Skip to navigation

Security Advisory Critical: java-1.6.0-openjdk security update

Advisory: RHSA-2012:0729-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-06-13
Last updated on: 2012-06-13
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-1711
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1723
CVE-2012-1724
CVE-2012-1725

Details

Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Multiple flaws were discovered in the CORBA (Common Object Request Broker
Architecture) implementation in Java. A malicious Java application or
applet could use these flaws to bypass Java sandbox restrictions or modify
immutable object data. (CVE-2012-1711, CVE-2012-1719)

It was discovered that the SynthLookAndFeel class from Swing did not
properly prevent access to certain UI elements from outside the current
application context. A malicious Java application or applet could use this
flaw to crash the Java Virtual Machine, or bypass Java sandbox
restrictions. (CVE-2012-1716)

Multiple flaws were discovered in the font manager's layout lookup
implementation. A specially-crafted font file could cause the Java Virtual
Machine to crash or, possibly, execute arbitrary code with the privileges
of the user running the virtual machine. (CVE-2012-1713)

Multiple flaws were found in the way the Java HotSpot Virtual Machine
verified the bytecode of the class file to be executed. A specially-crafted
Java application or applet could use these flaws to crash the Java Virtual
Machine, or bypass Java sandbox restrictions. (CVE-2012-1723,
CVE-2012-1725)

It was discovered that the Java XML parser did not properly handle certain
XML documents. An attacker able to make a Java application parse a
specially-crafted XML file could use this flaw to make the XML parser enter
an infinite loop. (CVE-2012-1724)

It was discovered that the Java security classes did not properly handle
Certificate Revocation Lists (CRL). CRL containing entries with duplicate
certificate serial numbers could have been ignored. (CVE-2012-1718)

It was discovered that various classes of the Java Runtime library could
create temporary files with insecure permissions. A local attacker could
use this flaw to gain access to the content of such temporary files.
(CVE-2012-1717)

