Security Advisory Important: java-1.6.0-openjdk security and bug fix update

Advisory: RHSA-2014:0408-1
Type: Security Advisory
Severity: Important
Issued on: 2014-04-16
Last updated on: 2014-04-16
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2014-0429
CVE-2014-0446
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2403
CVE-2014-2412
CVE-2014-2414
CVE-2014-2421
CVE-2014-2423
CVE-2014-2427

Details

Updated java-1.6.0-openjdk packages that fix various security issues and
one bug are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)

Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)

Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0461)

Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,
CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)

Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)

It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)

It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)

It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)

An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)

This update also fixes the following bug:

* The OpenJDK update to IcedTea version 1.13 introduced a regression
related to the handling of the jdk_version_info variable. This variable was
not properly zeroed out before being passed to the Java Virtual Machine,
resulting in a memory leak in the java.lang.ref.Finalizer class.
This update fixes this issue, and memory leaks no longer occur.
(BZ#1085373)

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: 2a5109dc06a63ee3b385c1edd0a7e27a
SHA-256: cc967230b6d6aab5f86f55b7c053aa83e046d3faead8c0f6057265bc3400dae7
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: 589b45681bfeb07cf5563ad8ea4c53a6
SHA-256: d734b236bef753a533288ba44345104e408a03e0ec773af7317652d40214d42f
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: d3d254f30acc1e7884ac6c7a0c53e4e3
SHA-256: d1d3c1e5f62da345c8c28211b4f906ec4de17cfc10944e96dac9e9c6c4efb348
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: a3eaa3704922ca71efb640bffd3e0dce
SHA-256: 17c68acaa3aec659ed866cf44956131bffdcf22e8879ebbc9172a046e73f63ba
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: d3afd78b180676d6bbfa9d33bf920cac
SHA-256: c873cc9e5b552f5ac5017283c2dc10651b7c54a48fb2ec30d41558c7f7feb80a
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: 79831168b207485aef17a76e4853e149
SHA-256: 108073dcfd83e9c09aec8a8a2e0a8d00977f43e187b7334f65bfe384e98eeb2b
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: f241bea97ec57a582944bac7aaf2a2ee
SHA-256: dfd73a65831b899c7745cd6af9fc154c8c9753e1cba3f46e9295a15f9e7b19a1
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: edf27d9c0e9b6869cca19f7253ed169e
SHA-256: f0faf148552b8ec576d829a8862eecbdc10f8c1a027e1a9da9eea44e443b7d9b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: f3793c1039da744f1045b4264e7accb3
SHA-256: eb61211f1966ece1ab85836ca6a6a36889f66e7aa35fa0e54f34029669d6b471
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: fe2d6d3256148010d23d86439529e0ed
SHA-256: b4b284dec167d341950076a451126abf30bf2b45610a9d4c423cca2167367cd3
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: e7eca1468f66dd9ad556ffd39de5a453
SHA-256: d1cb1904ce342153de215c6ca93c2232934bcb31dbd4e68c6ff58e9dca0699ee
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 04b0a328471c3112f98463b7d04a3858
SHA-256: e1bbd51b9ed41559a7c5a8435f6ecba0359cc25de989c80260147dc48ca80eea
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 5c5fe02dbdeb53ba134871868e4e3988
SHA-256: 10f95e751d2fc1a69f7445195ccb72c1bc0f8bfc10d8e8ccfa01dcc69c9da27a
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: 2a5109dc06a63ee3b385c1edd0a7e27a
SHA-256: cc967230b6d6aab5f86f55b7c053aa83e046d3faead8c0f6057265bc3400dae7
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: 589b45681bfeb07cf5563ad8ea4c53a6
SHA-256: d734b236bef753a533288ba44345104e408a03e0ec773af7317652d40214d42f
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: d3d254f30acc1e7884ac6c7a0c53e4e3
SHA-256: d1d3c1e5f62da345c8c28211b4f906ec4de17cfc10944e96dac9e9c6c4efb348
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: a3eaa3704922ca71efb640bffd3e0dce
SHA-256: 17c68acaa3aec659ed866cf44956131bffdcf22e8879ebbc9172a046e73f63ba
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: d3afd78b180676d6bbfa9d33bf920cac
SHA-256: c873cc9e5b552f5ac5017283c2dc10651b7c54a48fb2ec30d41558c7f7feb80a
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: 79831168b207485aef17a76e4853e149
SHA-256: 108073dcfd83e9c09aec8a8a2e0a8d00977f43e187b7334f65bfe384e98eeb2b
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.i386.rpm
File outdated by:  RHSA-2015:0808
    MD5: f241bea97ec57a582944bac7aaf2a2ee
SHA-256: dfd73a65831b899c7745cd6af9fc154c8c9753e1cba3f46e9295a15f9e7b19a1
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: edf27d9c0e9b6869cca19f7253ed169e
SHA-256: f0faf148552b8ec576d829a8862eecbdc10f8c1a027e1a9da9eea44e443b7d9b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: f3793c1039da744f1045b4264e7accb3
SHA-256: eb61211f1966ece1ab85836ca6a6a36889f66e7aa35fa0e54f34029669d6b471
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: fe2d6d3256148010d23d86439529e0ed
SHA-256: b4b284dec167d341950076a451126abf30bf2b45610a9d4c423cca2167367cd3
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: e7eca1468f66dd9ad556ffd39de5a453
SHA-256: d1cb1904ce342153de215c6ca93c2232934bcb31dbd4e68c6ff58e9dca0699ee
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 04b0a328471c3112f98463b7d04a3858
SHA-256: e1bbd51b9ed41559a7c5a8435f6ecba0359cc25de989c80260147dc48ca80eea
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 5c5fe02dbdeb53ba134871868e4e3988
SHA-256: 10f95e751d2fc1a69f7445195ccb72c1bc0f8bfc10d8e8ccfa01dcc69c9da27a
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: e5bc27be139d946e19fa377b4d3e084b
SHA-256: ec5101edfbf1a9967e1f957bb11bb03898bf07340c89a32da44a5a5167b47dae
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 85b08c0161e21f31219b3def30fe2da0
SHA-256: c256c144ab5b12a72f6caaafe5148dc0e4032939e11bed993fff6c651f6af14e
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 7ebc7b6a7530fbd82a3b1ed2168dc3fb
SHA-256: 72e52d794548f709c223f5dbed8af4a6ba029dbb1d911280f966d166de17640f
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 618c0230db0c72eec41ae86684d9c257
SHA-256: 199ceaadb3541c24b04983fbe8d749a4fa69e9832f6942657ad6695a39e00d46
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: d02100bb3a3818d96e7540dd682f9ed2
SHA-256: d8dbf19cce2299e82745edef144edf2900022185cef41452145c82bd6a7748fc
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 430dede6b41e4f0c6a8927cdf06947bd
SHA-256: 9a44d6bff125f84527e1ff102494d2fc018fd0f9e9122d60c4134ba9eb3c4f9d
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: b071b39a5157f13880de71b3006c3f37
SHA-256: b6ab67b8926512bd0644b8e90b74deeb05fa97d1bccf2e385da2dd43f41f7c35
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 27aae955f1e8ddcb72a3f31529134e4d
SHA-256: 6c25de69f2458fb1d3304518a02e3731bb4f9edac8145d7497bbc97a9f48826b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 280ec6c5ae4ac5985067d86a7f2bdef7
SHA-256: ee436d951b94a06cd94ff8b58674e0df671d53772cf33be63725988311021b8a
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: a103922dede0c97174cd515e58987ad5
SHA-256: b544460bfb179f164a68b348a0638adb4123a44248f6e493f3955649bb9b2411
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: b24c2df5231bb3f1090ed9ded99b4e87
SHA-256: 731cf13f73984128b70f60edd8af0d24a09916e391e93ff1f87bd677ac9b168f
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 1ad477a4d3bc198c02338b8e51360845
SHA-256: d5db9f63a690606caa9fcf2f45912c218b3b4467729d9fae09231767ca9298fc
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 2370b6d9226e831314559194063fa52d
SHA-256: 945886418b2e96076d91960258a2911b5a64085a02b978d80d44247e92e68474
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: e5bc27be139d946e19fa377b4d3e084b
SHA-256: ec5101edfbf1a9967e1f957bb11bb03898bf07340c89a32da44a5a5167b47dae
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 27aae955f1e8ddcb72a3f31529134e4d
SHA-256: 6c25de69f2458fb1d3304518a02e3731bb4f9edac8145d7497bbc97a9f48826b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 280ec6c5ae4ac5985067d86a7f2bdef7
SHA-256: ee436d951b94a06cd94ff8b58674e0df671d53772cf33be63725988311021b8a
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: a103922dede0c97174cd515e58987ad5
SHA-256: b544460bfb179f164a68b348a0638adb4123a44248f6e493f3955649bb9b2411
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: b24c2df5231bb3f1090ed9ded99b4e87
SHA-256: 731cf13f73984128b70f60edd8af0d24a09916e391e93ff1f87bd677ac9b168f
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 1ad477a4d3bc198c02338b8e51360845
SHA-256: d5db9f63a690606caa9fcf2f45912c218b3b4467729d9fae09231767ca9298fc
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 2370b6d9226e831314559194063fa52d
SHA-256: 945886418b2e96076d91960258a2911b5a64085a02b978d80d44247e92e68474
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: e5bc27be139d946e19fa377b4d3e084b
SHA-256: ec5101edfbf1a9967e1f957bb11bb03898bf07340c89a32da44a5a5167b47dae
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 85b08c0161e21f31219b3def30fe2da0
SHA-256: c256c144ab5b12a72f6caaafe5148dc0e4032939e11bed993fff6c651f6af14e
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 7ebc7b6a7530fbd82a3b1ed2168dc3fb
SHA-256: 72e52d794548f709c223f5dbed8af4a6ba029dbb1d911280f966d166de17640f
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 618c0230db0c72eec41ae86684d9c257
SHA-256: 199ceaadb3541c24b04983fbe8d749a4fa69e9832f6942657ad6695a39e00d46
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: d02100bb3a3818d96e7540dd682f9ed2
SHA-256: d8dbf19cce2299e82745edef144edf2900022185cef41452145c82bd6a7748fc
