Skip to navigation

Security Advisory Important: java-1.6.0-openjdk security update

Advisory: RHSA-2013:0274-1
Type: Security Advisory
Severity: Important
Issued on: 2013-02-20
Last updated on: 2013-02-20
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.9.z server)
Red Hat Enterprise Linux Long Life (v. 5.9 server)
CVEs (cve.mitre.org): CVE-2013-0169
CVE-2013-1486

Details

Updated java-1.6.0-openjdk packages that fix two security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

An improper permission check issue was discovered in the JMX component in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass Java sandbox restrictions. (CVE-2013-1486)

It was discovered that OpenJDK leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-0169)

This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)
SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm
File outdated by:  RHSA-2013:0770		     MD5: f83fa37c7d752ded05fa87080823f4c2
SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 47884ac1c6be2ded23e9725cfd2c6473
SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9bad4c3dee7e7eb70a2da3a24d787e2e
SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 07464d87a7f2908a9db57637cc464f2f
SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 72a2571adf90c898ee92ecb9e37f4318
SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 2e251f50c1a8dce43197b1ac6a163cfa
SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: b5f8425753d76ffa76f960a26433d996
SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 1ab1032adc4898d8dc64d01c6e292644
SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 3889efad716f23b9fedb5c0514779ee9
SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9df3cfa269bad6f903f8eabbaa36c02f
SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: e6c66692a8d49e2bbe5f682723186684
SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: c7a2ebd3e99b4556ef34e58bb09c3c1d
SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: b7609ea65d780db2960f0a0807f68bb3
SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm
File outdated by:  RHSA-2013:0770		     MD5: f83fa37c7d752ded05fa87080823f4c2
SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 47884ac1c6be2ded23e9725cfd2c6473
SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9bad4c3dee7e7eb70a2da3a24d787e2e
SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 07464d87a7f2908a9db57637cc464f2f
SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 72a2571adf90c898ee92ecb9e37f4318
SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 2e251f50c1a8dce43197b1ac6a163cfa
SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: b5f8425753d76ffa76f960a26433d996
SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 1ab1032adc4898d8dc64d01c6e292644
SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 3889efad716f23b9fedb5c0514779ee9
SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9df3cfa269bad6f903f8eabbaa36c02f
SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: e6c66692a8d49e2bbe5f682723186684
SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: c7a2ebd3e99b4556ef34e58bb09c3c1d
SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: b7609ea65d780db2960f0a0807f68bb3
SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
 
Red Hat Enterprise Linux EUS (v. 5.9.z server)
SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm
File outdated by:  RHSA-2013:0770		     MD5: f83fa37c7d752ded05fa87080823f4c2
SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 47884ac1c6be2ded23e9725cfd2c6473
SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9bad4c3dee7e7eb70a2da3a24d787e2e
SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 07464d87a7f2908a9db57637cc464f2f
SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 72a2571adf90c898ee92ecb9e37f4318
SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 2e251f50c1a8dce43197b1ac6a163cfa
SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: b5f8425753d76ffa76f960a26433d996
SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 1ab1032adc4898d8dc64d01c6e292644
SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 3889efad716f23b9fedb5c0514779ee9
SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9df3cfa269bad6f903f8eabbaa36c02f
SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: e6c66692a8d49e2bbe5f682723186684
SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: c7a2ebd3e99b4556ef34e58bb09c3c1d
SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: b7609ea65d780db2960f0a0807f68bb3
SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
 
Red Hat Enterprise Linux Long Life (v. 5.9 server)
SRPMS:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm
File outdated by:  RHSA-2013:0770		     MD5: f83fa37c7d752ded05fa87080823f4c2
SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 47884ac1c6be2ded23e9725cfd2c6473
SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9bad4c3dee7e7eb70a2da3a24d787e2e
SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 07464d87a7f2908a9db57637cc464f2f
SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 72a2571adf90c898ee92ecb9e37f4318
SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: 2e251f50c1a8dce43197b1ac6a163cfa
SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm
File outdated by:  RHSA-2013:0770		     MD5: b5f8425753d76ffa76f960a26433d996
SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 1ab1032adc4898d8dc64d01c6e292644
SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 3889efad716f23b9fedb5c0514779ee9
SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: 9df3cfa269bad6f903f8eabbaa36c02f
SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: e6c66692a8d49e2bbe5f682723186684
SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: c7a2ebd3e99b4556ef34e58bb09c3c1d
SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm
File outdated by:  RHSA-2013:0770		     MD5: b7609ea65d780db2960f0a0807f68bb3
SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)


References

https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-1486.html
https://access.redhat.com/security/updates/classification/#important
http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.8/NEWS

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/