Security Advisory Critical: java-1.7.0-oracle security update

Advisory: RHSA-2017:0176-3
Type: Security Advisory
Severity: Critical
Issued on: 2017-01-19
Last updated on: 2017-01-19
Affected Products: Oracle Java for RHEL (v. 5 server)
Oracle Java for RHEL Desktop (v. 5 client)
Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)
Oracle Java for Red Hat Enterprise Linux Desktop (v. 7)
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 7)
Oracle Java for Red Hat Enterprise Linux Server (v. 6)
Oracle Java for Red Hat Enterprise Linux Server (v. 7)
Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2016-5546
CVE-2016-5547
CVE-2016-5548
CVE-2016-5549
CVE-2016-5552
CVE-2017-3231
CVE-2017-3241
CVE-2017-3252
CVE-2017-3253
CVE-2017-3259
CVE-2017-3261
CVE-2017-3272
CVE-2017-3289

Details

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat
Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6, and Oracle Java
for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the
Oracle Java Software Development Kit.

This update upgrades Oracle Java SE 7 to version 7 Update 131.

Security Fix(es):

* This update fixes multiple vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further information
about these flaws can be found on the Oracle Java SE Critical Patch Update
Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546,
CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231,
CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261,
CVE-2017-3272, CVE-2017-3289)

This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to
the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms
security property) so they are only used if connecting TLS/SSL client and server
do not share any other non-legacy cipher suite.


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Oracle Java must be restarted for this update to take
effect.

Updated packages

Oracle Java for RHEL (v. 5 server)

IA-32:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: 5cb00417070a5e97e25ffcf16fd4ea13
SHA-256: 70e0330dda0e0e4a676568ff10ff68da570de93ed437746044cc797a83682d9f
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: 29db5e406c069f31ec8236f0e0e4abfa
SHA-256: 53259d3fbff41d0649f1f98a7dc5145292c0e93c08e312d8d2bb441b83377b79
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: f803dcb8e9e2a3dfea08be91c608349a
SHA-256: 17d7a5bd8fe35c87be5d35cb0a2e61e64e62779dbdd1273d5e0cef30f04824e9
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: fc29c88c2b09e8c4d1373cf57a21d666
SHA-256: 8c1d4e68b922c4bb75528bb57f5de046d6ddde7a27a11df67cc73ff18928b473
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: cb7ce152e5683e0a9e10c1851c4c2b8f
SHA-256: e77179d0ae644a91222cfafc52b71393634402fc85e8b2fc036333fb717edbb1
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: c819e26a460c9ed3391017701fd2e869
SHA-256: 351f7abfb12c6dff66393e44fbe57577bedcd70f64d81bab220ecf5130c5b8cf
 
x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: 886708d19610560e487e878168b7e88e
SHA-256: 9a280f3d55e94a5f5557dc374e669dd0eff82755bb6a4bdd047abb9a40abefb7
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: b85575762b1c063c8ba56e94515ca51d
SHA-256: 077b1c281bdebaa685570ce0fdb46dbcf14083ba6495ba64c406acb977f2466e
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: 4e70a4eca7a4977523411cd188d473ca
SHA-256: 5ea786553f0868afd1d2b3e8a817b8f31b9f1aa1a448aa8ed8297bdc98c7a41b
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: b6c96bb3e400f36b90f63416be75ce63
SHA-256: 38580d5a5d1c964de7f3c9703018038eb21fa47e492eb5692722284d8cf24782
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: c4cd61a4bbe7a2d6a8af49e2a88c0064
SHA-256: 14bc38ae533408fd23e5f0fd873d9d0397f6384a4ad69a41a4a280760f6ab421
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: 4baf6c40500636d7dbf494666e153230
SHA-256: a2bf039560b9bfbb0c9bc40b16aa11279d13fb92307e356649942993d551b0ab
 
Oracle Java for RHEL Desktop (v. 5 client)