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 430dede6b41e4f0c6a8927cdf06947bd
SHA-256: 9a44d6bff125f84527e1ff102494d2fc018fd0f9e9122d60c4134ba9eb3c4f9d
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: b071b39a5157f13880de71b3006c3f37
SHA-256: b6ab67b8926512bd0644b8e90b74deeb05fa97d1bccf2e385da2dd43f41f7c35
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 27aae955f1e8ddcb72a3f31529134e4d
SHA-256: 6c25de69f2458fb1d3304518a02e3731bb4f9edac8145d7497bbc97a9f48826b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 280ec6c5ae4ac5985067d86a7f2bdef7
SHA-256: ee436d951b94a06cd94ff8b58674e0df671d53772cf33be63725988311021b8a
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: a103922dede0c97174cd515e58987ad5
SHA-256: b544460bfb179f164a68b348a0638adb4123a44248f6e493f3955649bb9b2411
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: b24c2df5231bb3f1090ed9ded99b4e87
SHA-256: 731cf13f73984128b70f60edd8af0d24a09916e391e93ff1f87bd677ac9b168f
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 1ad477a4d3bc198c02338b8e51360845
SHA-256: d5db9f63a690606caa9fcf2f45912c218b3b4467729d9fae09231767ca9298fc
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 2370b6d9226e831314559194063fa52d
SHA-256: 945886418b2e96076d91960258a2911b5a64085a02b978d80d44247e92e68474
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: e5bc27be139d946e19fa377b4d3e084b
SHA-256: ec5101edfbf1a9967e1f957bb11bb03898bf07340c89a32da44a5a5167b47dae
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 27aae955f1e8ddcb72a3f31529134e4d
SHA-256: 6c25de69f2458fb1d3304518a02e3731bb4f9edac8145d7497bbc97a9f48826b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 280ec6c5ae4ac5985067d86a7f2bdef7
SHA-256: ee436d951b94a06cd94ff8b58674e0df671d53772cf33be63725988311021b8a
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: a103922dede0c97174cd515e58987ad5
SHA-256: b544460bfb179f164a68b348a0638adb4123a44248f6e493f3955649bb9b2411
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: b24c2df5231bb3f1090ed9ded99b4e87
SHA-256: 731cf13f73984128b70f60edd8af0d24a09916e391e93ff1f87bd677ac9b168f
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 1ad477a4d3bc198c02338b8e51360845
SHA-256: d5db9f63a690606caa9fcf2f45912c218b3b4467729d9fae09231767ca9298fc
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 2370b6d9226e831314559194063fa52d
SHA-256: 945886418b2e96076d91960258a2911b5a64085a02b978d80d44247e92e68474
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: e5bc27be139d946e19fa377b4d3e084b
SHA-256: ec5101edfbf1a9967e1f957bb11bb03898bf07340c89a32da44a5a5167b47dae
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHBA-2014:1113
    MD5: 85b08c0161e21f31219b3def30fe2da0
SHA-256: c256c144ab5b12a72f6caaafe5148dc0e4032939e11bed993fff6c651f6af14e
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHBA-2014:1113
    MD5: 7ebc7b6a7530fbd82a3b1ed2168dc3fb
SHA-256: 72e52d794548f709c223f5dbed8af4a6ba029dbb1d911280f966d166de17640f
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHBA-2014:1113
    MD5: 618c0230db0c72eec41ae86684d9c257
SHA-256: 199ceaadb3541c24b04983fbe8d749a4fa69e9832f6942657ad6695a39e00d46
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHBA-2014:1113
    MD5: d02100bb3a3818d96e7540dd682f9ed2
SHA-256: d8dbf19cce2299e82745edef144edf2900022185cef41452145c82bd6a7748fc
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHBA-2014:1113
    MD5: 430dede6b41e4f0c6a8927cdf06947bd
SHA-256: 9a44d6bff125f84527e1ff102494d2fc018fd0f9e9122d60c4134ba9eb3c4f9d
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHBA-2014:1113
    MD5: b071b39a5157f13880de71b3006c3f37
SHA-256: b6ab67b8926512bd0644b8e90b74deeb05fa97d1bccf2e385da2dd43f41f7c35
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 27aae955f1e8ddcb72a3f31529134e4d
SHA-256: 6c25de69f2458fb1d3304518a02e3731bb4f9edac8145d7497bbc97a9f48826b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 280ec6c5ae4ac5985067d86a7f2bdef7
SHA-256: ee436d951b94a06cd94ff8b58674e0df671d53772cf33be63725988311021b8a
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: a103922dede0c97174cd515e58987ad5
SHA-256: b544460bfb179f164a68b348a0638adb4123a44248f6e493f3955649bb9b2411
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: b24c2df5231bb3f1090ed9ded99b4e87
SHA-256: 731cf13f73984128b70f60edd8af0d24a09916e391e93ff1f87bd677ac9b168f
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 1ad477a4d3bc198c02338b8e51360845
SHA-256: d5db9f63a690606caa9fcf2f45912c218b3b4467729d9fae09231767ca9298fc
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1113
    MD5: 2370b6d9226e831314559194063fa52d
SHA-256: 945886418b2e96076d91960258a2911b5a64085a02b978d80d44247e92e68474
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.src.rpm
File outdated by:  RHSA-2015:0808
    MD5: e5bc27be139d946e19fa377b4d3e084b
SHA-256: ec5101edfbf1a9967e1f957bb11bb03898bf07340c89a32da44a5a5167b47dae
 
