Security Advisory Moderate: java-1.6.0-ibm security update

Advisory: RHSA-2017:1222-1
Type: Security Advisory
Severity: Moderate
Issued on: 2017-05-10
Last updated on: 2017-05-10
Affected Products: Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux HPC Node Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
CVEs (cve.mitre.org): CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
CVE-2017-1289
CVE-2017-3509
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544

Details

An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 6
Supplementary.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java
Software Development Kit.

This update upgrades IBM Java SE 6 to version 6 SR16-FP45.

Security Fix(es):

* This update fixes multiple vulnerabilities in the IBM Java Runtime Environment
and the IBM Java Software Development Kit. Further information about these flaws
can be found on the IBM Java Security Vulnerabilities page, listed in the
References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843,
CVE-2017-1289, CVE-2017-3509, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544)


Solution

For details on how to apply this update, which includes the changes described in
this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take
effect.

Updated packages

Red Hat Enterprise Linux Desktop Supplementary (v. 6)

IA-32:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: f6418fb8848d9ee27293e27899cbf10b
SHA-256: 661a15e54532578f799a335924be95215a438faed42992477922650492fb6147
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 44c7d333b9c3967837a3cb0abeebb599
SHA-256: d049604d75d5958f51221762ccd9243e9e78b491d8aa6af165d5d98ab0c4aa19
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: dbde65d89b5e630f2ddd19f9c7973f72
SHA-256: 78bb8086f94b96296542e56a5d8bdd3831706e17adc9673fcdd429f4e7c8c4b1
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 716665226bfb0fd8ab5c35bf86e053aa
SHA-256: a9c22e1115462e2443c99ec29d8903ddd4466b7c01f97b9904f390c21a5ecc0f
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: ebf9cd1290e2194d1a877135759993a9
SHA-256: d30d6ae5caa72e4455e625ec3c063a6ceec2789ec8c8a7ebd9a0fb6a0639fe72
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 5254fa1ef7c9432adc7a81be77c332bb
SHA-256: 48db991bcb2ea7ba7b5306e5795faab9236a806faa5f338d9261d4a179750315
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: bfde932617425f927bf0bbcdbdb94c90
SHA-256: 4144c437cc44b415a3366b7388e71539c58db8dfb3621ba102779d8d8c23bd7b
 
x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b33a4fbe4dc9418b132acf778658bcae
SHA-256: f4d20eede8454934986d2a489f685c6ab7f1f9094d2b018cd5a451d1639fc058
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 174f988275e9425a84d2f3e39bace2d8
SHA-256: db8050159c781f6d846cdb766351618c4178bb772336679ab1e2302dd9ce39a3
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 5926f57256f2810b50a2e2b6d1e03d7b
SHA-256: 50c53f00be870ca28133098719d0acb03a6d5463155716d64c37f8d1903b0586
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b430857349bb10a280c2a121773d18b2
SHA-256: 224af587ee903a1a52b3c694093aa7f01868f7e92724b7105d9732453bef12e2
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b139d8f8e60ae7cee8992d5208ac6a09
SHA-256: dd3a4170ea24b32aa815c15b036774f9a1064d692315057dcd4b724f68fa1cd9
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: dd4c74da3531ca1746561bef6c182d6d
SHA-256: d84ba8277ae8bc8733288baefe9d6c5131832c428d1062002cdaec713c9ee948
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 9277e0ce51796ec804913c217d689c87
SHA-256: e736222cfe76a2e0047a21c99d7d7e76c3d2580a518e1a9ddd272d94563f1c8c
 
Red Hat Enterprise Linux HPC Node Supplementary (v. 6)

x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b33a4fbe4dc9418b132acf778658bcae
SHA-256: f4d20eede8454934986d2a489f685c6ab7f1f9094d2b018cd5a451d1639fc058
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 174f988275e9425a84d2f3e39bace2d8
SHA-256: db8050159c781f6d846cdb766351618c4178bb772336679ab1e2302dd9ce39a3
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 5926f57256f2810b50a2e2b6d1e03d7b
SHA-256: 50c53f00be870ca28133098719d0acb03a6d5463155716d64c37f8d1903b0586
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b430857349bb10a280c2a121773d18b2
SHA-256: 224af587ee903a1a52b3c694093aa7f01868f7e92724b7105d9732453bef12e2
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 9277e0ce51796ec804913c217d689c87
SHA-256: e736222cfe76a2e0047a21c99d7d7e76c3d2580a518e1a9ddd272d94563f1c8c
 
