Security Advisory Critical: java-1.7.0-oracle security update

Advisory: RHSA-2014:0413-3
Type: Security Advisory
Severity: Critical
Issued on: 2014-04-17
Last updated on: 2014-05-12
Affected Products: Oracle Java for RHEL (v. 5 server)
Oracle Java for RHEL Desktop (v. 5 client)
Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)
Oracle Java for Red Hat Enterprise Linux Server (v. 6)
Oracle Java for Red Hat Enterprise Linux Server AUS (v. 6.5)
Oracle Java for Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-6629
CVE-2013-6954
CVE-2014-0429
CVE-2014-0432
CVE-2014-0446
CVE-2014-0448
CVE-2014-0449
CVE-2014-0451
CVE-2014-0452
CVE-2014-0453
CVE-2014-0454
CVE-2014-0455
CVE-2014-0456
CVE-2014-0457
CVE-2014-0458
CVE-2014-0459
CVE-2014-0460
CVE-2014-0461
CVE-2014-1876
CVE-2014-2397
CVE-2014-2398
CVE-2014-2401
CVE-2014-2402
CVE-2014-2403
CVE-2014-2409
CVE-2014-2412
CVE-2014-2413
CVE-2014-2414
CVE-2014-2420
CVE-2014-2421
CVE-2014-2422
CVE-2014-2423
CVE-2014-2427
CVE-2014-2428

Details

Updated java-1.7.0-oracle packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

[Updated 12th May 2014]
The package list in this erratum has been updated to make the packages
available in the Oracle Java for Red Hat Enterprise Linux 6 Workstation
x86_64 channels on the Red Hat Network.

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446,
CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397,
CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409,
CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421,
CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)

All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 55 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Oracle Java for RHEL (v. 5 server)

IA-32:
java-1.7.0-oracle-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: 352c12d960484645d2b1ec3c64eebdea
SHA-256: 1100a16a527d16b02c7a9b0bda353a2c011754d561d3d7e8c5a6fe6bfbc4abe5
java-1.7.0-oracle-devel-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: f6ce6965fe764ce7290318e8272bb5e3
SHA-256: a5cda073fc6a81fc5729e39c4ef097a9441a0dab888eaa0b55e48e5c61702869
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: 8c7025d660636b4be400c094bd98e5af
SHA-256: ca978cd7887f17a76ce314ad13852efff4dc167718b3ee7a14019bd890877ac1
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: e590eab3db38aa8eb4ad829d859a1926
SHA-256: 659a07d5e374875f050bf040e9c96afdfcfbb4e58da3f759baf00576b7df3de2
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: d1249819a39d4a75cfa7f5d6669e3b90
SHA-256: f172e9d71390cc8174cdb3b119642cf3c8cb51a59eeee7d1383014170df40df7
java-1.7.0-oracle-src-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: f1bc3e4ac4180253a08eecf851b6dc9e
SHA-256: 1f3e065dbb58631431f759fdc1150494c70942c65273c591d8bfea52dabb8230
 
x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 4946a82931c2bbb93f32963ba4610d07
SHA-256: 7d09d7adfcc4184cb230ce244cc52bd29e62d86f3175ef1b63df1a3c61a8dc26
java-1.7.0-oracle-devel-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: a300a3c43f8d13d6fd47c59816da815d
SHA-256: ee0c2cb24d947b0a3cdcc789ab67c3278de936710d9eed7e82c3396ed8073407
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: abbbd10d617a4e6732af5d3ef3f6e065
SHA-256: e05eb00e362f979338885a12996260814388bf97d63aadeb5f752119ac91ebf1
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: e0d795387a588436eefdb274f87c120d
SHA-256: 2f3632396464cf5780f0a2747427f415f3ce881e4766921ce578e20a92eba581
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 5461662f51cf22b5cdcd45defae7911e
SHA-256: dee50bfae116633219634eb980ec60e355ff6a3e7bb203f52b58ec8527d9c63d
java-1.7.0-oracle-src-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: f393808ad7b36623fc409c9acb0b2596
SHA-256: dbc93ba3c3fb6ae4fcd8bd93595c6390a2e0c1cbbb18787699dfd90bc64dab8f
 
Oracle Java for RHEL Desktop (v. 5 client)

