Updated java-1.6.0-ibm packages that fix several security issues are nowavailable for Red Hat Satellite 5.6 and 5.7.Red Hat Product Security has rated this update as having Low securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBMJava Software Development Kit.This update corrects several security vulnerabilities in the IBM JavaRuntime Environment shipped as part of Red Hat Satellite 5. In a typicaloperating environment, these are of low security risk as the runtime is notused on untrusted applets. Further information about these flaws can befound on the IBM Java Security alerts page, listed in the Referencessection. (CVE-2005-1080, CVE-2015-0138, CVE-2015-0192, CVE-2015-0458,CVE-2015-0459, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480,CVE-2015-0488, CVE-2015-0491, CVE-2015-1914, CVE-2015-2808)The CVE-2015-0478 issue was discovered by Florian Weimer of Red HatProduct Security.Note: With this update, the IBM JDK now disables RC4 SSL/TLS cipher suitesby default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzillabug 1207101, linked to from the References section, for additional detailsabout this change.Users of Red Hat Satellite 5.6 and 5.7 are advised to upgrade to theseupdated packages, which contain the IBM Java SE 6 SR16-FP4 release. Forthis update to take effect, Red Hat Satellite must be restarted(“/usr/sbin/rhn-satellite restart”), as well as all running instances ofIBM Java.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258Red Hat Satellite (v. 5.6 for RHEL 5)

SRPMS:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.src.rpm
    MD5: 5ad535cb4adb7bcbd3268a45ce7a8d53SHA-256: 895fbae2e45abaeb0f73902f68b4dc561091ce67534608552e84a8fd49c2e243
 
s390x:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.s390x.rpm
    MD5: 7bb59d0fcbcdce31645eeefe3004b1c9SHA-256: b2ca01934cb730fa8434222d11ea9ba7a07cdac1fc24d143c993154e63ac4ed0
java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.s390x.rpm
    MD5: 143bf8a5bb12ea01e647b8c59bc7251fSHA-256: 8391137317a948f23937c0dad30a17a5486cdadc86af6c5ecbc34258159f10a2
 
x86_64:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el5.x86_64.rpm
    MD5: 0704254f7115079d79982ad7e9a13cdbSHA-256: b8ca5e16c0088af47673233897eded56c4424d64f9fa139e5bcb3d383807a221
java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el5.x86_64.rpm
    MD5: 2b61803819909cf2aa6367894f032829SHA-256: ccfd46d981f5a0a0dd99395b8c9499aead1a415ef5edd8749950d15bbe7ecd91
 
Red Hat Satellite (v. 5.6 for RHEL 6)

SRPMS:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.src.rpm
    MD5: fe746869d56e050689055a63c4710530SHA-256: 66a3e540485c781512e0912c698491cd493d907b447b06074aba2f13ec9c105c
 
s390x:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm
    MD5: 476d1b94ae9eec295d6a423bdcfc027aSHA-256: 5c2008f49280927b8ce598528cc2852902d0dd92ff4b73b8f2c4dfa244c3b2cc
java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm
    MD5: 0e175908cf6cdcd2616b3f8302587c30SHA-256: 89df8c9e52164d2d3374307e36a7182564565a595bd76920ac5edef0709368d9
 
x86_64:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm
    MD5: 20177acb41caa89f007aadd76b326f02SHA-256: c97a7c04f5229257a893293fe97e262962871cbe0f4f640e1dffd02d4230159c
java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm
    MD5: edec8e2c4fbe03181ec58374937620d6SHA-256: 322075207a43e36f37a981fe383efd44b7aec8b205698606d1431b1ed918a30e
 
Red Hat Satellite (v. 5.7 for RHEL 6)

SRPMS:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.src.rpm
    MD5: fe746869d56e050689055a63c4710530SHA-256: 66a3e540485c781512e0912c698491cd493d907b447b06074aba2f13ec9c105c
 
s390x:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm
    MD5: 476d1b94ae9eec295d6a423bdcfc027aSHA-256: 5c2008f49280927b8ce598528cc2852902d0dd92ff4b73b8f2c4dfa244c3b2cc
java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.s390x.rpm
    MD5: 0e175908cf6cdcd2616b3f8302587c30SHA-256: 89df8c9e52164d2d3374307e36a7182564565a595bd76920ac5edef0709368d9
 
x86_64:
java-1.6.0-ibm-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm
    MD5: 20177acb41caa89f007aadd76b326f02SHA-256: c97a7c04f5229257a893293fe97e262962871cbe0f4f640e1dffd02d4230159c
java-1.6.0-ibm-devel-1.6.0.16.4-1jpp.1.el6_6.x86_64.rpm
    MD5: edec8e2c4fbe03181ec58374937620d6SHA-256: 322075207a43e36f37a981fe383efd44b7aec8b205698606d1431b1ed918a30e
 
(The unlinked packages above are only available from the Red Hat Network)
1207101 – CVE-2015-2808 SSL/TLS: “Invariance Weakness” vulnerability in RC4 stream cipher1210355 – CVE-2015-0478 OpenJDK: RSA implementation hardening (JCE, 8071726)1210829 – CVE-2015-0469 ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)1211299 – CVE-2015-0477 OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)1211504 – CVE-2015-0480 OpenJDK: jar directory traversal issues (Tools, 8064601)1211543 – CVE-2015-0488 OpenJDK: certificate options parsing uncaught exception (JSSE, 8068720)1211768 – CVE-2015-0459 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)1211769 – CVE-2015-0491 Oracle JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)1211771 – CVE-2015-0458 Oracle JDK: unspecified vulnerability fixed in 6u95, 7u79 and 8u45 (Deployment)1219212 – CVE-2015-0192 IBM JDK: unspecified Java sandbox restrictions bypass1219215 – CVE-2015-1914 IBM JDK: unspecified partial Java sandbox restrictions bypass1219223 – CVE-2015-0138 IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)606442 – CVE-2005-1080 jar: directory traversal vulnerability

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply