Updated java-1.8.0-openjdk packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java RuntimeEnvironment and the OpenJDK 8 Java Software Development Kit.Multiple flaws were found in the way the Hotspot component in OpenJDKverified bytecode from the class files, and in the way this componentgenerated code for bytecode. An untrusted Java application or applet couldpossibly use these flaws to bypass Java sandbox restrictions.(CVE-2014-6601, CVE-2015-0437)Multiple improper permission check issues were discovered in the JAX-WS,Libraries, and RMI components in OpenJDK. An untrusted Java application orapplet could use these flaws to bypass Java sandbox restrictions.(CVE-2015-0412, CVE-2014-6549, CVE-2015-0408)A flaw was found in the way the Hotspot garbage collector handled phantomreferences. An untrusted Java application or applet could use this flaw tocorrupt the Java Virtual Machine memory and, possibly, execute arbitrarycode, bypassing Java sandbox restrictions. (CVE-2015-0395)A flaw was found in the way the DER (Distinguished Encoding Rules) decoderin the Security component in OpenJDK handled negative length values. Aspecially crafted, DER-encoded input could cause a Java application toenter an infinite loop when decoded. (CVE-2015-0410)A flaw was found in the way the SSL 3.0 protocol handled padding bytes whendecrypting messages that were encrypted using block ciphers in cipher blockchaining (CBC) mode. This flaw could possibly allow a man-in-the-middle(MITM) attacker to decrypt portions of the cipher text using a paddingoracle attack. (CVE-2014-3566)Note: This update disables SSL 3.0 by default to address this issue.The jdk.tls.disabledAlgorithms security property can be used to re-enableSSL 3.0 support if needed. For additional information, refer to the Red HatBugzilla bug linked to in the References section.It was discovered that the SSL/TLS implementation in the JSSE component inOpenJDK failed to properly check whether the ChangeCipherSpec was receivedduring the SSL/TLS connection handshake. An MITM attacker could possiblyuse this flaw to force a connection to be established without encryptionbeing enabled. (CVE-2014-6593)An information leak flaw was found in the Swing component in OpenJDK. Anuntrusted Java application or applet could use this flaw to bypass certainJava sandbox restrictions. (CVE-2015-0407)A NULL pointer dereference flaw was found in the MulticastSocketimplementation in the Libraries component of OpenJDK. An untrusted Javaapplication or applet could possibly use this flaw to bypass certain Javasandbox restrictions. (CVE-2014-6587)Multiple boundary check flaws were found in the font parsing code in the 2Dcomponent in OpenJDK. A specially crafted font file could allow anuntrusted Java application or applet to disclose portions of the JavaVirtual Machine memory. (CVE-2014-6585, CVE-2014-6591)Multiple insecure temporary file use issues were found in the way theHotspot component in OpenJDK created performance statistics and error logfiles. A local attacker could possibly make a victim using OpenJDKoverwrite arbitrary files using a symlink attack. (CVE-2015-0383)The CVE-2015-0383 issue was discovered by Red Hat.All users of java-1.8.0-openjdk are advised to upgrade to these updatedpackages, which resolve these issues. All running instances of OpenJDK Javamust be restarted for the update to take effect.
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm
    MD5: ae88e561db4be123b0c04a7b968766bbSHA-256: 74c0a9ddcbf10334d16c358f6f05602b1eca6bc85a16e7f5afeb23eb16421a81
 