IA-32:
java-1.7.0-oracle-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: 352c12d960484645d2b1ec3c64eebdea
SHA-256: 1100a16a527d16b02c7a9b0bda353a2c011754d561d3d7e8c5a6fe6bfbc4abe5
java-1.7.0-oracle-devel-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: f6ce6965fe764ce7290318e8272bb5e3
SHA-256: a5cda073fc6a81fc5729e39c4ef097a9441a0dab888eaa0b55e48e5c61702869
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: 8c7025d660636b4be400c094bd98e5af
SHA-256: ca978cd7887f17a76ce314ad13852efff4dc167718b3ee7a14019bd890877ac1
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: e590eab3db38aa8eb4ad829d859a1926
SHA-256: 659a07d5e374875f050bf040e9c96afdfcfbb4e58da3f759baf00576b7df3de2
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: d1249819a39d4a75cfa7f5d6669e3b90
SHA-256: f172e9d71390cc8174cdb3b119642cf3c8cb51a59eeee7d1383014170df40df7
java-1.7.0-oracle-src-1.7.0.55-1jpp.2.el5_10.i386.rpm     MD5: f1bc3e4ac4180253a08eecf851b6dc9e
SHA-256: 1f3e065dbb58631431f759fdc1150494c70942c65273c591d8bfea52dabb8230
 
x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 4946a82931c2bbb93f32963ba4610d07
SHA-256: 7d09d7adfcc4184cb230ce244cc52bd29e62d86f3175ef1b63df1a3c61a8dc26
java-1.7.0-oracle-devel-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: a300a3c43f8d13d6fd47c59816da815d
SHA-256: ee0c2cb24d947b0a3cdcc789ab67c3278de936710d9eed7e82c3396ed8073407
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: abbbd10d617a4e6732af5d3ef3f6e065
SHA-256: e05eb00e362f979338885a12996260814388bf97d63aadeb5f752119ac91ebf1
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: e0d795387a588436eefdb274f87c120d
SHA-256: 2f3632396464cf5780f0a2747427f415f3ce881e4766921ce578e20a92eba581
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 5461662f51cf22b5cdcd45defae7911e
SHA-256: dee50bfae116633219634eb980ec60e355ff6a3e7bb203f52b58ec8527d9c63d
java-1.7.0-oracle-src-1.7.0.55-1jpp.2.el5_10.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: f393808ad7b36623fc409c9acb0b2596
SHA-256: dbc93ba3c3fb6ae4fcd8bd93595c6390a2e0c1cbbb18787699dfd90bc64dab8f
 
Oracle Java for Red Hat Enterprise Linux Desktop (v. 6)

IA-32:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 380b220501c9feb62ad8a3f95cc62e18
SHA-256: e7aebde2444fac4cef048b5da2c7c72bb26be94dc26cba222f5cd83cc9e92cf8
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 0032d79072a3a9cd227f2dcd1c3002dd
SHA-256: 40712c86fe63c6806a755608431a12ac22d20c0b510043c121df0d8453cf20ef
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 0db498fd5e4985c987a284fd70676185
SHA-256: 944601704c85d7a2f8feb95b557899f48a7555371e8ca87d361a60883015cd98
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 83f1a1256837f2a98555b4de551bd5ff
SHA-256: 5dec0ad9af4147a244d6cb1011bb5491caa60909298368c9af79323b1161fa53
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: ab981c8fc253579c0b3629a0d2dab4a5
SHA-256: 1c58b9bf21a5614de82507b4f82d3e61b1463dc1cf8ad78cdd6ff3800a01c8e8
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: f3c4ea753bea066f24175fca40a9abee
SHA-256: c2a9ff8d128d7c6fc86ecea14981798f24444b4618f401fa9134adc991f9ac65
 
x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: d348ac0d02d2dbfa45e62f9a13e1cb09
SHA-256: 8d359e270765ce32d17dc50bebaa64c9f5bd67938304d1d189cd1d1965bc688d
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e6c569af618c4069f3a44d44dd1560b
SHA-256: 827a6de013d409ff37c5b29dabb09187a72b96e7a3c2635ee2ac6bd0f6fd215e
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e56ad5aabe6873574aa180914362636
SHA-256: 303aa9675076933af1603972f51fe791507ed884196878c868903bf8dca43948
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 87ebb0bb7cc3dfe830af093db280b8ff
SHA-256: 556178bd2accbcb1e00caf72fca98d1949b688a567ef590d52f06a01a1f3d4d0
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: c6c9aa7e0eedc390912885ce2897c1fa
SHA-256: d7abf17ff939dfb0a95c52c3bab1baed050babd6af3481cdf88653b2fa122a88
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: aae0d9fce448196708e47b311a18281f
SHA-256: f7c53d58822d327c0edd2cc85ba5da95f4754c43601c6cbd476237cabddd4d47
 