IA-32:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: 5cb00417070a5e97e25ffcf16fd4ea13
SHA-256: 70e0330dda0e0e4a676568ff10ff68da570de93ed437746044cc797a83682d9f
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: 29db5e406c069f31ec8236f0e0e4abfa
SHA-256: 53259d3fbff41d0649f1f98a7dc5145292c0e93c08e312d8d2bb441b83377b79
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: f803dcb8e9e2a3dfea08be91c608349a
SHA-256: 17d7a5bd8fe35c87be5d35cb0a2e61e64e62779dbdd1273d5e0cef30f04824e9
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: fc29c88c2b09e8c4d1373cf57a21d666
SHA-256: 8c1d4e68b922c4bb75528bb57f5de046d6ddde7a27a11df67cc73ff18928b473
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: cb7ce152e5683e0a9e10c1851c4c2b8f
SHA-256: e77179d0ae644a91222cfafc52b71393634402fc85e8b2fc036333fb717edbb1
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.i586.rpm     MD5: c819e26a460c9ed3391017701fd2e869
SHA-256: 351f7abfb12c6dff66393e44fbe57577bedcd70f64d81bab220ecf5130c5b8cf
 
x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: 886708d19610560e487e878168b7e88e
SHA-256: 9a280f3d55e94a5f5557dc374e669dd0eff82755bb6a4bdd047abb9a40abefb7
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: b85575762b1c063c8ba56e94515ca51d
SHA-256: 077b1c281bdebaa685570ce0fdb46dbcf14083ba6495ba64c406acb977f2466e
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: 4e70a4eca7a4977523411cd188d473ca
SHA-256: 5ea786553f0868afd1d2b3e8a817b8f31b9f1aa1a448aa8ed8297bdc98c7a41b
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: b6c96bb3e400f36b90f63416be75ce63
SHA-256: 38580d5a5d1c964de7f3c9703018038eb21fa47e492eb5692722284d8cf24782
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: c4cd61a4bbe7a2d6a8af49e2a88c0064
SHA-256: 14bc38ae533408fd23e5f0fd873d9d0397f6384a4ad69a41a4a280760f6ab421
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el5_11.x86_64.rpm     MD5: 4baf6c40500636d7dbf494666e153230
SHA-256: a2bf039560b9bfbb0c9bc40b16aa11279d13fb92307e356649942993d551b0ab
 
Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)

IA-32:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6f1779c8db0033d31b13828140a60be0
SHA-256: 5cf061481061b1c9d5d8f6150d835b6e71f67632426856ce60bee594b71deb72
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 428c06f2b67a411ccd02bdc544636aab
SHA-256: a276e4dfa65511e31caac9bfdfeb7d96586eab5e9fb0a04f27b914371024a919
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 0914f29404513d74148f5787978847fa
SHA-256: 32b4c1f355593884644315be4c1b7458e4d69b6fd78be138e7a328a301ff82cc
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6742ed00fcd9de05c7869dee357c7f7c
SHA-256: 87a0ecf3a86fffe4060889c591f50a293eae5b619e861163cbdfb602ddbbc44f
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 398996d8fbe8d8fecc7cbda462687250
SHA-256: 986bc83f1b6e2f9732a5e4226fcb6a8e5165b3af50f44825fdb74d4b0d71c050
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 5066cf5e34d57a3029082f1bb5731c51
SHA-256: 1c221ef037ff9a5c6ad45137a4746404ca893e63bac6568a0b30821d23ed41d9
 
x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 56eeca2bf7d72d6ea73def605d0a3bc5
SHA-256: c7f12ea61274279a08a5fe3942b68884beb53e82469aaa1dce40ac9ed8bda875
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 8b7cab96a0ada0fb86c710e688af9979
SHA-256: 3a2aa09ecb78b628d6ae69c2c86ac6c2da9a0dc7af04789247f11606563f09b2
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: cf16f03c72296b3c746245582dc562d6
SHA-256: 83e01bd05ce31691cecf2786c27ca7ffb47808f3e1ec04ed83ebaaf0915465d7
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: f0b465a99d182f6b83da9024c248898a
SHA-256: 5ea47210d00def7a5b986ba7396cee9ab5c08af6d7d508813b01e4dfd736e97c
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6c1b3e79c75467e7a2c0decf2bafabca
SHA-256: 2603f82edc86db9784bf4b70afa1692828036f1becbe05d5263b220b7a4b0bbe
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4e35f52077cf77b8193934e783073f1e
SHA-256: c9965da201d0b9e2a4463fd59d05cf37ee5bc373c506477f3864e4bdf3b50e48
 