IA-32:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: f1e1240145db936d03c69b078dc89038SHA-256: 17c108ce8bbfcb83ef438e30bbc81ec89e56ab2f98fbd3d4127d8612ae62de67
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 547d2b237f95246ea6f11c5c35c59dedSHA-256: 403a3df06ab65fed73fdc1e4b5c599a7bfd662e618ca4fb8356666e317827ef4
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: bf267dc22e1fa3a80f7cac32c3b53ffcSHA-256: 4c7df1973aea5b2e667fac692d9590d94465f7436b735ec9545bd840e9b3afd8
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: b809f0fa5122e0eea6a0f1a49b540509SHA-256: ae5c10503b5f99528a500c3a1aa17016a82ef320e52b4878941babadc15e5d15
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 957a36807133e0d3205be8b2f1c1027dSHA-256: 4900ae2a81db97b79aeec15f75f111bf0afffd9cf1c6caee1454205db149f6aa
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: d96a4ff66582f9de93b8dda9cffcadacSHA-256: a3373b651ff31547937e6dd3a3d0a94e3e5130cef658f4a0ed93eb25eb10c83a
 
x86_64:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 3014c830436b7d700235780522ce48b8SHA-256: abe84aa4882b6f370a152408cb7b39d8a3a8876ec2d22a6ed2f6a39dfb0f56d8
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: ef14058cf45cab7e7d43fda02a773c0eSHA-256: 3e6d697d39736bde3e318c21fdb3c390138b44ddcfb456ef1efc00b7b76e8095
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 74c007f2aea40bb39dd2be64a680945eSHA-256: 5186a5ce7baa61be974c65c428c80a5b83b7d78e3e9130eaaf49dc837b5b2fe6
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: c0d7e92e569e148d4ef95a467d21ea0bSHA-256: 2ed5003be9ee922457554e8679cb84e3ab844bb62502a09e909a919623abacb5
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 5e67223fef8c4dcd4c1d44f168faa044SHA-256: aa3f84b5fb7e35ee9883308f600442a3e9faa5e845a046785028ca26dd5317e6
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 60c67bcde50237e3242418181db4c21bSHA-256: 9f8f7eaf655fbf0602cc1ad618cf5c60b3573af9539f250648cf2c8d5cf86030
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm
    MD5: ae88e561db4be123b0c04a7b968766bbSHA-256: 74c0a9ddcbf10334d16c358f6f05602b1eca6bc85a16e7f5afeb23eb16421a81
 
x86_64:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 3014c830436b7d700235780522ce48b8SHA-256: abe84aa4882b6f370a152408cb7b39d8a3a8876ec2d22a6ed2f6a39dfb0f56d8
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: ef14058cf45cab7e7d43fda02a773c0eSHA-256: 3e6d697d39736bde3e318c21fdb3c390138b44ddcfb456ef1efc00b7b76e8095
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 74c007f2aea40bb39dd2be64a680945eSHA-256: 5186a5ce7baa61be974c65c428c80a5b83b7d78e3e9130eaaf49dc837b5b2fe6
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: c0d7e92e569e148d4ef95a467d21ea0bSHA-256: 2ed5003be9ee922457554e8679cb84e3ab844bb62502a09e909a919623abacb5
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 5e67223fef8c4dcd4c1d44f168faa044SHA-256: aa3f84b5fb7e35ee9883308f600442a3e9faa5e845a046785028ca26dd5317e6
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 60c67bcde50237e3242418181db4c21bSHA-256: 9f8f7eaf655fbf0602cc1ad618cf5c60b3573af9539f250648cf2c8d5cf86030
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm
    MD5: ae88e561db4be123b0c04a7b968766bbSHA-256: 74c0a9ddcbf10334d16c358f6f05602b1eca6bc85a16e7f5afeb23eb16421a81
 
IA-32:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: f1e1240145db936d03c69b078dc89038SHA-256: 17c108ce8bbfcb83ef438e30bbc81ec89e56ab2f98fbd3d4127d8612ae62de67
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 547d2b237f95246ea6f11c5c35c59dedSHA-256: 403a3df06ab65fed73fdc1e4b5c599a7bfd662e618ca4fb8356666e317827ef4
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: bf267dc22e1fa3a80f7cac32c3b53ffcSHA-256: 4c7df1973aea5b2e667fac692d9590d94465f7436b735ec9545bd840e9b3afd8
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: b809f0fa5122e0eea6a0f1a49b540509SHA-256: ae5c10503b5f99528a500c3a1aa17016a82ef320e52b4878941babadc15e5d15
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 957a36807133e0d3205be8b2f1c1027dSHA-256: 4900ae2a81db97b79aeec15f75f111bf0afffd9cf1c6caee1454205db149f6aa
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: d96a4ff66582f9de93b8dda9cffcadacSHA-256: a3373b651ff31547937e6dd3a3d0a94e3e5130cef658f4a0ed93eb25eb10c83a
 
