Skip to navigation

Security Advisory Critical: java-1.6.0-sun security update

Advisory: RHSA-2009:1200-1
Type: Security Advisory
Severity: Critical
Issued on: 2009-08-06
Last updated on: 2009-08-06
Affected Products: RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)
RHEL Supplementary EUS (v. 5.3.z server)
RHEL Supplementary Long Life (v. 5.3 server)
Red Hat Enterprise Linux Extras (v. 4)
Red Hat Enterprise Linux Extras (v. 4.8.z)
CVEs (cve.mitre.org): CVE-2009-0217
CVE-2009-2475
CVE-2009-2476
CVE-2009-2625
CVE-2009-2670
CVE-2009-2671
CVE-2009-2672
CVE-2009-2673
CVE-2009-2674
CVE-2009-2675
CVE-2009-2676
CVE-2009-2690
CVE-2009-2716
CVE-2009-2718
CVE-2009-2719
CVE-2009-2720

Details

Updated java-1.6.0-sun packages that correct several security issues are
now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. These
vulnerabilities are summarized on the "Advance notification of Security
Updates for Java SE" page from Sun Microsystems, listed in the References
section. (CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625,
CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674,
CVE-2009-2675, CVE-2009-2676, CVE-2009-2690)

Users of java-1.6.0-sun should upgrade to these updated packages, which
correct these issues. All running instances of Sun Java must be restarted
for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Supplementary (v. 5 client)

IA-32:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 3bb8e2ef077a9119438b57ae19acc995
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 9b2a91f8231673820d0b2a1b37ac5f22
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 5428044e798c8bf3ca6e4cf39e367f79
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 0890d98799507cc7193b56f0a85f69bd
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: ec237283e3ba3592f9fb07a98e1e6a67
 
x86_64:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 7b8094009d12784b96439ae19e9a0da5
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 9720727605ddd0ab42ef3a51efaa24b5
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 1cc37dec287cc33fb8066440ec155807
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 57630e6723d493eb2bc70cd200c7d9f1
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: d379fec5ad9deb38acf7bfcec909a22c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 5620e58f76ee1cc9c7d6414580eec8f4
 
RHEL Supplementary (v. 5 server)

IA-32:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 3bb8e2ef077a9119438b57ae19acc995
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 9b2a91f8231673820d0b2a1b37ac5f22
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 5428044e798c8bf3ca6e4cf39e367f79
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 0890d98799507cc7193b56f0a85f69bd
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: ec237283e3ba3592f9fb07a98e1e6a67
 
x86_64:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 7b8094009d12784b96439ae19e9a0da5
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 9720727605ddd0ab42ef3a51efaa24b5
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 1cc37dec287cc33fb8066440ec155807
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 57630e6723d493eb2bc70cd200c7d9f1
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: d379fec5ad9deb38acf7bfcec909a22c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 5620e58f76ee1cc9c7d6414580eec8f4
 
RHEL Supplementary EUS (v. 5.3.z server)

IA-32:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 3bb8e2ef077a9119438b57ae19acc995
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 9b2a91f8231673820d0b2a1b37ac5f22
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 5428044e798c8bf3ca6e4cf39e367f79
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 0890d98799507cc7193b56f0a85f69bd
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: ec237283e3ba3592f9fb07a98e1e6a67
 
x86_64:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 7b8094009d12784b96439ae19e9a0da5
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 9720727605ddd0ab42ef3a51efaa24b5
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 1cc37dec287cc33fb8066440ec155807
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 57630e6723d493eb2bc70cd200c7d9f1
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: d379fec5ad9deb38acf7bfcec909a22c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 5620e58f76ee1cc9c7d6414580eec8f4
 
RHEL Supplementary Long Life (v. 5.3 server)