Oracle Java for Red Hat Enterprise Linux Desktop (v. 7)

x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4c021440e7328ea9553f5c30c19fd0d4
SHA-256: 1b518cece69c61d5ea4f83679406a553a83a138bd259a412f2d6bad906f0aba4
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c2bde897ab29bdedbd52da93388a61d2
SHA-256: 196b405b16b26d3c9ae905d2b17854d7bee066677d1301c051a0b4499f186070
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 78ea6db941ff3de0bd309a82c006c92b
SHA-256: 955ffbd3f7cd6c0f5c0e1f945a43db580270b66f37d13a1ccb34742fdadd2dde
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 9857a7d41fc043040613f617c6782135
SHA-256: dcee118b96c07dd48daa5a3eb637e24e9852dc53d5bb3195f9ef8632d51f9477
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 31bded94e1a263f5ab7c0e283556a77a
SHA-256: b9e036474173e7fd9bebf543e0aff3e24d7253f45bb31991d91b9a0026d85d4f
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: bc1b75e5fe1ad6db82675367bf3eaded
SHA-256: e4f198b5acde1e2c55e0e50938c1134b516d5d85edd6c1c98c3f7c8f97ef8bff
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: d3d2e47e62e2c2d1e312c932c7ee89c8
SHA-256: 3c31d1d8858b6b4313ed93fd8c938209919b1e55d5dbd342512285db1204624f
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c37be022e661150e04320d6ce69f1321
SHA-256: f3205203e562e458b97ba0ff444c7f9a411299ef9f514b040af87697bf75442e
 
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)

x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 56eeca2bf7d72d6ea73def605d0a3bc5
SHA-256: c7f12ea61274279a08a5fe3942b68884beb53e82469aaa1dce40ac9ed8bda875
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 8b7cab96a0ada0fb86c710e688af9979
SHA-256: 3a2aa09ecb78b628d6ae69c2c86ac6c2da9a0dc7af04789247f11606563f09b2
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: cf16f03c72296b3c746245582dc562d6
SHA-256: 83e01bd05ce31691cecf2786c27ca7ffb47808f3e1ec04ed83ebaaf0915465d7
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: f0b465a99d182f6b83da9024c248898a
SHA-256: 5ea47210d00def7a5b986ba7396cee9ab5c08af6d7d508813b01e4dfd736e97c
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6c1b3e79c75467e7a2c0decf2bafabca
SHA-256: 2603f82edc86db9784bf4b70afa1692828036f1becbe05d5263b220b7a4b0bbe
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4e35f52077cf77b8193934e783073f1e
SHA-256: c9965da201d0b9e2a4463fd59d05cf37ee5bc373c506477f3864e4bdf3b50e48
 
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 7)

x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4c021440e7328ea9553f5c30c19fd0d4
SHA-256: 1b518cece69c61d5ea4f83679406a553a83a138bd259a412f2d6bad906f0aba4
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c2bde897ab29bdedbd52da93388a61d2
SHA-256: 196b405b16b26d3c9ae905d2b17854d7bee066677d1301c051a0b4499f186070
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 78ea6db941ff3de0bd309a82c006c92b
SHA-256: 955ffbd3f7cd6c0f5c0e1f945a43db580270b66f37d13a1ccb34742fdadd2dde
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 9857a7d41fc043040613f617c6782135
SHA-256: dcee118b96c07dd48daa5a3eb637e24e9852dc53d5bb3195f9ef8632d51f9477
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 31bded94e1a263f5ab7c0e283556a77a
SHA-256: b9e036474173e7fd9bebf543e0aff3e24d7253f45bb31991d91b9a0026d85d4f
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c37be022e661150e04320d6ce69f1321
SHA-256: f3205203e562e458b97ba0ff444c7f9a411299ef9f514b040af87697bf75442e
 
Oracle Java for Red Hat Enterprise Linux Server (v. 6)

