Skip to navigation

Security Advisory Critical: java-1.6.0-sun security update

Advisory: RHSA-2010:0337-1
Type: Security Advisory
Severity: Critical
Issued on: 2010-03-31
Last updated on: 2010-03-31
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
RHEL Supplementary EUS (v. 5.4.z server)
Red Hat Enterprise Linux Extras (v. 4)
Red Hat Enterprise Linux Extras (v. 4.8.z)
CVEs (cve.mitre.org): CVE-2009-3555
CVE-2010-0082
CVE-2010-0084
CVE-2010-0085
CVE-2010-0087
CVE-2010-0088
CVE-2010-0089
CVE-2010-0090
CVE-2010-0091
CVE-2010-0092
CVE-2010-0093
CVE-2010-0094
CVE-2010-0095
CVE-2010-0837
CVE-2010-0838
CVE-2010-0839
CVE-2010-0840
CVE-2010-0841
CVE-2010-0842
CVE-2010-0843
CVE-2010-0844
CVE-2010-0845
CVE-2010-0846
CVE-2010-0847
CVE-2010-0848
CVE-2010-0849

Details

Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the "Oracle Java SE and Java
for Business Critical Patch Update Advisory" page, listed in the
References section. (CVE-2009-3555, CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090,
CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095,
CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846,
CVE-2010-0847, CVE-2010-0848, CVE-2010-0849)

For the CVE-2009-3555 issue, this update disables renegotiation in the Java
Secure Socket Extension (JSSE) component. Unsafe renegotiation can be
re-enabled using the sun.security.ssl.allowUnsafeRenegotiation property.
Refer to the following Knowledgebase article for details:
http://kbase.redhat.com/faq/docs/DOC-20491

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Supplementary (v. 5 client)

IA-32:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 247995efcdcabec97801fe66dec4e594
SHA-256: 958f745f785a2993be00416596cdff5508d38aa5929b643bb0e875fda49dcc9a
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 1366e0463a004dad1d0b8a0b720f8703
SHA-256: 5f7cf3e4eb2347e10f64c4c5aaa4df4b9bdda907f965cc3fc86df539cffac4b5
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 9851df9738c65c880468e13048cc8352
SHA-256: 4d7f040624a53495f6d8d1313426d7bf0218d6248917eea0bfdc6074982b8f61
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: c5069be0be19b42a355dc054063e41f2
SHA-256: 9211b5df2b369b9634b45bdf21351276f5d314703fb1286a31d11f0745bfa6c0
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 9377f6557273708b95d894e3e137fad7
SHA-256: e8b73dc2366ede797bcc0f307aab2ffa9f0d5fa84974f092787244b2917b1fbe
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 30ae95cdfa83b72a2573ef6c7971554e
SHA-256: 2bdefd0f6d73635bfd7cc5864bc19efcf233d11431888afbf41d6fa7bd9b0668
 
x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 6ceb974bfec1167c45b27394a1f3fe3d
SHA-256: 52179172b9c8559b744cbbdacd5c7239410733813b40ba118c68c4bf66cc4d36
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 2ae131054d48f2ed9362c2fa82c1a944
SHA-256: a3f8e5a00a81b9dbd31e9c27297504a09e90eb52e533535c0616d7ab66521d92
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: a7299a805e5e1b72240356855830cd34
SHA-256: 870792230859013ce7e9ba11cd1cc0202341f66425cc14c9ae2e9ec01132f09d
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 939f90b4bf6d5ee979d5e33bd44174ec
SHA-256: 3911ec10724d77c2e129f50389264a92d9ee36fce3841a1590d12e8f0c67bf55
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 9377f6557273708b95d894e3e137fad7
SHA-256: e8b73dc2366ede797bcc0f307aab2ffa9f0d5fa84974f092787244b2917b1fbe
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: f19bd447cfe61104dae37599757f1660
SHA-256: f296827a22667f8abbf8e73d0b3a7e813d2ee98baf51669f455bd8f8c8f1da91
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 6bd62ddf0ef3c4263e5577d210872385
SHA-256: 4df15af6551579c7f0c634c9adabc4675543e0372460ff4eb190110f931606a7
 
RHEL Supplementary (v. 5 server)

