Skip to navigation

Security Advisory Critical: java-1.6.0-openjdk security update

Advisory: RHSA-2012:1221-1
Type: Security Advisory
Severity: Critical
Issued on: 2012-09-03
Last updated on: 2012-09-03
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-0547
CVE-2012-1682

Details

Updated java-1.6.0-openjdk packages that fix two security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

It was discovered that the Beans component in OpenJDK did not perform
permission checks properly. An untrusted Java application or applet could
use this flaw to use classes from restricted packages, allowing it to
bypass Java sandbox restrictions. (CVE-2012-1682)

A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)

Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.

This erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: ef1789f1b784c76b2c5aa20105fc9162
SHA-256: c41d4ddf2cf62ead3e98343abc687f0feb63fef4bf26828bc73caea61b02d2ba
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 47c4b0349b2dec097097f6285d3ee276
SHA-256: 7cfe605c6ae392cf54c7ab4f3d2488d0c80a9e5272a11bce838c03808834b9c3
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: ffe0e29aaf4d8c67eb1f8eebae7c5696
SHA-256: 1eb1ea1697f1859788764ece0d873d87089e87c84eb019553fc2cc55462035ca
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 868527e075e727ddc2b603b8d5fb66ee
SHA-256: bc6422da43817ae21693d984334bf53237c6800e965e7bbf402622c0ed4edfe4
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: fa7acc05adf15ed7ac27ca3bb5f3316a
SHA-256: 116024b130a65437811b9354a9ba4ba5a47f3a3868f0c05406514b5958dc4e98
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 3a6ec854a5f05b28e22ee7481c969da2
SHA-256: 6a7cd821c6df161bff2f48a474674ac3344763136652e7adbb860a3a139f196f
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 21e676dfa03000e2349d3301e38268ad
SHA-256: 97f4b88abc8cf6e3e045cb6582eaa663cc41e4ab73d886fae0f0bf25c5bb9e9d
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: c9e1578afc270b5a93f0a13b08696cfa
SHA-256: b84d800a868c506d768c91f261af85a14dd7f50b9a715cf3f1e769bf7c5ae7b1
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 58ef6925d13032a8529e2f7abfd779d4
SHA-256: 15ed9e4696f6d788f4b2209fa477e8a0bf155fd86fb91edc1bac61afbe266d8f
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a272276895e3e311e09656f37aa5c7b8
SHA-256: 9b34ff71067893f92191160eb63ff920b6b98bbb264d91dc5435b5cb38cc5e43
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a5a6a9510006fe90a438cf9a2f644f23
SHA-256: 90092d86a94e4d9b55273e95f38f7d1ccdde1feb9449c5de1a37daa724eba0ef
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 8fa2d42b47f3842be6151a07faf16ec3
SHA-256: 57275ad212f9ca28666005ae7757ab564e4b3cb0c083d4648df8e4c4659fc36a
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 0593b699c1b56520a11401a5f9b4505c
SHA-256: c245e452f4e0dc903f6429bb5182f0c91ddf98251b83d78ae7dddcb29ceee541
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: ef1789f1b784c76b2c5aa20105fc9162
SHA-256: c41d4ddf2cf62ead3e98343abc687f0feb63fef4bf26828bc73caea61b02d2ba
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: c9e1578afc270b5a93f0a13b08696cfa
SHA-256: b84d800a868c506d768c91f261af85a14dd7f50b9a715cf3f1e769bf7c5ae7b1
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 58ef6925d13032a8529e2f7abfd779d4
SHA-256: 15ed9e4696f6d788f4b2209fa477e8a0bf155fd86fb91edc1bac61afbe266d8f
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a272276895e3e311e09656f37aa5c7b8
SHA-256: 9b34ff71067893f92191160eb63ff920b6b98bbb264d91dc5435b5cb38cc5e43
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a5a6a9510006fe90a438cf9a2f644f23