IA-32:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6f1779c8db0033d31b13828140a60be0
SHA-256: 5cf061481061b1c9d5d8f6150d835b6e71f67632426856ce60bee594b71deb72
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 428c06f2b67a411ccd02bdc544636aab
SHA-256: a276e4dfa65511e31caac9bfdfeb7d96586eab5e9fb0a04f27b914371024a919
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 0914f29404513d74148f5787978847fa
SHA-256: 32b4c1f355593884644315be4c1b7458e4d69b6fd78be138e7a328a301ff82cc
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6742ed00fcd9de05c7869dee357c7f7c
SHA-256: 87a0ecf3a86fffe4060889c591f50a293eae5b619e861163cbdfb602ddbbc44f
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 398996d8fbe8d8fecc7cbda462687250
SHA-256: 986bc83f1b6e2f9732a5e4226fcb6a8e5165b3af50f44825fdb74d4b0d71c050
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 5066cf5e34d57a3029082f1bb5731c51
SHA-256: 1c221ef037ff9a5c6ad45137a4746404ca893e63bac6568a0b30821d23ed41d9
 
x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 56eeca2bf7d72d6ea73def605d0a3bc5
SHA-256: c7f12ea61274279a08a5fe3942b68884beb53e82469aaa1dce40ac9ed8bda875
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 8b7cab96a0ada0fb86c710e688af9979
SHA-256: 3a2aa09ecb78b628d6ae69c2c86ac6c2da9a0dc7af04789247f11606563f09b2
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: cf16f03c72296b3c746245582dc562d6
SHA-256: 83e01bd05ce31691cecf2786c27ca7ffb47808f3e1ec04ed83ebaaf0915465d7
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: f0b465a99d182f6b83da9024c248898a
SHA-256: 5ea47210d00def7a5b986ba7396cee9ab5c08af6d7d508813b01e4dfd736e97c
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6c1b3e79c75467e7a2c0decf2bafabca
SHA-256: 2603f82edc86db9784bf4b70afa1692828036f1becbe05d5263b220b7a4b0bbe
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4e35f52077cf77b8193934e783073f1e
SHA-256: c9965da201d0b9e2a4463fd59d05cf37ee5bc373c506477f3864e4bdf3b50e48
 
Oracle Java for Red Hat Enterprise Linux Server (v. 7)

x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4c021440e7328ea9553f5c30c19fd0d4
SHA-256: 1b518cece69c61d5ea4f83679406a553a83a138bd259a412f2d6bad906f0aba4
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c2bde897ab29bdedbd52da93388a61d2
SHA-256: 196b405b16b26d3c9ae905d2b17854d7bee066677d1301c051a0b4499f186070
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 78ea6db941ff3de0bd309a82c006c92b
SHA-256: 955ffbd3f7cd6c0f5c0e1f945a43db580270b66f37d13a1ccb34742fdadd2dde
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 9857a7d41fc043040613f617c6782135
SHA-256: dcee118b96c07dd48daa5a3eb637e24e9852dc53d5bb3195f9ef8632d51f9477
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 31bded94e1a263f5ab7c0e283556a77a
SHA-256: b9e036474173e7fd9bebf543e0aff3e24d7253f45bb31991d91b9a0026d85d4f
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: bc1b75e5fe1ad6db82675367bf3eaded
SHA-256: e4f198b5acde1e2c55e0e50938c1134b516d5d85edd6c1c98c3f7c8f97ef8bff
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: d3d2e47e62e2c2d1e312c932c7ee89c8
SHA-256: 3c31d1d8858b6b4313ed93fd8c938209919b1e55d5dbd342512285db1204624f
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c37be022e661150e04320d6ce69f1321
SHA-256: f3205203e562e458b97ba0ff444c7f9a411299ef9f514b040af87697bf75442e
 
Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)

IA-32:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6f1779c8db0033d31b13828140a60be0
SHA-256: 5cf061481061b1c9d5d8f6150d835b6e71f67632426856ce60bee594b71deb72
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 428c06f2b67a411ccd02bdc544636aab
SHA-256: a276e4dfa65511e31caac9bfdfeb7d96586eab5e9fb0a04f27b914371024a919
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 0914f29404513d74148f5787978847fa
SHA-256: 32b4c1f355593884644315be4c1b7458e4d69b6fd78be138e7a328a301ff82cc
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6742ed00fcd9de05c7869dee357c7f7c
SHA-256: 87a0ecf3a86fffe4060889c591f50a293eae5b619e861163cbdfb602ddbbc44f
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 398996d8fbe8d8fecc7cbda462687250
SHA-256: 986bc83f1b6e2f9732a5e4226fcb6a8e5165b3af50f44825fdb74d4b0d71c050
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 5066cf5e34d57a3029082f1bb5731c51
SHA-256: 1c221ef037ff9a5c6ad45137a4746404ca893e63bac6568a0b30821d23ed41d9
 