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

This erratum also upgrades the OpenJDK package to IcedTea6 1.11.3. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: 89f723c4658924c401c93f10a57959da
SHA-256: c5df6c48f9c1e6567fb40808c6a4d5dc32f44166720d46568add954acb87e6ea
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: e595b7a256c2f6079eddb7d1d757bff2
SHA-256: 649c0cd6caf82997fe9fd51ac27e76a2f95634d7b882bbd1570ff803b892ecb7
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 130c7b8dc2689cd6f8954a99fbd021f0
SHA-256: ab00458feea2840fbca29ac4d4a7a1af7ebf44cef4a4afbd3266bb5145da5a5a
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: f0f7e0f560131f301caa5407dc541f64
SHA-256: cafdda3f326a0263b9d51841a75081f4a4ccb53946f2941c3cbaf6d48f78bd68
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: ff97885a805cef3364c624eed118d9a1
SHA-256: e76e7f8900e06d2638dc77ea302650aa5301c527320b1ef5252cf19ebf9343d1
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 8836ceb63944f2d76f45ae28874f7906
SHA-256: f5c81d23c177ef57e494566b517e63ea1771632805cd0f6d62d5ff2ac7933e84
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 39aea08428d73804f6082ef11fbe1f4f
SHA-256: 93451266a0607319911dd784837d3778cf397c01d8786889813005462718464e
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: dfcbd7d41ee855a3cbb93272acd2f198
SHA-256: 017bc378885edee4725d2b1faf3a1d493f4f26931959849179b52480f56df3b4
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 16516aabf955475ca8ac8072f5677757
SHA-256: c4890e79d2eb2308efca6ac63ec9d367c151d3bbbc17094eaced9a42af962215
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 857b35dd772b6b1d67675797165ec85f
SHA-256: ef3900e521d2f55708833853cab7a86bb3defcbb5996884db514f76b74fd177a
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 84ee30c4fbfff073c65b697d498ed2c8
SHA-256: 5e6504d5b818239e6c26313299eb373084c94e12865e78ba64d1820ea57c45d0
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: b6fe518c6e1ab5952e1c649a1c89cc39
SHA-256: b13c6815265b1a83424751d12523b9999d8171bbc81d4f756f9f0a1d8ffe6788
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 91e8e98b147b2690a92d2279f97be2c9
SHA-256: 8ab175096c67e3e51d648c4298cd2792766c6d61337de338e0cc4b44498710ec
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: 89f723c4658924c401c93f10a57959da
SHA-256: c5df6c48f9c1e6567fb40808c6a4d5dc32f44166720d46568add954acb87e6ea
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: dfcbd7d41ee855a3cbb93272acd2f198
SHA-256: 017bc378885edee4725d2b1faf3a1d493f4f26931959849179b52480f56df3b4
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 16516aabf955475ca8ac8072f5677757
SHA-256: c4890e79d2eb2308efca6ac63ec9d367c151d3bbbc17094eaced9a42af962215
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 857b35dd772b6b1d67675797165ec85f
SHA-256: ef3900e521d2f55708833853cab7a86bb3defcbb5996884db514f76b74fd177a
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 84ee30c4fbfff073c65b697d498ed2c8
SHA-256: 5e6504d5b818239e6c26313299eb373084c94e12865e78ba64d1820ea57c45d0
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: b6fe518c6e1ab5952e1c649a1c89cc39
SHA-256: b13c6815265b1a83424751d12523b9999d8171bbc81d4f756f9f0a1d8ffe6788
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 91e8e98b147b2690a92d2279f97be2c9
SHA-256: 8ab175096c67e3e51d648c4298cd2792766c6d61337de338e0cc4b44498710ec
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: 89f723c4658924c401c93f10a57959da
SHA-256: c5df6c48f9c1e6567fb40808c6a4d5dc32f44166720d46568add954acb87e6ea
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: e595b7a256c2f6079eddb7d1d757bff2
SHA-256: 649c0cd6caf82997fe9fd51ac27e76a2f95634d7b882bbd1570ff803b892ecb7
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 130c7b8dc2689cd6f8954a99fbd021f0
SHA-256: ab00458feea2840fbca29ac4d4a7a1af7ebf44cef4a4afbd3266bb5145da5a5a
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: f0f7e0f560131f301caa5407dc541f64
SHA-256: cafdda3f326a0263b9d51841a75081f4a4ccb53946f2941c3cbaf6d48f78bd68
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: ff97885a805cef3364c624eed118d9a1
SHA-256: e76e7f8900e06d2638dc77ea302650aa5301c527320b1ef5252cf19ebf9343d1
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 8836ceb63944f2d76f45ae28874f7906
SHA-256: f5c81d23c177ef57e494566b517e63ea1771632805cd0f6d62d5ff2ac7933e84
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 39aea08428d73804f6082ef11fbe1f4f
SHA-256: 93451266a0607319911dd784837d3778cf397c01d8786889813005462718464e
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: dfcbd7d41ee855a3cbb93272acd2f198
SHA-256: 017bc378885edee4725d2b1faf3a1d493f4f26931959849179b52480f56df3b4
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 16516aabf955475ca8ac8072f5677757
SHA-256: c4890e79d2eb2308efca6ac63ec9d367c151d3bbbc17094eaced9a42af962215
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 857b35dd772b6b1d67675797165ec85f
SHA-256: ef3900e521d2f55708833853cab7a86bb3defcbb5996884db514f76b74fd177a
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 84ee30c4fbfff073c65b697d498ed2c8
SHA-256: 5e6504d5b818239e6c26313299eb373084c94e12865e78ba64d1820ea57c45d0
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: b6fe518c6e1ab5952e1c649a1c89cc39
SHA-256: b13c6815265b1a83424751d12523b9999d8171bbc81d4f756f9f0a1d8ffe6788
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 91e8e98b147b2690a92d2279f97be2c9
SHA-256: 8ab175096c67e3e51d648c4298cd2792766c6d61337de338e0cc4b44498710ec
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: 89f723c4658924c401c93f10a57959da
SHA-256: c5df6c48f9c1e6567fb40808c6a4d5dc32f44166720d46568add954acb87e6ea
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: dfcbd7d41ee855a3cbb93272acd2f198
SHA-256: 017bc378885edee4725d2b1faf3a1d493f4f26931959849179b52480f56df3b4
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 16516aabf955475ca8ac8072f5677757
SHA-256: c4890e79d2eb2308efca6ac63ec9d367c151d3bbbc17094eaced9a42af962215
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 857b35dd772b6b1d67675797165ec85f
SHA-256: ef3900e521d2f55708833853cab7a86bb3defcbb5996884db514f76b74fd177a
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 84ee30c4fbfff073c65b697d498ed2c8
SHA-256: 5e6504d5b818239e6c26313299eb373084c94e12865e78ba64d1820ea57c45d0
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: b6fe518c6e1ab5952e1c649a1c89cc39
SHA-256: b13c6815265b1a83424751d12523b9999d8171bbc81d4f756f9f0a1d8ffe6788
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 91e8e98b147b2690a92d2279f97be2c9
SHA-256: 8ab175096c67e3e51d648c4298cd2792766c6d61337de338e0cc4b44498710ec
 