IA-32:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 247995efcdcabec97801fe66dec4e594
SHA-256: 958f745f785a2993be00416596cdff5508d38aa5929b643bb0e875fda49dcc9a
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 1366e0463a004dad1d0b8a0b720f8703
SHA-256: 5f7cf3e4eb2347e10f64c4c5aaa4df4b9bdda907f965cc3fc86df539cffac4b5
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 9851df9738c65c880468e13048cc8352
SHA-256: 4d7f040624a53495f6d8d1313426d7bf0218d6248917eea0bfdc6074982b8f61
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: c5069be0be19b42a355dc054063e41f2
SHA-256: 9211b5df2b369b9634b45bdf21351276f5d314703fb1286a31d11f0745bfa6c0
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 9377f6557273708b95d894e3e137fad7
SHA-256: e8b73dc2366ede797bcc0f307aab2ffa9f0d5fa84974f092787244b2917b1fbe
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 30ae95cdfa83b72a2573ef6c7971554e
SHA-256: 2bdefd0f6d73635bfd7cc5864bc19efcf233d11431888afbf41d6fa7bd9b0668
 
x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 6ceb974bfec1167c45b27394a1f3fe3d
SHA-256: 52179172b9c8559b744cbbdacd5c7239410733813b40ba118c68c4bf66cc4d36
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 2ae131054d48f2ed9362c2fa82c1a944
SHA-256: a3f8e5a00a81b9dbd31e9c27297504a09e90eb52e533535c0616d7ab66521d92
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: a7299a805e5e1b72240356855830cd34
SHA-256: 870792230859013ce7e9ba11cd1cc0202341f66425cc14c9ae2e9ec01132f09d
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 939f90b4bf6d5ee979d5e33bd44174ec
SHA-256: 3911ec10724d77c2e129f50389264a92d9ee36fce3841a1590d12e8f0c67bf55
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm     MD5: 9377f6557273708b95d894e3e137fad7
SHA-256: e8b73dc2366ede797bcc0f307aab2ffa9f0d5fa84974f092787244b2917b1fbe
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: f19bd447cfe61104dae37599757f1660
SHA-256: f296827a22667f8abbf8e73d0b3a7e813d2ee98baf51669f455bd8f8c8f1da91
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.x86_64.rpm     MD5: 6bd62ddf0ef3c4263e5577d210872385
SHA-256: 4df15af6551579c7f0c634c9adabc4675543e0372460ff4eb190110f931606a7
 
RHEL Supplementary EUS (v. 5.4.z server)

IA-32:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.i586.rpm
File outdated by:  RHBA-2010:0555
    MD5: 247995efcdcabec97801fe66dec4e594
SHA-256: 958f745f785a2993be00416596cdff5508d38aa5929b643bb0e875fda49dcc9a
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.i586.rpm
File outdated by:  RHBA-2010:0555
    MD5: 1366e0463a004dad1d0b8a0b720f8703
SHA-256: 5f7cf3e4eb2347e10f64c4c5aaa4df4b9bdda907f965cc3fc86df539cffac4b5
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.i586.rpm
File outdated by:  RHBA-2010:0555
    MD5: 9851df9738c65c880468e13048cc8352
SHA-256: 4d7f040624a53495f6d8d1313426d7bf0218d6248917eea0bfdc6074982b8f61
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.i586.rpm
File outdated by:  RHBA-2010:0555
    MD5: c5069be0be19b42a355dc054063e41f2
SHA-256: 9211b5df2b369b9634b45bdf21351276f5d314703fb1286a31d11f0745bfa6c0
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm
File outdated by:  RHBA-2010:0555
    MD5: 9377f6557273708b95d894e3e137fad7
SHA-256: e8b73dc2366ede797bcc0f307aab2ffa9f0d5fa84974f092787244b2917b1fbe
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.i586.rpm
File outdated by:  RHBA-2010:0555
    MD5: 30ae95cdfa83b72a2573ef6c7971554e
SHA-256: 2bdefd0f6d73635bfd7cc5864bc19efcf233d11431888afbf41d6fa7bd9b0668
 
