpm     eb89e5b006544a704ab90097706f4183
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.x86_64.rpm     eb89e5b006544a704ab90097706f4183
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.x86_64.rpm     eb89e5b006544a704ab90097706f4183
java-1.6.0-ibm-devel-1.6.0.2-1jpp.2.el4.x86_64.rpm     eb89e5b006544a704ab90097706f4183
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.x86_64.rpm     f7aa82c7599128cbdd4792ff458d8f6a
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.x86_64.rpm     f7aa82c7599128cbdd4792ff458d8f6a
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.x86_64.rpm     f7aa82c7599128cbdd4792ff458d8f6a
java-1.6.0-ibm-javacomm-1.6.0.2-1jpp.2.el4.x86_64.rpm     f7aa82c7599128cbdd4792ff458d8f6a
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.x86_64.rpm     06d62c1c736d21ec5f77d5fdbc02a8fd
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.x86_64.rpm     06d62c1c736d21ec5f77d5fdbc02a8fd
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.x86_64.rpm     06d62c1c736d21ec5f77d5fdbc02a8fd
java-1.6.0-ibm-jdbc-1.6.0.2-1jpp.2.el4.x86_64.rpm     06d62c1c736d21ec5f77d5fdbc02a8fd
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.x86_64.rpm     511361af21f0583f04685ea0208f8b77
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.x86_64.rpm     511361af21f0583f04685ea0208f8b77
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.x86_64.rpm     511361af21f0583f04685ea0208f8b77
java-1.6.0-ibm-src-1.6.0.2-1jpp.2.el4.x86_64.rpm     511361af21f0583f04685ea0208f8b77
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

452649 - CVE-2008-3105 CVE-2008-3106 OpenJDK JAX-WS unauthorized URL access (6542088)
452659 - CVE-2008-3103 OpenJDK JMX allows illegal operations with local monitoring (6332953)
454601 - CVE-2008-3104 Java RE allows Same Origin Policy to be Bypassed (6687932)
454603 - CVE-2008-3109 CVE-2008-3110 Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
454606 - CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
454608 - CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/