Red Hat Customer Portal

Skip to main content

Security Advisory Critical: java-1.8.0-oracle security update

Advisory: RHSA-2016:0055-1
Type: Security Advisory
Severity: Critical
Issued on: 2016-01-21
Last updated on: 2016-01-21
Affected Products: Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)
Oracle Java for Red Hat Enterprise Linux Desktop (v. 7)
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 7)
Oracle Java for Red Hat Enterprise Linux Server (v. 6)
Oracle Java for Red Hat Enterprise Linux Server (v. 7)
Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2015-7575
CVE-2015-8126
CVE-2015-8472
CVE-2016-0402
CVE-2016-0448
CVE-2016-0466
CVE-2016-0475
CVE-2016-0483
CVE-2016-0494

Details

Updated java-1.8.0-oracle packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Oracle Java SE version 8 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448,
CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494)

Note: This update also disallows the use of the MD5 hash algorithm in the
certification path processing. The use of MD5 can be re-enabled by removing
MD5 from the jdk.certpath.disabledAlgorithms security property defined in
the java.security file.

All users of java-1.8.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 8 Update 71 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Updated packages

Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)

IA-32:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: 39cc6943fda8c552963a156b35cd6ce9
SHA-256: 70872da45c8ef232c514507625b41bf3780a6a0ded35f95c1f387bdc9b143f0e
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: a94aafea45a83ff20e925eaad17c995b
SHA-256: 5f0929b36f714030a506e67731ebd458a5b916fa9a73cac5c990888af2482014
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: c23855df5dc75f9ad727c71173642581
SHA-256: a9133496f6c7897bc2df21d8e8e0b4030feddf67a0d52e79620ea03649b61def
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: a4f48c4ecf0c0ee1d06e35d2c0d8422d
SHA-256: cbbd0c1a166c519d82125b541579be2987abd2c8be27512c7e4049283f2544c8
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: c0e9c629e718ada71ba0afd925f4cba8
SHA-256: 0257cf5c723fcd35d3ba00d2e90b1af6e32684991cd94e5a550dba5854a19ff1
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: 34cbe5b129a62e718e65c7536a3bdeed
SHA-256: fcc6dc8dee1594d73414107d8fcccea5434ece9a00d267d919fd1ac0a9e7eae7
 
x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5a217952277b822223b5ed5638a50a29
SHA-256: 7a8c6c1e65404db3cdad6d9d43e176f8c8c2f5284b09aff28c140a175e62081c
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b88a5b68bbef5975101eab957b94d95f
SHA-256: 0e776c446a96e5b5b16212e726021411805c5419e9fdae38c32aa36e879327d4
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c920da280b7355718483beb1d9fe3506
SHA-256: b5f7dfaceb39736cd19134d4065e8c4d5ec8651a70005cffe59e9863e70f68a7
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: e4006f477f1ef904a0ba88813999c13a
SHA-256: aa03f1e6b18515ee2b53e1a07703fc94df07a897549cbcbd104a6fb4f3049327
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5bc86164dff37fbf3e870f0867f4031b
SHA-256: 4fb0dbcbaa94c82c5daac875bd26b7ac669b761c8c721a7139d6f39b04e8c20e
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: aea41f4a3450912fb736f869ecac27da
SHA-256: f03bb954cbfbc0590c91c4eb694af8eb72e7fb84da905f9e97fa1735802bd6e8
 
Oracle Java for Red Hat Enterprise Linux Desktop (v. 7)

x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c38ae04ba8707f4911476895324697f7
SHA-256: f81812810cd1a5de2fbeb930ea3028227e6e0fb22e62afa230e77572ecc7691f
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b8e1153cd616493d6266d1cc209e1b05
SHA-256: 3d1756d2a3a255b364d0902aa7f239e95812740a18cc003964f23abaead33858
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: f4e33acf40646e22117cd9470a3a5b4a
SHA-256: 1cd586ba20760c8d9e0b98afbc97f4e1105aed38f0d3dfeca29bcbaee96330f9
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 939e0d928111f4013747181bc330468f
SHA-256: f3e41c309ef1a1f0904fbe93e57dd8c39be4621d9f3241f361b14caa0eae656a
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: a978a9abac3596181647b85eaeb6b878
SHA-256: 57f4cd01ca9088696c71d84f743b8ab1da3fe3ba61c9bead39931205368e9429
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 6c516836d44f1f9accf0973b4218d713
SHA-256: aada14fdb616a480b212209785f60dd7d2eb1c2f7025c58ee3f83ba3607c7ba0
 