Oracle Java for Red Hat Enterprise Linux HPC Node (v. 6)

x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: d348ac0d02d2dbfa45e62f9a13e1cb09
SHA-256: 8d359e270765ce32d17dc50bebaa64c9f5bd67938304d1d189cd1d1965bc688d
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e6c569af618c4069f3a44d44dd1560b
SHA-256: 827a6de013d409ff37c5b29dabb09187a72b96e7a3c2635ee2ac6bd0f6fd215e
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e56ad5aabe6873574aa180914362636
SHA-256: 303aa9675076933af1603972f51fe791507ed884196878c868903bf8dca43948
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: aae0d9fce448196708e47b311a18281f
SHA-256: f7c53d58822d327c0edd2cc85ba5da95f4754c43601c6cbd476237cabddd4d47
 
Oracle Java for Red Hat Enterprise Linux Server (v. 6)

IA-32:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 380b220501c9feb62ad8a3f95cc62e18
SHA-256: e7aebde2444fac4cef048b5da2c7c72bb26be94dc26cba222f5cd83cc9e92cf8
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 0032d79072a3a9cd227f2dcd1c3002dd
SHA-256: 40712c86fe63c6806a755608431a12ac22d20c0b510043c121df0d8453cf20ef
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 0db498fd5e4985c987a284fd70676185
SHA-256: 944601704c85d7a2f8feb95b557899f48a7555371e8ca87d361a60883015cd98
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 83f1a1256837f2a98555b4de551bd5ff
SHA-256: 5dec0ad9af4147a244d6cb1011bb5491caa60909298368c9af79323b1161fa53
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: ab981c8fc253579c0b3629a0d2dab4a5
SHA-256: 1c58b9bf21a5614de82507b4f82d3e61b1463dc1cf8ad78cdd6ff3800a01c8e8
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: f3c4ea753bea066f24175fca40a9abee
SHA-256: c2a9ff8d128d7c6fc86ecea14981798f24444b4618f401fa9134adc991f9ac65
 
x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: d348ac0d02d2dbfa45e62f9a13e1cb09
SHA-256: 8d359e270765ce32d17dc50bebaa64c9f5bd67938304d1d189cd1d1965bc688d
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e6c569af618c4069f3a44d44dd1560b
SHA-256: 827a6de013d409ff37c5b29dabb09187a72b96e7a3c2635ee2ac6bd0f6fd215e
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e56ad5aabe6873574aa180914362636
SHA-256: 303aa9675076933af1603972f51fe791507ed884196878c868903bf8dca43948
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 87ebb0bb7cc3dfe830af093db280b8ff
SHA-256: 556178bd2accbcb1e00caf72fca98d1949b688a567ef590d52f06a01a1f3d4d0
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: c6c9aa7e0eedc390912885ce2897c1fa
SHA-256: d7abf17ff939dfb0a95c52c3bab1baed050babd6af3481cdf88653b2fa122a88
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: aae0d9fce448196708e47b311a18281f
SHA-256: f7c53d58822d327c0edd2cc85ba5da95f4754c43601c6cbd476237cabddd4d47
 
Oracle Java for Red Hat Enterprise Linux Server AUS (v. 6.5)

x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: d348ac0d02d2dbfa45e62f9a13e1cb09
SHA-256: 8d359e270765ce32d17dc50bebaa64c9f5bd67938304d1d189cd1d1965bc688d
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: 1e6c569af618c4069f3a44d44dd1560b
SHA-256: 827a6de013d409ff37c5b29dabb09187a72b96e7a3c2635ee2ac6bd0f6fd215e
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: 1e56ad5aabe6873574aa180914362636
SHA-256: 303aa9675076933af1603972f51fe791507ed884196878c868903bf8dca43948
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: 87ebb0bb7cc3dfe830af093db280b8ff
SHA-256: 556178bd2accbcb1e00caf72fca98d1949b688a567ef590d52f06a01a1f3d4d0
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: c6c9aa7e0eedc390912885ce2897c1fa
SHA-256: d7abf17ff939dfb0a95c52c3bab1baed050babd6af3481cdf88653b2fa122a88
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: aae0d9fce448196708e47b311a18281f
SHA-256: f7c53d58822d327c0edd2cc85ba5da95f4754c43601c6cbd476237cabddd4d47
 
Oracle Java for Red Hat Enterprise Linux Server EUS (v. 6.5.z)

IA-32:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2014:0902
    MD5: 380b220501c9feb62ad8a3f95cc62e18
SHA-256: e7aebde2444fac4cef048b5da2c7c72bb26be94dc26cba222f5cd83cc9e92cf8
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2014:0902
    MD5: 0032d79072a3a9cd227f2dcd1c3002dd
SHA-256: 40712c86fe63c6806a755608431a12ac22d20c0b510043c121df0d8453cf20ef
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2014:0902
    MD5: 0db498fd5e4985c987a284fd70676185
SHA-256: 944601704c85d7a2f8feb95b557899f48a7555371e8ca87d361a60883015cd98
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2014:0902
    MD5: 83f1a1256837f2a98555b4de551bd5ff
SHA-256: 5dec0ad9af4147a244d6cb1011bb5491caa60909298368c9af79323b1161fa53
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2014:0902
    MD5: ab981c8fc253579c0b3629a0d2dab4a5
SHA-256: 1c58b9bf21a5614de82507b4f82d3e61b1463dc1cf8ad78cdd6ff3800a01c8e8
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2014:0902
    MD5: f3c4ea753bea066f24175fca40a9abee
SHA-256: c2a9ff8d128d7c6fc86ecea14981798f24444b4618f401fa9134adc991f9ac65
 
x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: d348ac0d02d2dbfa45e62f9a13e1cb09
SHA-256: 8d359e270765ce32d17dc50bebaa64c9f5bd67938304d1d189cd1d1965bc688d
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: 1e6c569af618c4069f3a44d44dd1560b
SHA-256: 827a6de013d409ff37c5b29dabb09187a72b96e7a3c2635ee2ac6bd0f6fd215e
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: 1e56ad5aabe6873574aa180914362636
SHA-256: 303aa9675076933af1603972f51fe791507ed884196878c868903bf8dca43948
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: 87ebb0bb7cc3dfe830af093db280b8ff
SHA-256: 556178bd2accbcb1e00caf72fca98d1949b688a567ef590d52f06a01a1f3d4d0
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: c6c9aa7e0eedc390912885ce2897c1fa
SHA-256: d7abf17ff939dfb0a95c52c3bab1baed050babd6af3481cdf88653b2fa122a88
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0902
    MD5: aae0d9fce448196708e47b311a18281f
SHA-256: f7c53d58822d327c0edd2cc85ba5da95f4754c43601c6cbd476237cabddd4d47
 
Oracle Java for Red Hat Enterprise Linux Workstation (v. 6)

IA-32:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 380b220501c9feb62ad8a3f95cc62e18
SHA-256: e7aebde2444fac4cef048b5da2c7c72bb26be94dc26cba222f5cd83cc9e92cf8
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 0032d79072a3a9cd227f2dcd1c3002dd
SHA-256: 40712c86fe63c6806a755608431a12ac22d20c0b510043c121df0d8453cf20ef
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 0db498fd5e4985c987a284fd70676185
SHA-256: 944601704c85d7a2f8feb95b557899f48a7555371e8ca87d361a60883015cd98
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: 83f1a1256837f2a98555b4de551bd5ff
SHA-256: 5dec0ad9af4147a244d6cb1011bb5491caa60909298368c9af79323b1161fa53
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: ab981c8fc253579c0b3629a0d2dab4a5
SHA-256: 1c58b9bf21a5614de82507b4f82d3e61b1463dc1cf8ad78cdd6ff3800a01c8e8
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.i686.rpm
File outdated by:  RHSA-2015:1242
    MD5: f3c4ea753bea066f24175fca40a9abee
SHA-256: c2a9ff8d128d7c6fc86ecea14981798f24444b4618f401fa9134adc991f9ac65
 