Red Hat Enterprise Linux Server EUS (v. 6.2.z)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: 89f723c4658924c401c93f10a57959da
SHA-256: c5df6c48f9c1e6567fb40808c6a4d5dc32f44166720d46568add954acb87e6ea
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm     MD5: e595b7a256c2f6079eddb7d1d757bff2
SHA-256: 649c0cd6caf82997fe9fd51ac27e76a2f95634d7b882bbd1570ff803b892ecb7
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm     MD5: 130c7b8dc2689cd6f8954a99fbd021f0
SHA-256: ab00458feea2840fbca29ac4d4a7a1af7ebf44cef4a4afbd3266bb5145da5a5a
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm     MD5: f0f7e0f560131f301caa5407dc541f64
SHA-256: cafdda3f326a0263b9d51841a75081f4a4ccb53946f2941c3cbaf6d48f78bd68
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm     MD5: ff97885a805cef3364c624eed118d9a1
SHA-256: e76e7f8900e06d2638dc77ea302650aa5301c527320b1ef5252cf19ebf9343d1
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm     MD5: 8836ceb63944f2d76f45ae28874f7906
SHA-256: f5c81d23c177ef57e494566b517e63ea1771632805cd0f6d62d5ff2ac7933e84
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm     MD5: 39aea08428d73804f6082ef11fbe1f4f
SHA-256: 93451266a0607319911dd784837d3778cf397c01d8786889813005462718464e
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: dfcbd7d41ee855a3cbb93272acd2f198
SHA-256: 017bc378885edee4725d2b1faf3a1d493f4f26931959849179b52480f56df3b4
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 16516aabf955475ca8ac8072f5677757
SHA-256: c4890e79d2eb2308efca6ac63ec9d367c151d3bbbc17094eaced9a42af962215
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 857b35dd772b6b1d67675797165ec85f
SHA-256: ef3900e521d2f55708833853cab7a86bb3defcbb5996884db514f76b74fd177a
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 84ee30c4fbfff073c65b697d498ed2c8
SHA-256: 5e6504d5b818239e6c26313299eb373084c94e12865e78ba64d1820ea57c45d0
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: b6fe518c6e1ab5952e1c649a1c89cc39
SHA-256: b13c6815265b1a83424751d12523b9999d8171bbc81d4f756f9f0a1d8ffe6788
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm     MD5: 91e8e98b147b2690a92d2279f97be2c9
SHA-256: 8ab175096c67e3e51d648c4298cd2792766c6d61337de338e0cc4b44498710ec
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: 89f723c4658924c401c93f10a57959da
SHA-256: c5df6c48f9c1e6567fb40808c6a4d5dc32f44166720d46568add954acb87e6ea
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: e595b7a256c2f6079eddb7d1d757bff2
SHA-256: 649c0cd6caf82997fe9fd51ac27e76a2f95634d7b882bbd1570ff803b892ecb7
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 130c7b8dc2689cd6f8954a99fbd021f0
SHA-256: ab00458feea2840fbca29ac4d4a7a1af7ebf44cef4a4afbd3266bb5145da5a5a
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: f0f7e0f560131f301caa5407dc541f64
SHA-256: cafdda3f326a0263b9d51841a75081f4a4ccb53946f2941c3cbaf6d48f78bd68
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: ff97885a805cef3364c624eed118d9a1
SHA-256: e76e7f8900e06d2638dc77ea302650aa5301c527320b1ef5252cf19ebf9343d1
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 8836ceb63944f2d76f45ae28874f7906
SHA-256: f5c81d23c177ef57e494566b517e63ea1771632805cd0f6d62d5ff2ac7933e84
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 39aea08428d73804f6082ef11fbe1f4f
SHA-256: 93451266a0607319911dd784837d3778cf397c01d8786889813005462718464e
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: dfcbd7d41ee855a3cbb93272acd2f198
SHA-256: 017bc378885edee4725d2b1faf3a1d493f4f26931959849179b52480f56df3b4
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 16516aabf955475ca8ac8072f5677757
SHA-256: c4890e79d2eb2308efca6ac63ec9d367c151d3bbbc17094eaced9a42af962215
java-1.6.0-openjdk-demo-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 857b35dd772b6b1d67675797165ec85f
SHA-256: ef3900e521d2f55708833853cab7a86bb3defcbb5996884db514f76b74fd177a
java-1.6.0-openjdk-devel-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 84ee30c4fbfff073c65b697d498ed2c8
SHA-256: 5e6504d5b818239e6c26313299eb373084c94e12865e78ba64d1820ea57c45d0
java-1.6.0-openjdk-javadoc-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: b6fe518c6e1ab5952e1c649a1c89cc39
SHA-256: b13c6815265b1a83424751d12523b9999d8171bbc81d4f756f9f0a1d8ffe6788
java-1.6.0-openjdk-src-1.6.0.0-1.48.1.11.3.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 91e8e98b147b2690a92d2279f97be2c9
SHA-256: 8ab175096c67e3e51d648c4298cd2792766c6d61337de338e0cc4b44498710ec
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

829354 - CVE-2012-1711 OpenJDK: improper protection of CORBA data models (CORBA, 7079902)
829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)
829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
829373 - CVE-2012-1723 OpenJDK: insufficient field accessibility checks (HotSpot, 7152811)
829374 - CVE-2012-1724 OpenJDK: XML parsing infinite loop (JAXP, 7157609)
829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/