x86_64:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 3014c830436b7d700235780522ce48b8SHA-256: abe84aa4882b6f370a152408cb7b39d8a3a8876ec2d22a6ed2f6a39dfb0f56d8
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: ef14058cf45cab7e7d43fda02a773c0eSHA-256: 3e6d697d39736bde3e318c21fdb3c390138b44ddcfb456ef1efc00b7b76e8095
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 74c007f2aea40bb39dd2be64a680945eSHA-256: 5186a5ce7baa61be974c65c428c80a5b83b7d78e3e9130eaaf49dc837b5b2fe6
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: c0d7e92e569e148d4ef95a467d21ea0bSHA-256: 2ed5003be9ee922457554e8679cb84e3ab844bb62502a09e909a919623abacb5
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 5e67223fef8c4dcd4c1d44f168faa044SHA-256: aa3f84b5fb7e35ee9883308f600442a3e9faa5e845a046785028ca26dd5317e6
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 60c67bcde50237e3242418181db4c21bSHA-256: 9f8f7eaf655fbf0602cc1ad618cf5c60b3573af9539f250648cf2c8d5cf86030
 
Red Hat Enterprise Linux Server EUS (v. 6.6.z)

SRPMS:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm
    MD5: ae88e561db4be123b0c04a7b968766bbSHA-256: 74c0a9ddcbf10334d16c358f6f05602b1eca6bc85a16e7f5afeb23eb16421a81
 
IA-32:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: f1e1240145db936d03c69b078dc89038SHA-256: 17c108ce8bbfcb83ef438e30bbc81ec89e56ab2f98fbd3d4127d8612ae62de67
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 547d2b237f95246ea6f11c5c35c59dedSHA-256: 403a3df06ab65fed73fdc1e4b5c599a7bfd662e618ca4fb8356666e317827ef4
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: bf267dc22e1fa3a80f7cac32c3b53ffcSHA-256: 4c7df1973aea5b2e667fac692d9590d94465f7436b735ec9545bd840e9b3afd8
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: b809f0fa5122e0eea6a0f1a49b540509SHA-256: ae5c10503b5f99528a500c3a1aa17016a82ef320e52b4878941babadc15e5d15
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 957a36807133e0d3205be8b2f1c1027dSHA-256: 4900ae2a81db97b79aeec15f75f111bf0afffd9cf1c6caee1454205db149f6aa
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: d96a4ff66582f9de93b8dda9cffcadacSHA-256: a3373b651ff31547937e6dd3a3d0a94e3e5130cef658f4a0ed93eb25eb10c83a
 
x86_64:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 3014c830436b7d700235780522ce48b8SHA-256: abe84aa4882b6f370a152408cb7b39d8a3a8876ec2d22a6ed2f6a39dfb0f56d8
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: ef14058cf45cab7e7d43fda02a773c0eSHA-256: 3e6d697d39736bde3e318c21fdb3c390138b44ddcfb456ef1efc00b7b76e8095
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: c0d7e92e569e148d4ef95a467d21ea0bSHA-256: 2ed5003be9ee922457554e8679cb84e3ab844bb62502a09e909a919623abacb5
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 5e67223fef8c4dcd4c1d44f168faa044SHA-256: aa3f84b5fb7e35ee9883308f600442a3e9faa5e845a046785028ca26dd5317e6
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.src.rpm
    MD5: ae88e561db4be123b0c04a7b968766bbSHA-256: 74c0a9ddcbf10334d16c358f6f05602b1eca6bc85a16e7f5afeb23eb16421a81
 