Red Hat Enterprise Linux Server Supplementary (v. 6)

IA-32:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: f6418fb8848d9ee27293e27899cbf10b
SHA-256: 661a15e54532578f799a335924be95215a438faed42992477922650492fb6147
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 44c7d333b9c3967837a3cb0abeebb599
SHA-256: d049604d75d5958f51221762ccd9243e9e78b491d8aa6af165d5d98ab0c4aa19
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: dbde65d89b5e630f2ddd19f9c7973f72
SHA-256: 78bb8086f94b96296542e56a5d8bdd3831706e17adc9673fcdd429f4e7c8c4b1
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 716665226bfb0fd8ab5c35bf86e053aa
SHA-256: a9c22e1115462e2443c99ec29d8903ddd4466b7c01f97b9904f390c21a5ecc0f
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: ebf9cd1290e2194d1a877135759993a9
SHA-256: d30d6ae5caa72e4455e625ec3c063a6ceec2789ec8c8a7ebd9a0fb6a0639fe72
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 5254fa1ef7c9432adc7a81be77c332bb
SHA-256: 48db991bcb2ea7ba7b5306e5795faab9236a806faa5f338d9261d4a179750315
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: bfde932617425f927bf0bbcdbdb94c90
SHA-256: 4144c437cc44b415a3366b7388e71539c58db8dfb3621ba102779d8d8c23bd7b
 
PPC:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm     MD5: a2ebf223c92c406b3e7657871979a75a
SHA-256: c97ea8fee779eb45cb9ebe3e08ecd534928a662ba9873d5accbf16ca5c5f2287
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm     MD5: 723dd4d006315ec1a7b6d055a810d817
SHA-256: 2e5cbb79ea3028e07bdc21030e4116e37216d61f204fc5384fa8735d88e3adfd
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm     MD5: fcf7700b144a41db39f4a143e6bc5a22
SHA-256: dcc6f7d73599aa03e86bf7cf5af3522e058f0d001f8aefeb9ee1fe75e4a08c31
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm     MD5: 4b7523d03e8268d482b0c971ff7af39a
SHA-256: 6657e51c109872f094a6a63bff2899e0a32d21e811d1535ac460e5d682719773
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm     MD5: eb6b3cc30df42ff8e04c9d8a39dd3c51
SHA-256: d71a5b95e05df62f3b7b3d75b9b653262949210ec93ba09631d54edad92e42a3
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.ppc64.rpm     MD5: 635e8c4c8c819d0173234971fefac7e5
SHA-256: eac84fda76ec128e4305f76cf52a0e22d517ec3876dafa0d4c86a2dd1688250b
 
s390x:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm     MD5: 0bd6f47c27240bee0e4bfd7be884bf93
SHA-256: 33f88700615afbeb84094117dbd629eb8b80d90c1965acaca84158c9e51b0294
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm     MD5: 1251aa69dd2cf9bb0b84f38d4104ddb3
SHA-256: d8615c23c08a660fff73fcdd7d8332d7b2389686bb0417fb86a10a5f7dcd952e
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm     MD5: efbdfdc10d3f27dc453b7f8e74e7e105
SHA-256: 751303096ff8730155711acc395de2ea37aa7c45563b795d11ebc440635b52c6
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm     MD5: 482bcee6f98e6520d9fa3862ca6cf64c
SHA-256: 2a064dbf60edad832c2a4f45425f6e7de563185a91e45f804e241b5711e06cce
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.s390x.rpm     MD5: f772dfa19253662089ac409f2564545c
SHA-256: cebb91d786a2780865e7239f330b901e871efe97e455ee111673c4f8305ab407
 
x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b33a4fbe4dc9418b132acf778658bcae
SHA-256: f4d20eede8454934986d2a489f685c6ab7f1f9094d2b018cd5a451d1639fc058
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 174f988275e9425a84d2f3e39bace2d8
SHA-256: db8050159c781f6d846cdb766351618c4178bb772336679ab1e2302dd9ce39a3
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 5926f57256f2810b50a2e2b6d1e03d7b
SHA-256: 50c53f00be870ca28133098719d0acb03a6d5463155716d64c37f8d1903b0586
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b430857349bb10a280c2a121773d18b2
SHA-256: 224af587ee903a1a52b3c694093aa7f01868f7e92724b7105d9732453bef12e2
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b139d8f8e60ae7cee8992d5208ac6a09
SHA-256: dd3a4170ea24b32aa815c15b036774f9a1064d692315057dcd4b724f68fa1cd9
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: dd4c74da3531ca1746561bef6c182d6d
SHA-256: d84ba8277ae8bc8733288baefe9d6c5131832c428d1062002cdaec713c9ee948
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 9277e0ce51796ec804913c217d689c87
SHA-256: e736222cfe76a2e0047a21c99d7d7e76c3d2580a518e1a9ddd272d94563f1c8c
 
Red Hat Enterprise Linux Workstation Supplementary (v. 6)

IA-32:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: f6418fb8848d9ee27293e27899cbf10b
SHA-256: 661a15e54532578f799a335924be95215a438faed42992477922650492fb6147
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 44c7d333b9c3967837a3cb0abeebb599
SHA-256: d049604d75d5958f51221762ccd9243e9e78b491d8aa6af165d5d98ab0c4aa19
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: dbde65d89b5e630f2ddd19f9c7973f72
SHA-256: 78bb8086f94b96296542e56a5d8bdd3831706e17adc9673fcdd429f4e7c8c4b1
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 716665226bfb0fd8ab5c35bf86e053aa
SHA-256: a9c22e1115462e2443c99ec29d8903ddd4466b7c01f97b9904f390c21a5ecc0f
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: ebf9cd1290e2194d1a877135759993a9
SHA-256: d30d6ae5caa72e4455e625ec3c063a6ceec2789ec8c8a7ebd9a0fb6a0639fe72
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: 5254fa1ef7c9432adc7a81be77c332bb
SHA-256: 48db991bcb2ea7ba7b5306e5795faab9236a806faa5f338d9261d4a179750315
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.i686.rpm     MD5: bfde932617425f927bf0bbcdbdb94c90
SHA-256: 4144c437cc44b415a3366b7388e71539c58db8dfb3621ba102779d8d8c23bd7b
 
x86_64:
java-1.6.0-ibm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b33a4fbe4dc9418b132acf778658bcae
SHA-256: f4d20eede8454934986d2a489f685c6ab7f1f9094d2b018cd5a451d1639fc058
java-1.6.0-ibm-demo-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 174f988275e9425a84d2f3e39bace2d8
SHA-256: db8050159c781f6d846cdb766351618c4178bb772336679ab1e2302dd9ce39a3
java-1.6.0-ibm-devel-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 5926f57256f2810b50a2e2b6d1e03d7b
SHA-256: 50c53f00be870ca28133098719d0acb03a6d5463155716d64c37f8d1903b0586
java-1.6.0-ibm-javacomm-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b430857349bb10a280c2a121773d18b2
SHA-256: 224af587ee903a1a52b3c694093aa7f01868f7e92724b7105d9732453bef12e2
java-1.6.0-ibm-jdbc-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: b139d8f8e60ae7cee8992d5208ac6a09
SHA-256: dd3a4170ea24b32aa815c15b036774f9a1064d692315057dcd4b724f68fa1cd9
java-1.6.0-ibm-plugin-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: dd4c74da3531ca1746561bef6c182d6d
SHA-256: d84ba8277ae8bc8733288baefe9d6c5131832c428d1062002cdaec713c9ee948
java-1.6.0-ibm-src-1.6.0.16.45-1jpp.1.el6_9.x86_64.rpm     MD5: 9277e0ce51796ec804913c217d689c87
SHA-256: e736222cfe76a2e0047a21c99d7d7e76c3d2580a518e1a9ddd272d94563f1c8c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1402345 - CVE-2016-9840 zlib: Out-of-bounds pointer arithmetic in inftrees.c
1402346 - CVE-2016-9841 zlib: Out-of-bounds pointer arithmetic in inffast.c
1402348 - CVE-2016-9842 zlib: Undefined left shift of negative number
1402351 - CVE-2016-9843 zlib: Big-endian out-of-bounds pointer
1443052 - CVE-2017-3509 OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
1443068 - CVE-2017-3544 OpenJDK: newline injection in the SMTP client (Networking, 8171533)
1443083 - CVE-2017-3533 OpenJDK: newline injection in the FTP client (Networking, 8170222)
1443097 - CVE-2017-3539 OpenJDK: MD5 allowed for jar verification (Security, 8171121)
1449603 - CVE-2017-1289 IBM JDK: XML External Entity Injection (XXE) error when processing XML data


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/