x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0555
    MD5: 6ceb974bfec1167c45b27394a1f3fe3d
SHA-256: 52179172b9c8559b744cbbdacd5c7239410733813b40ba118c68c4bf66cc4d36
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0555
    MD5: 2ae131054d48f2ed9362c2fa82c1a944
SHA-256: a3f8e5a00a81b9dbd31e9c27297504a09e90eb52e533535c0616d7ab66521d92
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0555
    MD5: a7299a805e5e1b72240356855830cd34
SHA-256: 870792230859013ce7e9ba11cd1cc0202341f66425cc14c9ae2e9ec01132f09d
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0555
    MD5: 939f90b4bf6d5ee979d5e33bd44174ec
SHA-256: 3911ec10724d77c2e129f50389264a92d9ee36fce3841a1590d12e8f0c67bf55
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.i586.rpm
File outdated by:  RHBA-2010:0555
    MD5: 9377f6557273708b95d894e3e137fad7
SHA-256: e8b73dc2366ede797bcc0f307aab2ffa9f0d5fa84974f092787244b2917b1fbe
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0555
    MD5: f19bd447cfe61104dae37599757f1660
SHA-256: f296827a22667f8abbf8e73d0b3a7e813d2ee98baf51669f455bd8f8c8f1da91
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el5.x86_64.rpm
File outdated by:  RHBA-2010:0555
    MD5: 6bd62ddf0ef3c4263e5577d210872385
SHA-256: 4df15af6551579c7f0c634c9adabc4675543e0372460ff4eb190110f931606a7
 
Red Hat Enterprise Linux Extras (v. 4)

IA-32:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 0456392f6d0550fa5c8665d6cf87ae27
SHA-256: c3a64056433eeeb9e69839ae36f907e1cbd4ae3b0335e84cf41d8552e708d350
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 63c543e85c5b07d8461610281daf5c89
SHA-256: c31d1b6923abf02b19d0b6b2586f3709b84301eae021f112cbe033b4b3906d5b
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 81204b612bd42c1747a699f72473c689
SHA-256: e5a909cdd1bf66a42487954edc901f18c1d8ec6f7a21917f9d687a490cf7bc52
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 2882d45ef3711e8fac087afe9046844e
SHA-256: 81d231358d784a09fd58b27cd7ac0cc524a9d59b7c11cabf68b4439de07a48e9
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 6f3af5dec66ae1dad42ef891063066e3
SHA-256: e645d1475fa520cac09bb29035091f1f46b777c61787f3aec690ae573b010fe2
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 7f10a21e9aae35446e2852d6f3a16b85
SHA-256: 10d95d7f770f2baeec48ecc472c2a49d11944baf1d25a7518bd351c06b292b20
 
x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 2f51e5c911b9f295803e5ec0cfc2b57d
SHA-256: 2e4e19d34b590b40a86081cd14322401176377883bee093426528c9951799e47
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 44ee596f7b89215813d5747f5929e5bc
SHA-256: 8f440e77b6285d484cee961cefbc8a64f8d6690cb786958671b7a36f05553817
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 949f4ed6b6d9b9ad5cda93c84d3b373f
SHA-256: 8c274f9752a72180ae99ac4a64e1d87e31a59d8b765ee0275df798bc5c925baa
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 8c237f8ae03d9157e2ed9814201026b2
SHA-256: 6fc04ac0b95ada4de5029c9e8d6cc62e48bf525d5f84bea8e444bf61b0fef8f2
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: b061cc3a787b931a0f729313e9930e72
SHA-256: cc996db938188e5b13e1118443d3390dc76f184e0d8ab292c208d7fde9d9b4b9
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 0e8b9d23313fe16f3ab49e964887247c
SHA-256: a35fcc75573bf69b0934671aea82226d0b97957b912b699a9ea2d79b052b77da
 
Red Hat Enterprise Linux Extras (v. 4.8.z)

IA-32:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 0456392f6d0550fa5c8665d6cf87ae27
SHA-256: c3a64056433eeeb9e69839ae36f907e1cbd4ae3b0335e84cf41d8552e708d350
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 63c543e85c5b07d8461610281daf5c89
SHA-256: c31d1b6923abf02b19d0b6b2586f3709b84301eae021f112cbe033b4b3906d5b
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 81204b612bd42c1747a699f72473c689
SHA-256: e5a909cdd1bf66a42487954edc901f18c1d8ec6f7a21917f9d687a490cf7bc52
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 2882d45ef3711e8fac087afe9046844e
SHA-256: 81d231358d784a09fd58b27cd7ac0cc524a9d59b7c11cabf68b4439de07a48e9
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 6f3af5dec66ae1dad42ef891063066e3
SHA-256: e645d1475fa520cac09bb29035091f1f46b777c61787f3aec690ae573b010fe2
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 7f10a21e9aae35446e2852d6f3a16b85
SHA-256: 10d95d7f770f2baeec48ecc472c2a49d11944baf1d25a7518bd351c06b292b20
 