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)

x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5a217952277b822223b5ed5638a50a29
SHA-256: 7a8c6c1e65404db3cdad6d9d43e176f8c8c2f5284b09aff28c140a175e62081c
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b88a5b68bbef5975101eab957b94d95f
SHA-256: 0e776c446a96e5b5b16212e726021411805c5419e9fdae38c32aa36e879327d4
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c920da280b7355718483beb1d9fe3506
SHA-256: b5f7dfaceb39736cd19134d4065e8c4d5ec8651a70005cffe59e9863e70f68a7
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: e4006f477f1ef904a0ba88813999c13a
SHA-256: aa03f1e6b18515ee2b53e1a07703fc94df07a897549cbcbd104a6fb4f3049327
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5bc86164dff37fbf3e870f0867f4031b
SHA-256: 4fb0dbcbaa94c82c5daac875bd26b7ac669b761c8c721a7139d6f39b04e8c20e
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: aea41f4a3450912fb736f869ecac27da
SHA-256: f03bb954cbfbc0590c91c4eb694af8eb72e7fb84da905f9e97fa1735802bd6e8
 
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 7)

x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c38ae04ba8707f4911476895324697f7
SHA-256: f81812810cd1a5de2fbeb930ea3028227e6e0fb22e62afa230e77572ecc7691f
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b8e1153cd616493d6266d1cc209e1b05
SHA-256: 3d1756d2a3a255b364d0902aa7f239e95812740a18cc003964f23abaead33858
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: f4e33acf40646e22117cd9470a3a5b4a
SHA-256: 1cd586ba20760c8d9e0b98afbc97f4e1105aed38f0d3dfeca29bcbaee96330f9
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 6c516836d44f1f9accf0973b4218d713
SHA-256: aada14fdb616a480b212209785f60dd7d2eb1c2f7025c58ee3f83ba3607c7ba0
 
Oracle Java for Red Hat Enterprise Linux Server (v. 6)

IA-32:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: 39cc6943fda8c552963a156b35cd6ce9
SHA-256: 70872da45c8ef232c514507625b41bf3780a6a0ded35f95c1f387bdc9b143f0e
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: a94aafea45a83ff20e925eaad17c995b
SHA-256: 5f0929b36f714030a506e67731ebd458a5b916fa9a73cac5c990888af2482014
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: c23855df5dc75f9ad727c71173642581
SHA-256: a9133496f6c7897bc2df21d8e8e0b4030feddf67a0d52e79620ea03649b61def
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: a4f48c4ecf0c0ee1d06e35d2c0d8422d
SHA-256: cbbd0c1a166c519d82125b541579be2987abd2c8be27512c7e4049283f2544c8
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: c0e9c629e718ada71ba0afd925f4cba8
SHA-256: 0257cf5c723fcd35d3ba00d2e90b1af6e32684991cd94e5a550dba5854a19ff1
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: 34cbe5b129a62e718e65c7536a3bdeed
SHA-256: fcc6dc8dee1594d73414107d8fcccea5434ece9a00d267d919fd1ac0a9e7eae7
 
x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5a217952277b822223b5ed5638a50a29
SHA-256: 7a8c6c1e65404db3cdad6d9d43e176f8c8c2f5284b09aff28c140a175e62081c
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b88a5b68bbef5975101eab957b94d95f
SHA-256: 0e776c446a96e5b5b16212e726021411805c5419e9fdae38c32aa36e879327d4
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c920da280b7355718483beb1d9fe3506
SHA-256: b5f7dfaceb39736cd19134d4065e8c4d5ec8651a70005cffe59e9863e70f68a7
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: e4006f477f1ef904a0ba88813999c13a
SHA-256: aa03f1e6b18515ee2b53e1a07703fc94df07a897549cbcbd104a6fb4f3049327
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5bc86164dff37fbf3e870f0867f4031b
SHA-256: 4fb0dbcbaa94c82c5daac875bd26b7ac669b761c8c721a7139d6f39b04e8c20e
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: aea41f4a3450912fb736f869ecac27da
SHA-256: f03bb954cbfbc0590c91c4eb694af8eb72e7fb84da905f9e97fa1735802bd6e8
 
Oracle Java for Red Hat Enterprise Linux Server (v. 7)

x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c38ae04ba8707f4911476895324697f7
SHA-256: f81812810cd1a5de2fbeb930ea3028227e6e0fb22e62afa230e77572ecc7691f
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b8e1153cd616493d6266d1cc209e1b05
SHA-256: 3d1756d2a3a255b364d0902aa7f239e95812740a18cc003964f23abaead33858
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: f4e33acf40646e22117cd9470a3a5b4a
SHA-256: 1cd586ba20760c8d9e0b98afbc97f4e1105aed38f0d3dfeca29bcbaee96330f9
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 939e0d928111f4013747181bc330468f
SHA-256: f3e41c309ef1a1f0904fbe93e57dd8c39be4621d9f3241f361b14caa0eae656a
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: a978a9abac3596181647b85eaeb6b878
SHA-256: 57f4cd01ca9088696c71d84f743b8ab1da3fe3ba61c9bead39931205368e9429
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 6c516836d44f1f9accf0973b4218d713
SHA-256: aada14fdb616a480b212209785f60dd7d2eb1c2f7025c58ee3f83ba3607c7ba0
 
Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)

IA-32:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: 39cc6943fda8c552963a156b35cd6ce9
SHA-256: 70872da45c8ef232c514507625b41bf3780a6a0ded35f95c1f387bdc9b143f0e
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: a94aafea45a83ff20e925eaad17c995b
SHA-256: 5f0929b36f714030a506e67731ebd458a5b916fa9a73cac5c990888af2482014
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: c23855df5dc75f9ad727c71173642581
SHA-256: a9133496f6c7897bc2df21d8e8e0b4030feddf67a0d52e79620ea03649b61def
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: a4f48c4ecf0c0ee1d06e35d2c0d8422d
SHA-256: cbbd0c1a166c519d82125b541579be2987abd2c8be27512c7e4049283f2544c8
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: c0e9c629e718ada71ba0afd925f4cba8
SHA-256: 0257cf5c723fcd35d3ba00d2e90b1af6e32684991cd94e5a550dba5854a19ff1
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el6_7.i686.rpm
File outdated by:  RHSA-2016:2088
    MD5: 34cbe5b129a62e718e65c7536a3bdeed
SHA-256: fcc6dc8dee1594d73414107d8fcccea5434ece9a00d267d919fd1ac0a9e7eae7
 
x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5a217952277b822223b5ed5638a50a29
SHA-256: 7a8c6c1e65404db3cdad6d9d43e176f8c8c2f5284b09aff28c140a175e62081c
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b88a5b68bbef5975101eab957b94d95f
SHA-256: 0e776c446a96e5b5b16212e726021411805c5419e9fdae38c32aa36e879327d4
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c920da280b7355718483beb1d9fe3506
SHA-256: b5f7dfaceb39736cd19134d4065e8c4d5ec8651a70005cffe59e9863e70f68a7
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: e4006f477f1ef904a0ba88813999c13a
SHA-256: aa03f1e6b18515ee2b53e1a07703fc94df07a897549cbcbd104a6fb4f3049327
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 5bc86164dff37fbf3e870f0867f4031b
SHA-256: 4fb0dbcbaa94c82c5daac875bd26b7ac669b761c8c721a7139d6f39b04e8c20e
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el6_7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: aea41f4a3450912fb736f869ecac27da
SHA-256: f03bb954cbfbc0590c91c4eb694af8eb72e7fb84da905f9e97fa1735802bd6e8
 
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)

x86_64:
java-1.8.0-oracle-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: c38ae04ba8707f4911476895324697f7
SHA-256: f81812810cd1a5de2fbeb930ea3028227e6e0fb22e62afa230e77572ecc7691f
java-1.8.0-oracle-devel-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: b8e1153cd616493d6266d1cc209e1b05
SHA-256: 3d1756d2a3a255b364d0902aa7f239e95812740a18cc003964f23abaead33858
java-1.8.0-oracle-javafx-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: f4e33acf40646e22117cd9470a3a5b4a
SHA-256: 1cd586ba20760c8d9e0b98afbc97f4e1105aed38f0d3dfeca29bcbaee96330f9
java-1.8.0-oracle-jdbc-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 939e0d928111f4013747181bc330468f
SHA-256: f3e41c309ef1a1f0904fbe93e57dd8c39be4621d9f3241f361b14caa0eae656a
java-1.8.0-oracle-plugin-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: a978a9abac3596181647b85eaeb6b878
SHA-256: 57f4cd01ca9088696c71d84f743b8ab1da3fe3ba61c9bead39931205368e9429
java-1.8.0-oracle-src-1.8.0.71-1jpp.1.el7.x86_64.rpm
File outdated by:  RHSA-2016:2088
    MD5: 6c516836d44f1f9accf0973b4218d713
SHA-256: aada14fdb616a480b212209785f60dd7d2eb1c2f7025c58ee3f83ba3607c7ba0
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1281756 - CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
1289841 - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
1298906 - CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)
1298949 - CVE-2016-0475 OpenJDK: PBE incorrect key lengths (Libraries, 8138589)
1298957 - CVE-2016-0402 OpenJDK: URL deserialization inconsistencies (Networking, 8059054)
1299073 - CVE-2016-0448 OpenJDK: logging of RMI connection secrets (JMX, 8130710)
1299385 - CVE-2016-0466 OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)
1299441 - CVE-2016-0483 OpenJDK: incorrect boundary check in JPEG decoder (AWT, 8139017)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/