x86_64:
java-1.7.0-oracle-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: d348ac0d02d2dbfa45e62f9a13e1cb09
SHA-256: 8d359e270765ce32d17dc50bebaa64c9f5bd67938304d1d189cd1d1965bc688d
java-1.7.0-oracle-devel-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e6c569af618c4069f3a44d44dd1560b
SHA-256: 827a6de013d409ff37c5b29dabb09187a72b96e7a3c2635ee2ac6bd0f6fd215e
java-1.7.0-oracle-javafx-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 1e56ad5aabe6873574aa180914362636
SHA-256: 303aa9675076933af1603972f51fe791507ed884196878c868903bf8dca43948
java-1.7.0-oracle-jdbc-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: 87ebb0bb7cc3dfe830af093db280b8ff
SHA-256: 556178bd2accbcb1e00caf72fca98d1949b688a567ef590d52f06a01a1f3d4d0
java-1.7.0-oracle-plugin-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: c6c9aa7e0eedc390912885ce2897c1fa
SHA-256: d7abf17ff939dfb0a95c52c3bab1baed050babd6af3481cdf88653b2fa122a88
java-1.7.0-oracle-src-1.7.0.55-1jpp.1.el6_5.x86_64.rpm
File outdated by:  RHSA-2015:1242
    MD5: aae0d9fce448196708e47b311a18281f
SHA-256: f7c53d58822d327c0edd2cc85ba5da95f4754c43601c6cbd476237cabddd4d47
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1031734 - CVE-2013-6629 libjpeg: information leak (read of uninitialized memory)
1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette
1060907 - CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)
1086632 - CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736)
1086645 - CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766)
1087409 - CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
1087411 - CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394)
1087413 - CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858)
1087417 - CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854)
1087423 - CVE-2014-2397 OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)
1087424 - CVE-2014-0455 OpenJDK: MethodHandle variable argument lists handling (Libraries, 8029844)
1087426 - CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)
1087427 - CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010)
1087428 - CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797)
1087430 - CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152)
1087431 - CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030)
1087434 - CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188)
1087436 - CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)
1087438 - CVE-2014-2402 OpenJDK: Incorrect NIO channel separation (Libraries, 8026716)
1087439 - CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740)
1087440 - CVE-2014-0454 OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)
1087441 - CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163)
1087442 - CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
1087443 - CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)
1087444 - CVE-2014-0459 lcms: insufficient ICC profile version validation (OpenJDK 2D, 8031335)
1087446 - CVE-2014-2413 OpenJDK: method handle call hierachy bypass (Libraries, 8032686)
1088023 - CVE-2014-0432 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Libraries)
1088024 - CVE-2014-0448 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment)
1088025 - CVE-2014-2428 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
1088026 - CVE-2014-2422 Oracle JDK: unspecified vulnerability fixed in 7u55 and 8u5 (JavaFX)
1088027 - CVE-2014-2409 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
1088028 - CVE-2014-0449 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)
1088030 - CVE-2014-2401 Oracle JDK: unspecified vulnerability fixed in 5.0u75, 6u75, 7u55 and 8u5 (2D)
1088031 - CVE-2014-2420 Oracle JDK: unspecified vulnerability fixed in 6u75, 7u55 and 8u5 (Deployment)


References

https://www.redhat.com/security/data/cve/CVE-2013-6629.html
https://www.redhat.com/security/data/cve/CVE-2013-6954.html
https://www.redhat.com/security/data/cve/CVE-2014-0429.html
https://www.redhat.com/security/data/cve/CVE-2014-0432.html
https://www.redhat.com/security/data/cve/CVE-2014-0446.html
https://www.redhat.com/security/data/cve/CVE-2014-0448.html
https://www.redhat.com/security/data/cve/CVE-2014-0449.html
https://www.redhat.com/security/data/cve/CVE-2014-0451.html
https://www.redhat.com/security/data/cve/CVE-2014-0452.html
https://www.redhat.com/security/data/cve/CVE-2014-0453.html
https://www.redhat.com/security/data/cve/CVE-2014-0454.html
https://www.redhat.com/security/data/cve/CVE-2014-0455.html
https://www.redhat.com/security/data/cve/CVE-2014-0456.html
https://www.redhat.com/security/data/cve/CVE-2014-0457.html
https://www.redhat.com/security/data/cve/CVE-2014-0458.html
https://www.redhat.com/security/data/cve/CVE-2014-0459.html
https://www.redhat.com/security/data/cve/CVE-2014-0460.html
https://www.redhat.com/security/data/cve/CVE-2014-0461.html
https://www.redhat.com/security/data/cve/CVE-2014-1876.html
https://www.redhat.com/security/data/cve/CVE-2014-2397.html
https://www.redhat.com/security/data/cve/CVE-2014-2398.html
https://www.redhat.com/security/data/cve/CVE-2014-2401.html
https://www.redhat.com/security/data/cve/CVE-2014-2402.html
https://www.redhat.com/security/data/cve/CVE-2014-2403.html
https://www.redhat.com/security/data/cve/CVE-2014-2409.html
https://www.redhat.com/security/data/cve/CVE-2014-2412.html
https://www.redhat.com/security/data/cve/CVE-2014-2413.html
https://www.redhat.com/security/data/cve/CVE-2014-2414.html
https://www.redhat.com/security/data/cve/CVE-2014-2420.html
https://www.redhat.com/security/data/cve/CVE-2014-2421.html
https://www.redhat.com/security/data/cve/CVE-2014-2422.html
https://www.redhat.com/security/data/cve/CVE-2014-2423.html
https://www.redhat.com/security/data/cve/CVE-2014-2427.html
https://www.redhat.com/security/data/cve/CVE-2014-2428.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/