IA-32:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 3bb8e2ef077a9119438b57ae19acc995
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 9b2a91f8231673820d0b2a1b37ac5f22
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 5428044e798c8bf3ca6e4cf39e367f79
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 0890d98799507cc7193b56f0a85f69bd
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: ec237283e3ba3592f9fb07a98e1e6a67
 
x86_64:
java-1.6.0-sun-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 7b8094009d12784b96439ae19e9a0da5
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 9720727605ddd0ab42ef3a51efaa24b5
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 1cc37dec287cc33fb8066440ec155807
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 57630e6723d493eb2bc70cd200c7d9f1
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.i586.rpm     MD5: 001994a002fdb35996dc937c6e91cc9c
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: d379fec5ad9deb38acf7bfcec909a22c
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el5.x86_64.rpm     MD5: 5620e58f76ee1cc9c7d6414580eec8f4
 
Red Hat Enterprise Linux Extras (v. 4)

IA-32:
java-1.6.0-sun-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 718726066092d0bad6b31fc7d19c1a1f
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 483a174e2c188feb7d752f8c0b769af0
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: e5b4c7684636d8d4b3f8ba5b98a10138
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: c25ca271893e0513b3f984a34d3dc67f
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: aad34ef1600eaa0a913292d43ccd6036
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHSA-2012:0139
    MD5: 8ba513f8307100748af4814fb085bd0a
 
x86_64:
java-1.6.0-sun-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 8e03116cdb292715c4d10109914e2417
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 0676cb12a9e5ac58c2340f460e5c7871
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 71f241a4233dd27f0c0bfe61405f2f8d
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: b728d04a13092a80bd21920d8b5e2bff
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: 988f87505ce519784fe75843b0cc4b2d
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHSA-2012:0139
    MD5: fe38dd6a4e595ac8cb04d8db07b3c7d7
 
Red Hat Enterprise Linux Extras (v. 4.8.z)

IA-32:
java-1.6.0-sun-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 718726066092d0bad6b31fc7d19c1a1f
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 483a174e2c188feb7d752f8c0b769af0
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: e5b4c7684636d8d4b3f8ba5b98a10138
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: c25ca271893e0513b3f984a34d3dc67f
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: aad34ef1600eaa0a913292d43ccd6036
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el4.i586.rpm
File outdated by:  RHBA-2011:0835
    MD5: 8ba513f8307100748af4814fb085bd0a
 
x86_64:
java-1.6.0-sun-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 8e03116cdb292715c4d10109914e2417
java-1.6.0-sun-demo-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 0676cb12a9e5ac58c2340f460e5c7871
java-1.6.0-sun-devel-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 71f241a4233dd27f0c0bfe61405f2f8d
java-1.6.0-sun-jdbc-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: b728d04a13092a80bd21920d8b5e2bff
java-1.6.0-sun-plugin-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: 988f87505ce519784fe75843b0cc4b2d
java-1.6.0-sun-src-1.6.0.15-1jpp.1.el4.x86_64.rpm
File outdated by:  RHBA-2011:0835
    MD5: fe38dd6a4e595ac8cb04d8db07b3c7d7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

511915 - CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
512896 - CVE-2009-2670 OpenJDK Untrusted applet System properties access (6738524)
512907 - CVE-2009-2671 CVE-2009-2672 OpenJDK Proxy mechanism information leaks (6801071)
512914 - CVE-2009-2673 OpenJDK proxy mechanism allows non-authorized socket connections (6801497)
512915 - CVE-2009-2674 Java Web Start Buffer JPEG processing integer overflow (6823373)
512920 - CVE-2009-2675 Java Web Start Buffer unpack200 processing integer overflow (6830335)
512921 - CVE-2009-2625 OpenJDK XML parsing Denial-Of-Service (6845701)
513215 - CVE-2009-2475 OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
513220 - CVE-2009-2476 OpenJDK OpenType checks can be bypassed (6736293)
513223 - CVE-2009-2690 OpenJDK private variable information disclosure (6777487)
515890 - CVE-2009-2676 JRE applet launcher vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/