SHA-256: 90092d86a94e4d9b55273e95f38f7d1ccdde1feb9449c5de1a37daa724eba0ef
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 8fa2d42b47f3842be6151a07faf16ec3
SHA-256: 57275ad212f9ca28666005ae7757ab564e4b3cb0c083d4648df8e4c4659fc36a
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 0593b699c1b56520a11401a5f9b4505c
SHA-256: c245e452f4e0dc903f6429bb5182f0c91ddf98251b83d78ae7dddcb29ceee541
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: ef1789f1b784c76b2c5aa20105fc9162
SHA-256: c41d4ddf2cf62ead3e98343abc687f0feb63fef4bf26828bc73caea61b02d2ba
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 47c4b0349b2dec097097f6285d3ee276
SHA-256: 7cfe605c6ae392cf54c7ab4f3d2488d0c80a9e5272a11bce838c03808834b9c3
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: ffe0e29aaf4d8c67eb1f8eebae7c5696
SHA-256: 1eb1ea1697f1859788764ece0d873d87089e87c84eb019553fc2cc55462035ca
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 868527e075e727ddc2b603b8d5fb66ee
SHA-256: bc6422da43817ae21693d984334bf53237c6800e965e7bbf402622c0ed4edfe4
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: fa7acc05adf15ed7ac27ca3bb5f3316a
SHA-256: 116024b130a65437811b9354a9ba4ba5a47f3a3868f0c05406514b5958dc4e98
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 3a6ec854a5f05b28e22ee7481c969da2
SHA-256: 6a7cd821c6df161bff2f48a474674ac3344763136652e7adbb860a3a139f196f
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 21e676dfa03000e2349d3301e38268ad
SHA-256: 97f4b88abc8cf6e3e045cb6582eaa663cc41e4ab73d886fae0f0bf25c5bb9e9d
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: c9e1578afc270b5a93f0a13b08696cfa
SHA-256: b84d800a868c506d768c91f261af85a14dd7f50b9a715cf3f1e769bf7c5ae7b1
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 58ef6925d13032a8529e2f7abfd779d4
SHA-256: 15ed9e4696f6d788f4b2209fa477e8a0bf155fd86fb91edc1bac61afbe266d8f
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a272276895e3e311e09656f37aa5c7b8
SHA-256: 9b34ff71067893f92191160eb63ff920b6b98bbb264d91dc5435b5cb38cc5e43
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a5a6a9510006fe90a438cf9a2f644f23
SHA-256: 90092d86a94e4d9b55273e95f38f7d1ccdde1feb9449c5de1a37daa724eba0ef
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 8fa2d42b47f3842be6151a07faf16ec3
SHA-256: 57275ad212f9ca28666005ae7757ab564e4b3cb0c083d4648df8e4c4659fc36a
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 0593b699c1b56520a11401a5f9b4505c
SHA-256: c245e452f4e0dc903f6429bb5182f0c91ddf98251b83d78ae7dddcb29ceee541
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: ef1789f1b784c76b2c5aa20105fc9162
SHA-256: c41d4ddf2cf62ead3e98343abc687f0feb63fef4bf26828bc73caea61b02d2ba
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2013:0273
    MD5: 47c4b0349b2dec097097f6285d3ee276
SHA-256: 7cfe605c6ae392cf54c7ab4f3d2488d0c80a9e5272a11bce838c03808834b9c3
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2013:0273
    MD5: ffe0e29aaf4d8c67eb1f8eebae7c5696
SHA-256: 1eb1ea1697f1859788764ece0d873d87089e87c84eb019553fc2cc55462035ca
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2013:0273
    MD5: 868527e075e727ddc2b603b8d5fb66ee
SHA-256: bc6422da43817ae21693d984334bf53237c6800e965e7bbf402622c0ed4edfe4
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2013:0273
    MD5: fa7acc05adf15ed7ac27ca3bb5f3316a
SHA-256: 116024b130a65437811b9354a9ba4ba5a47f3a3868f0c05406514b5958dc4e98
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2013:0273
    MD5: 3a6ec854a5f05b28e22ee7481c969da2
SHA-256: 6a7cd821c6df161bff2f48a474674ac3344763136652e7adbb860a3a139f196f