IA-32:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: f1e1240145db936d03c69b078dc89038SHA-256: 17c108ce8bbfcb83ef438e30bbc81ec89e56ab2f98fbd3d4127d8612ae62de67
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 547d2b237f95246ea6f11c5c35c59dedSHA-256: 403a3df06ab65fed73fdc1e4b5c599a7bfd662e618ca4fb8356666e317827ef4
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: bf267dc22e1fa3a80f7cac32c3b53ffcSHA-256: 4c7df1973aea5b2e667fac692d9590d94465f7436b735ec9545bd840e9b3afd8
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: b809f0fa5122e0eea6a0f1a49b540509SHA-256: ae5c10503b5f99528a500c3a1aa17016a82ef320e52b4878941babadc15e5d15
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: 957a36807133e0d3205be8b2f1c1027dSHA-256: 4900ae2a81db97b79aeec15f75f111bf0afffd9cf1c6caee1454205db149f6aa
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.i686.rpm
    MD5: d96a4ff66582f9de93b8dda9cffcadacSHA-256: a3373b651ff31547937e6dd3a3d0a94e3e5130cef658f4a0ed93eb25eb10c83a
 
x86_64:
java-1.8.0-openjdk-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 3014c830436b7d700235780522ce48b8SHA-256: abe84aa4882b6f370a152408cb7b39d8a3a8876ec2d22a6ed2f6a39dfb0f56d8
java-1.8.0-openjdk-debuginfo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: ef14058cf45cab7e7d43fda02a773c0eSHA-256: 3e6d697d39736bde3e318c21fdb3c390138b44ddcfb456ef1efc00b7b76e8095
java-1.8.0-openjdk-demo-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 74c007f2aea40bb39dd2be64a680945eSHA-256: 5186a5ce7baa61be974c65c428c80a5b83b7d78e3e9130eaaf49dc837b5b2fe6
java-1.8.0-openjdk-devel-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: c0d7e92e569e148d4ef95a467d21ea0bSHA-256: 2ed5003be9ee922457554e8679cb84e3ab844bb62502a09e909a919623abacb5
java-1.8.0-openjdk-headless-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 5e67223fef8c4dcd4c1d44f168faa044SHA-256: aa3f84b5fb7e35ee9883308f600442a3e9faa5e845a046785028ca26dd5317e6
java-1.8.0-openjdk-javadoc-1.8.0.31-1.b13.el6_6.noarch.rpm
    MD5: ec3605388d428c48929fd46dba9be08aSHA-256: 0fc660d7c9036124aa7c1aeccc3abcb5912ed8a85d35dab9e3c14e1423e69b26
java-1.8.0-openjdk-src-1.8.0.31-1.b13.el6_6.x86_64.rpm
    MD5: 60c67bcde50237e3242418181db4c21bSHA-256: 9f8f7eaf655fbf0602cc1ad618cf5c60b3573af9539f250648cf2c8d5cf86030
 
(The unlinked packages above are only available from the Red Hat Network)
1123870 – CVE-2015-0383 OpenJDK: insecure hsperfdata temporary file handling (Hotspot, 8050807)1152789 – CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack1183020 – CVE-2014-6601 OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)1183021 – CVE-2015-0412 OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)1183023 – CVE-2015-0408 OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)1183031 – CVE-2015-0395 OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)1183043 – CVE-2015-0407 OpenJDK: directory information leak via file chooser (Swing, 8055304)1183044 – CVE-2015-0410 OpenJDK: DER decoder infinite loop (Security, 8059485)1183049 – CVE-2014-6593 OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)1183645 – CVE-2014-6585 ICU: font parsing OOB read (OpenJDK 2D, 8055489)1183646 – CVE-2014-6591 ICU: font parsing OOB read (OpenJDK 2D, 8056276)1183660 – CVE-2014-6549 OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)1183670 – CVE-2015-0437 OpenJDK: code generation issue (Hotspot, 8064524)1183715 – CVE-2014-6587 OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply