Red Hat Customer Portal

Skip to main content

Security Advisory Critical: java-1.7.0-ibm security update

Advisory: RHSA-2014:1876-1
Type: Security Advisory
Severity: Critical
Issued on: 2014-11-19
Last updated on: 2014-11-19
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
CVEs (cve.mitre.org): CVE-2014-3065
CVE-2014-3566
CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6476
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6515
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558

Details

Updated java-1.7.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-3065, CVE-2014-3566,
CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,
CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,
CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531,
CVE-2014-6532, CVE-2014-6558)

The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.

Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to
address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM
article linked to in the References section for additional details about
this change and instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR8 release. All running instances
of IBM Java must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Updated packages

RHEL Desktop Supplementary (v. 5 client)

IA-32:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 52d26ef58eb2ff547e67ab37597eabdc
SHA-256: a6537771e1f30af9e5e3e12ac659b461b3aa534eb8961088868aff9d450f9d55
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 945f7b150b2cf18d221d9ca214d935f9
SHA-256: 52574956264c734de47debf5f4cd7e74ade76c62866f67bc0bfad0acd19ae335
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9f5ccf003ab50fee1dbbd0d811e09f3d
SHA-256: c93c069a90ac6f3210118c87e205c8c56fcb39e046cf6268e8dfe7d78e36eeb2
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9ee95994e3a55c092e9ec26e89af7fbd
SHA-256: c9324cf882b1ecfedf2b8ef7e6cc639a2b92e8c97aabfccfeded0c593e070f8f
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: b0145e95d60e9b847f8a8999fc18f9d4
SHA-256: 87cc33c060bc222f13f801a08c344905b2410aaf373ae68bbfb71e17aae8f09b
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: e3b4d2ae2fe956bf79009afd22670088
SHA-256: dde855d4a7e9002a81662d3e8e3ab4284a7228c4b3f59e02caddb00a730e554e
 
x86_64:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 52d26ef58eb2ff547e67ab37597eabdc
SHA-256: a6537771e1f30af9e5e3e12ac659b461b3aa534eb8961088868aff9d450f9d55
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: d7c12d1caa6956e90a26d1bbd6e0cc78
SHA-256: be432c47eb3c002c6af28b3fb53a94788df519842f03909c4979e313638a21e9
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 945f7b150b2cf18d221d9ca214d935f9
SHA-256: 52574956264c734de47debf5f4cd7e74ade76c62866f67bc0bfad0acd19ae335
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 049e1e41c3134f2bebda3d57e1197192
SHA-256: ec45313567f74517e1ea835a8a84e9f36a740c9214d6492864576afe2b971f1f
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9f5ccf003ab50fee1dbbd0d811e09f3d
SHA-256: c93c069a90ac6f3210118c87e205c8c56fcb39e046cf6268e8dfe7d78e36eeb2
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 850174fda3520b0b5c8d87b25400fa60
SHA-256: 625ed0cf38eb5b41c9e9a8482f03cf9e4c40b1107fd2c18436a46ccbae40a829
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9ee95994e3a55c092e9ec26e89af7fbd
SHA-256: c9324cf882b1ecfedf2b8ef7e6cc639a2b92e8c97aabfccfeded0c593e070f8f
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 32dac497d0c4e8ef8e4ffbcbe8bc48cc
SHA-256: 668857422c686b92719705484d60b6cae2f9b88cee2a22eb601bda1d968f8f3c
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: b0145e95d60e9b847f8a8999fc18f9d4
SHA-256: 87cc33c060bc222f13f801a08c344905b2410aaf373ae68bbfb71e17aae8f09b
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 0f84e1eabce4661faa8355ee0a7dd755
SHA-256: 2e9fe835e2b89c3073062147afa4f099146ed660ba1ac9504e731bb426a72ed4
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: e3b4d2ae2fe956bf79009afd22670088
SHA-256: dde855d4a7e9002a81662d3e8e3ab4284a7228c4b3f59e02caddb00a730e554e
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: cf855b16562be59b13eb709d6c62666f
SHA-256: 5f0b634e73c899f833afc2351cf2521bf4f6a0369a1b924a5bad6917f95aa9a5
 
RHEL Supplementary (v. 5 server)

IA-32:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 52d26ef58eb2ff547e67ab37597eabdc
SHA-256: a6537771e1f30af9e5e3e12ac659b461b3aa534eb8961088868aff9d450f9d55
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 945f7b150b2cf18d221d9ca214d935f9
SHA-256: 52574956264c734de47debf5f4cd7e74ade76c62866f67bc0bfad0acd19ae335
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9f5ccf003ab50fee1dbbd0d811e09f3d
SHA-256: c93c069a90ac6f3210118c87e205c8c56fcb39e046cf6268e8dfe7d78e36eeb2
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9ee95994e3a55c092e9ec26e89af7fbd
SHA-256: c9324cf882b1ecfedf2b8ef7e6cc639a2b92e8c97aabfccfeded0c593e070f8f
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: b0145e95d60e9b847f8a8999fc18f9d4
SHA-256: 87cc33c060bc222f13f801a08c344905b2410aaf373ae68bbfb71e17aae8f09b
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: e3b4d2ae2fe956bf79009afd22670088
SHA-256: dde855d4a7e9002a81662d3e8e3ab4284a7228c4b3f59e02caddb00a730e554e
 
PPC:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2016:1589
    MD5: b0aa9809a87b3a652224dd8eb72f8c0d
SHA-256: 61869f0e4d99d9d6822ed002831ce7073a887813e8ebe3bfa2223473d165905d
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 8b42feffa97c87d9e0e494585bd02c83
SHA-256: d027b10983c83bf4ea4573e6ba345f89e2ff4d13845fb76b248f7f9e3604e27e
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2016:1589
    MD5: 1ec29a358099c35392731411663fbb6f
SHA-256: 52033e5bf581995ba676c0f05b644edf24efb84e0184b757653ad43464f58db2
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
File outdated by:  RHSA-2016:1589
    MD5: f2dc4294128fcf7cfa57f72199ebf30b
SHA-256: 18246198126d75846fc96e742cf4f9e2095485cfc74cfa4f258c37195e9bbec9
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2016:1589
    MD5: 324c3873dbab84afbd32e33105a5a364
SHA-256: 1a0b939b355bdd152115a262c575692628696140090ec80119e5c6c552f37d39
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 7ae6560d1d6346612a0d86cd196dadbf
SHA-256: 9565f3b14bd94eadb72b99f4ce10483714d2e00222f3fa3d0530f73f5a91addd
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2016:1589
    MD5: 7f1aa7eda427f035c6f31500c82a39dc
SHA-256: 2ff30f068efc58ddd3dde5d9c609715cc8adf0c7a6fe65f66a5c5de3599bf1aa
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 235e0133099f633dbe71a842cc70b36a
SHA-256: 57879d32053b718ca4cb1b40bcd1c031b3d0deb0ae23cf35b83e67dc3b2140c8
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2016:1589
    MD5: 185d631a033ace29550dce1c1c8296fa
SHA-256: d3b3175e8943beee06010163b2a55dbd049b3a32e6f29ab55ee793bb7ccd1bc4
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc.rpm
File outdated by:  RHSA-2016:1589
    MD5: 23447795e2a783cf786ec72114a9353f
SHA-256: c3583abc449a3a45d12b4e487f78731a8f02ff51b157f7e880ddbfa3bb6ec19a
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.ppc64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 15278d6df68d787058184ceedcd95c07
SHA-256: c22a41a90ed6da735b85880fdf2a161bd66cf82ed11d1f9c2091dcde4c45dc38
 
s390x:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2016:1589
    MD5: 01751f637ddd7a9164447a8b0cefa9e4
SHA-256: ae563bfdff3f71a74d11cd290c9d76e0c1753259023ff5848e84a8a4c5423dd3
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2016:1589
    MD5: 234fead2ee0f659ab81c8bc230f5892e
SHA-256: 21be03871a1ee146408c7eac2572d5d9e7f4f194a6a8f109c2091de4268faa90
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2016:1589
    MD5: 8d5a8ea2054b5ed7948decf222db72ba
SHA-256: d59999c9a248c072c1b1e8b0ef7456954140458888adb4df87bf9c6af94dab7a
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2016:1589
    MD5: 29d58f7b0fccce5749d4b7d157edad2b
SHA-256: 038dcc087ce9464249b2932790a698e020f5fb8b7fd8900ba422a6b4d858e928
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2016:1589
    MD5: ceb63ddca6ac1a9d8f994cbf49b96c4f
SHA-256: 99e9c91662567f609f52e87754c6dba46865f495c33a56d75e869dc82c379387
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2016:1589
    MD5: 2b0fa55a7c18905650811b2a239d4ab4
SHA-256: cee6d99a19b45626e65c097ce24ca145378fdea07cc6157daf07fed3fed23589
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2016:1589
    MD5: 44ed6ff48484941db93feb404b74034a
SHA-256: 1c2af52ead08e274b736ed8bea60c9a7f2702a25b3fe00a2c44f77cb98eadb79
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2016:1589
    MD5: 280ba626fec1c543489fc1340902fa69
SHA-256: 3d5f72ab67408bb4c3146c8f07f05da9673ae9f008fb04d782306771fc74d7ad
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390.rpm
File outdated by:  RHSA-2016:1589
    MD5: d3ebf74af49e25317baf455e18a9465b
SHA-256: a844a7793c950d193fd189f8d69c4025898082a58755ea7b8df47f6d5e2d2537
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.s390x.rpm
File outdated by:  RHSA-2016:1589
    MD5: dcbc346b5688dfb04b00061f705c46a3
SHA-256: 741a006428350ac1110ab2f4e408f5f2ec374b0281c04966e802484c02349a0e
 
x86_64:
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 52d26ef58eb2ff547e67ab37597eabdc
SHA-256: a6537771e1f30af9e5e3e12ac659b461b3aa534eb8961088868aff9d450f9d55
java-1.7.0-ibm-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: d7c12d1caa6956e90a26d1bbd6e0cc78
SHA-256: be432c47eb3c002c6af28b3fb53a94788df519842f03909c4979e313638a21e9
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 945f7b150b2cf18d221d9ca214d935f9
SHA-256: 52574956264c734de47debf5f4cd7e74ade76c62866f67bc0bfad0acd19ae335
java-1.7.0-ibm-demo-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 049e1e41c3134f2bebda3d57e1197192
SHA-256: ec45313567f74517e1ea835a8a84e9f36a740c9214d6492864576afe2b971f1f
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9f5ccf003ab50fee1dbbd0d811e09f3d
SHA-256: c93c069a90ac6f3210118c87e205c8c56fcb39e046cf6268e8dfe7d78e36eeb2
java-1.7.0-ibm-devel-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 850174fda3520b0b5c8d87b25400fa60
SHA-256: 625ed0cf38eb5b41c9e9a8482f03cf9e4c40b1107fd2c18436a46ccbae40a829
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: 9ee95994e3a55c092e9ec26e89af7fbd
SHA-256: c9324cf882b1ecfedf2b8ef7e6cc639a2b92e8c97aabfccfeded0c593e070f8f
java-1.7.0-ibm-jdbc-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 32dac497d0c4e8ef8e4ffbcbe8bc48cc
SHA-256: 668857422c686b92719705484d60b6cae2f9b88cee2a22eb601bda1d968f8f3c
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: b0145e95d60e9b847f8a8999fc18f9d4
SHA-256: 87cc33c060bc222f13f801a08c344905b2410aaf373ae68bbfb71e17aae8f09b
java-1.7.0-ibm-plugin-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: 0f84e1eabce4661faa8355ee0a7dd755
SHA-256: 2e9fe835e2b89c3073062147afa4f099146ed660ba1ac9504e731bb426a72ed4
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.i386.rpm
File outdated by:  RHSA-2016:1589
    MD5: e3b4d2ae2fe956bf79009afd22670088
SHA-256: dde855d4a7e9002a81662d3e8e3ab4284a7228c4b3f59e02caddb00a730e554e
java-1.7.0-ibm-src-1.7.0.8.0-1jpp.1.el5.x86_64.rpm
File outdated by:  RHSA-2016:1589
    MD5: cf855b16562be59b13eb709d6c62666f
SHA-256: 5f0b634e73c899f833afc2351cf2521bf4f6a0369a1b924a5bad6917f95aa9a5
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1071210 - CVE-2014-6512 OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)
1150155 - CVE-2014-6506 OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)
1150651 - CVE-2014-6531 OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274)
1150669 - CVE-2014-6502 OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)
1151046 - CVE-2014-6457 OpenJDK: Triple Handshake attack against TLS/SSL connections (JSSE, 8037066)
1151063 - CVE-2014-6558 OpenJDK: CipherInputStream incorrect exception handling (Security, 8037846)
1151517 - CVE-2014-6511 ICU: Layout Engine ContextualSubstitution missing boundary checks (JDK 2D, 8041540)
1152756 - CVE-2014-6532 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152757 - CVE-2014-6503 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152758 - CVE-2014-6456 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)
1152759 - CVE-2014-6492 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152760 - CVE-2014-6493 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152761 - CVE-2014-4288 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152763 - CVE-2014-6458 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152765 - CVE-2014-6476 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)
1152766 - CVE-2014-6515 Oracle JDK: unspecified vulnerability fixed in 6u85, 7u71 and 8u25 (Deployment)
1152767 - CVE-2014-6527 Oracle JDK: unspecified vulnerability fixed in 7u71 and 8u25 (Deployment)
1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
1162554 - CVE-2014-3065 IBM JDK: privilege escalation via shared class cache


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/