x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 56eeca2bf7d72d6ea73def605d0a3bc5
SHA-256: c7f12ea61274279a08a5fe3942b68884beb53e82469aaa1dce40ac9ed8bda875
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 8b7cab96a0ada0fb86c710e688af9979
SHA-256: 3a2aa09ecb78b628d6ae69c2c86ac6c2da9a0dc7af04789247f11606563f09b2
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: cf16f03c72296b3c746245582dc562d6
SHA-256: 83e01bd05ce31691cecf2786c27ca7ffb47808f3e1ec04ed83ebaaf0915465d7
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: f0b465a99d182f6b83da9024c248898a
SHA-256: 5ea47210d00def7a5b986ba7396cee9ab5c08af6d7d508813b01e4dfd736e97c
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 6c1b3e79c75467e7a2c0decf2bafabca
SHA-256: 2603f82edc86db9784bf4b70afa1692828036f1becbe05d5263b220b7a4b0bbe
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el6_8.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4e35f52077cf77b8193934e783073f1e
SHA-256: c9965da201d0b9e2a4463fd59d05cf37ee5bc373c506477f3864e4bdf3b50e48
 
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7)

x86_64:
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 4c021440e7328ea9553f5c30c19fd0d4
SHA-256: 1b518cece69c61d5ea4f83679406a553a83a138bd259a412f2d6bad906f0aba4
java-1.7.0-oracle-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c2bde897ab29bdedbd52da93388a61d2
SHA-256: 196b405b16b26d3c9ae905d2b17854d7bee066677d1301c051a0b4499f186070
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.i686.rpm
File outdated by:  RHSA-2017:1118
    MD5: 78ea6db941ff3de0bd309a82c006c92b
SHA-256: 955ffbd3f7cd6c0f5c0e1f945a43db580270b66f37d13a1ccb34742fdadd2dde
java-1.7.0-oracle-devel-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 9857a7d41fc043040613f617c6782135
SHA-256: dcee118b96c07dd48daa5a3eb637e24e9852dc53d5bb3195f9ef8632d51f9477
java-1.7.0-oracle-javafx-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: 31bded94e1a263f5ab7c0e283556a77a
SHA-256: b9e036474173e7fd9bebf543e0aff3e24d7253f45bb31991d91b9a0026d85d4f
java-1.7.0-oracle-jdbc-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: bc1b75e5fe1ad6db82675367bf3eaded
SHA-256: e4f198b5acde1e2c55e0e50938c1134b516d5d85edd6c1c98c3f7c8f97ef8bff
java-1.7.0-oracle-plugin-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: d3d2e47e62e2c2d1e312c932c7ee89c8
SHA-256: 3c31d1d8858b6b4313ed93fd8c938209919b1e55d5dbd342512285db1204624f
java-1.7.0-oracle-src-1.7.0.131-1jpp.1.el7_3.x86_64.rpm
File outdated by:  RHSA-2017:1118
    MD5: c37be022e661150e04320d6ce69f1321
SHA-256: f3205203e562e458b97ba0ff444c7f9a411299ef9f514b040af87697bf75442e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
1413554 - CVE-2017-3272 OpenJDK: insufficient protected field access checks in atomic field updaters (Libraries, 8165344)
1413562 - CVE-2017-3289 OpenJDK: insecure class construction (Hotspot, 8167104)
1413583 - CVE-2017-3253 OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
1413653 - CVE-2017-3261 OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)
1413717 - CVE-2017-3231 OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)
1413764 - CVE-2016-5547 OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
1413882 - CVE-2016-5552 OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)
1413906 - CVE-2017-3252 OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
1413911 - CVE-2016-5546 OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
1413920 - CVE-2016-5548 OpenJDK: DSA implementation timing attack (Libraries, 8168728)
1413923 - CVE-2016-5549 OpenJDK: ECDSA implementation timing attack (Libraries, 8168724)
1413955 - CVE-2017-3241 OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)
1414163 - CVE-2017-3259 Oracle JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/