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2013:0273
    MD5: 21e676dfa03000e2349d3301e38268ad
SHA-256: 97f4b88abc8cf6e3e045cb6582eaa663cc41e4ab73d886fae0f0bf25c5bb9e9d
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0273
    MD5: c9e1578afc270b5a93f0a13b08696cfa
SHA-256: b84d800a868c506d768c91f261af85a14dd7f50b9a715cf3f1e769bf7c5ae7b1
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0273
    MD5: 58ef6925d13032a8529e2f7abfd779d4
SHA-256: 15ed9e4696f6d788f4b2209fa477e8a0bf155fd86fb91edc1bac61afbe266d8f
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0273
    MD5: a272276895e3e311e09656f37aa5c7b8
SHA-256: 9b34ff71067893f92191160eb63ff920b6b98bbb264d91dc5435b5cb38cc5e43
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0273
    MD5: a5a6a9510006fe90a438cf9a2f644f23
SHA-256: 90092d86a94e4d9b55273e95f38f7d1ccdde1feb9449c5de1a37daa724eba0ef
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0273
    MD5: 8fa2d42b47f3842be6151a07faf16ec3
SHA-256: 57275ad212f9ca28666005ae7757ab564e4b3cb0c083d4648df8e4c4659fc36a
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2013:0273
    MD5: 0593b699c1b56520a11401a5f9b4505c
SHA-256: c245e452f4e0dc903f6429bb5182f0c91ddf98251b83d78ae7dddcb29ceee541
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.src.rpm
File outdated by:  RHSA-2014:0408
    MD5: ef1789f1b784c76b2c5aa20105fc9162
SHA-256: c41d4ddf2cf62ead3e98343abc687f0feb63fef4bf26828bc73caea61b02d2ba
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 47c4b0349b2dec097097f6285d3ee276
SHA-256: 7cfe605c6ae392cf54c7ab4f3d2488d0c80a9e5272a11bce838c03808834b9c3
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: ffe0e29aaf4d8c67eb1f8eebae7c5696
SHA-256: 1eb1ea1697f1859788764ece0d873d87089e87c84eb019553fc2cc55462035ca
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 868527e075e727ddc2b603b8d5fb66ee
SHA-256: bc6422da43817ae21693d984334bf53237c6800e965e7bbf402622c0ed4edfe4
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: fa7acc05adf15ed7ac27ca3bb5f3316a
SHA-256: 116024b130a65437811b9354a9ba4ba5a47f3a3868f0c05406514b5958dc4e98
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 3a6ec854a5f05b28e22ee7481c969da2
SHA-256: 6a7cd821c6df161bff2f48a474674ac3344763136652e7adbb860a3a139f196f
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.i686.rpm
File outdated by:  RHSA-2014:0408
    MD5: 21e676dfa03000e2349d3301e38268ad
SHA-256: 97f4b88abc8cf6e3e045cb6582eaa663cc41e4ab73d886fae0f0bf25c5bb9e9d
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: c9e1578afc270b5a93f0a13b08696cfa
SHA-256: b84d800a868c506d768c91f261af85a14dd7f50b9a715cf3f1e769bf7c5ae7b1
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 58ef6925d13032a8529e2f7abfd779d4
SHA-256: 15ed9e4696f6d788f4b2209fa477e8a0bf155fd86fb91edc1bac61afbe266d8f
java-1.6.0-openjdk-demo-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a272276895e3e311e09656f37aa5c7b8
SHA-256: 9b34ff71067893f92191160eb63ff920b6b98bbb264d91dc5435b5cb38cc5e43
java-1.6.0-openjdk-devel-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: a5a6a9510006fe90a438cf9a2f644f23
SHA-256: 90092d86a94e4d9b55273e95f38f7d1ccdde1feb9449c5de1a37daa724eba0ef
java-1.6.0-openjdk-javadoc-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 8fa2d42b47f3842be6151a07faf16ec3
SHA-256: 57275ad212f9ca28666005ae7757ab564e4b3cb0c083d4648df8e4c4659fc36a
java-1.6.0-openjdk-src-1.6.0.0-1.49.1.11.4.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0408
    MD5: 0593b699c1b56520a11401a5f9b4505c
SHA-256: c245e452f4e0dc903f6429bb5182f0c91ddf98251b83d78ae7dddcb29ceee541
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/