x86_64:
java-1.6.0-sun-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 2f51e5c911b9f295803e5ec0cfc2b57d
SHA-256: 2e4e19d34b590b40a86081cd14322401176377883bee093426528c9951799e47
java-1.6.0-sun-demo-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 44ee596f7b89215813d5747f5929e5bc
SHA-256: 8f440e77b6285d484cee961cefbc8a64f8d6690cb786958671b7a36f05553817
java-1.6.0-sun-devel-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 949f4ed6b6d9b9ad5cda93c84d3b373f
SHA-256: 8c274f9752a72180ae99ac4a64e1d87e31a59d8b765ee0275df798bc5c925baa
java-1.6.0-sun-jdbc-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 8c237f8ae03d9157e2ed9814201026b2
SHA-256: 6fc04ac0b95ada4de5029c9e8d6cc62e48bf525d5f84bea8e444bf61b0fef8f2
java-1.6.0-sun-plugin-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: b061cc3a787b931a0f729313e9930e72
SHA-256: cc996db938188e5b13e1118443d3390dc76f184e0d8ab292c208d7fde9d9b4b9
java-1.6.0-sun-src-1.6.0.19-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 0e8b9d23313fe16f3ab49e964887247c
SHA-256: a35fcc75573bf69b0934671aea82226d0b97957b912b699a9ea2d79b052b77da
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

533125 - CVE-2009-3555 TLS: MITM attacks via session renegotiation
575736 - CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)
575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)
575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)
575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)
575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
575760 - CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)
575764 - CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)
575769 - CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)
575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)
575775 - CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)
575808 - CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)
575818 - CVE-2010-0837 OpenJDK JAR "unpack200" must verify input parameters (6902299)
575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)
575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)
575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823)
575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)
578430 - CVE-2010-0846 JDK unspecified vulnerability in ImageIO component
578432 - CVE-2010-0849 JDK unspecified vulnerability in Java2D component
578433 - CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component
578436 - CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities
578437 - CVE-2010-0090 JDK unspecified vulnerability in JavaWS/Plugin component
578440 - CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component


References

https://www.redhat.com/security/data/cve/CVE-2009-3555.html
https://www.redhat.com/security/data/cve/CVE-2010-0082.html
https://www.redhat.com/security/data/cve/CVE-2010-0084.html
https://www.redhat.com/security/data/cve/CVE-2010-0085.html
https://www.redhat.com/security/data/cve/CVE-2010-0087.html
https://www.redhat.com/security/data/cve/CVE-2010-0088.html
https://www.redhat.com/security/data/cve/CVE-2010-0089.html
https://www.redhat.com/security/data/cve/CVE-2010-0090.html
https://www.redhat.com/security/data/cve/CVE-2010-0091.html
https://www.redhat.com/security/data/cve/CVE-2010-0092.html
https://www.redhat.com/security/data/cve/CVE-2010-0093.html
https://www.redhat.com/security/data/cve/CVE-2010-0094.html
https://www.redhat.com/security/data/cve/CVE-2010-0095.html
https://www.redhat.com/security/data/cve/CVE-2010-0837.html
https://www.redhat.com/security/data/cve/CVE-2010-0838.html
https://www.redhat.com/security/data/cve/CVE-2010-0839.html
https://www.redhat.com/security/data/cve/CVE-2010-0840.html
https://www.redhat.com/security/data/cve/CVE-2010-0841.html
https://www.redhat.com/security/data/cve/CVE-2010-0842.html
https://www.redhat.com/security/data/cve/CVE-2010-0843.html
https://www.redhat.com/security/data/cve/CVE-2010-0844.html
https://www.redhat.com/security/data/cve/CVE-2010-0845.html
https://www.redhat.com/security/data/cve/CVE-2010-0846.html
https://www.redhat.com/security/data/cve/CVE-2010-0847.html
https://www.redhat.com/security/data/cve/CVE-2010-0848.html
https://www.redhat.com/security/data/cve/CVE-2010-0849.html
http://www.redhat.com/security/updates/classification/#critical
http://kbase.redhat.com/faq/docs/DOC-20491
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/