IA-32:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 85b08c0161e21f31219b3def30fe2da0
SHA-256: c256c144ab5b12a72f6caaafe5148dc0e4032939e11bed993fff6c651f6af14e
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 7ebc7b6a7530fbd82a3b1ed2168dc3fb
SHA-256: 72e52d794548f709c223f5dbed8af4a6ba029dbb1d911280f966d166de17640f
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 618c0230db0c72eec41ae86684d9c257
SHA-256: 199ceaadb3541c24b04983fbe8d749a4fa69e9832f6942657ad6695a39e00d46
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: d02100bb3a3818d96e7540dd682f9ed2
SHA-256: d8dbf19cce2299e82745edef144edf2900022185cef41452145c82bd6a7748fc
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: 430dede6b41e4f0c6a8927cdf06947bd
SHA-256: 9a44d6bff125f84527e1ff102494d2fc018fd0f9e9122d60c4134ba9eb3c4f9d
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.i686.rpm
File outdated by:  RHSA-2015:0808
    MD5: b071b39a5157f13880de71b3006c3f37
SHA-256: b6ab67b8926512bd0644b8e90b74deeb05fa97d1bccf2e385da2dd43f41f7c35
 
x86_64:
java-1.6.0-openjdk-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 27aae955f1e8ddcb72a3f31529134e4d
SHA-256: 6c25de69f2458fb1d3304518a02e3731bb4f9edac8145d7497bbc97a9f48826b
java-1.6.0-openjdk-debuginfo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 280ec6c5ae4ac5985067d86a7f2bdef7
SHA-256: ee436d951b94a06cd94ff8b58674e0df671d53772cf33be63725988311021b8a
java-1.6.0-openjdk-demo-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: a103922dede0c97174cd515e58987ad5
SHA-256: b544460bfb179f164a68b348a0638adb4123a44248f6e493f3955649bb9b2411
java-1.6.0-openjdk-devel-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: b24c2df5231bb3f1090ed9ded99b4e87
SHA-256: 731cf13f73984128b70f60edd8af0d24a09916e391e93ff1f87bd677ac9b168f
java-1.6.0-openjdk-javadoc-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 1ad477a4d3bc198c02338b8e51360845
SHA-256: d5db9f63a690606caa9fcf2f45912c218b3b4467729d9fae09231767ca9298fc
java-1.6.0-openjdk-src-1.6.0.0-5.1.13.3.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:0808
    MD5: 2370b6d9226e831314559194063fa52d
SHA-256: 945886418b2e96076d91960258a2911b5a64085a02b978d80d44247e92e68474
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)
1085373 - java.lang.ref.Finalizer leak when upgrading from 1.62 to 1.66
1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)
1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766)
1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)
1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854)
1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)
1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)
1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010)
1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)
1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)
1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740)
1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)
1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/