Updated java-1.7.0-ibm packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 5 Supplementary.Red Hat Product Security has rated this update as having Critical securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBMJava Software Development Kit.This update fixes several vulnerabilities in the IBM Java RuntimeEnvironment and the IBM Java Software Development Kit. Further informationabout these flaws can be found on the IBM Java Security alerts page, listedin the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601,CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632,CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729,CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748,CVE-2015-4749, CVE-2015-4760)Note: This update forces the TLS/SSL client implementation in IBM JDK toreject DH key sizes below 768 bits to address the CVE-2015-4000 issue.Refer to Red Hat Bugzilla bug 1223211, linked to in the References section,for additional details about this change.All users of java-1.7.0-ibm are advised to upgrade to these updatedpackages, containing the IBM Java SE 7 SR9-FP10 release. All runninginstances of IBM Java must be restarted for the update to take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258RHEL Desktop Supplementary (v. 5 client)

IA-32:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: eba4f29e876e9600446d50f0c6159870SHA-256: b6a97e986ac7b9c0fdfb6fc4753aa7451d413e317b48039bee2b793c93ab4b20
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 977471c2b9cf2739d982463981328aa7SHA-256: 6fdf41f7a648597acd2c643cbfadd772a5938f665b47776b1e64894db7b21729
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: c87886ed8011e07bf7abca7bcaffdd1fSHA-256: 1303429d783d264267784061575363109dde3b848b849235b87938c36643615a
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: f427720186a884683ba0570fd3178923SHA-256: d7e886b275041b276e96272eb4e769f7218e50da3f086e4636c043daa2d8607f
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: aa14c08734b7c1bafb1326c4d98d5204SHA-256: eb974a2df3155ab74acf47d28cfbbaf229175417c402ea2614e92e1d29c77e1e
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 4dc4d8ec14e55f73a1cb6828e1dbab6eSHA-256: bde89f54e802162d3e7e6c43f0dc4a987ce84bd39184dc50dea53d78cf8055d9
 
x86_64:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: eba4f29e876e9600446d50f0c6159870SHA-256: b6a97e986ac7b9c0fdfb6fc4753aa7451d413e317b48039bee2b793c93ab4b20
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 4751e0cf4cd7cea1abd16f9185841f7fSHA-256: 413f6bf18ed664ef130cb3b494836bdfb77a48097334e380e0db4a5cf6329c6c
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 977471c2b9cf2739d982463981328aa7SHA-256: 6fdf41f7a648597acd2c643cbfadd772a5938f665b47776b1e64894db7b21729
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: b8a1f303fcfeeb487eebb5d0d61427c9SHA-256: a17fddf0b7a82bff05043c377b1d9b1f027011b2ad2ffd393a8222ae38cd93b2
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: c87886ed8011e07bf7abca7bcaffdd1fSHA-256: 1303429d783d264267784061575363109dde3b848b849235b87938c36643615a
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 46ed4d074ab5631b48b773b6114e3d30SHA-256: 089a3c2b9d977643a5346d2400f7abf963b5cb0f8477ac2e2122052edfcf34a5
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: f427720186a884683ba0570fd3178923SHA-256: d7e886b275041b276e96272eb4e769f7218e50da3f086e4636c043daa2d8607f
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: c0a3364005dc8cbd7fc72d7586b675c1SHA-256: 2eee9c900423eb2a638ffeea2cb7b92de8dc76424a0fd6fdb05969c6a7f5e177
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: aa14c08734b7c1bafb1326c4d98d5204SHA-256: eb974a2df3155ab74acf47d28cfbbaf229175417c402ea2614e92e1d29c77e1e
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 75faf86c241875703a70df8741ece85dSHA-256: a6676817ed191349157dc821642a8eb972d036fe1d71b8dd31814f4150cabf01
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 4dc4d8ec14e55f73a1cb6828e1dbab6eSHA-256: bde89f54e802162d3e7e6c43f0dc4a987ce84bd39184dc50dea53d78cf8055d9
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 27cd5ba4ffc9fd2e2075ecc309823012SHA-256: 3847d20186fd433c06c0befcec65c155eb4ba277067f22f5f8673b42fa906c9c
 
RHEL Supplementary (v. 5 server)

IA-32:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: eba4f29e876e9600446d50f0c6159870SHA-256: b6a97e986ac7b9c0fdfb6fc4753aa7451d413e317b48039bee2b793c93ab4b20
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 977471c2b9cf2739d982463981328aa7SHA-256: 6fdf41f7a648597acd2c643cbfadd772a5938f665b47776b1e64894db7b21729
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: c87886ed8011e07bf7abca7bcaffdd1fSHA-256: 1303429d783d264267784061575363109dde3b848b849235b87938c36643615a
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: f427720186a884683ba0570fd3178923SHA-256: d7e886b275041b276e96272eb4e769f7218e50da3f086e4636c043daa2d8607f
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: aa14c08734b7c1bafb1326c4d98d5204SHA-256: eb974a2df3155ab74acf47d28cfbbaf229175417c402ea2614e92e1d29c77e1e
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 4dc4d8ec14e55f73a1cb6828e1dbab6eSHA-256: bde89f54e802162d3e7e6c43f0dc4a987ce84bd39184dc50dea53d78cf8055d9
 
PPC:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.ppc.rpm
    MD5: 352dcff66ff2177031f48b0c7bc236d4SHA-256: 49b2bf00e67bbccef41e928683fc349b4ab80f5b1f3f407a5144f3eb5a05017e
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
    MD5: ccc379482508f57847bc6e5ff3c7c176SHA-256: 9463628a6451622ca60c4b79fb81fb2d6b9cbb969c5af55fca7d2358f96cbf92
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.ppc.rpm
    MD5: e0f7941b7978b01cb8fa176d76befeccSHA-256: 5d9754daf80368fad88164be0d4ff4d23c4f3d5546b3bfb89f687e24e20454ac
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
    MD5: 540eba4dfd30d6eb3ceff07ec62a279eSHA-256: 2cc879c27b340c9023e5d949cd0329e13446c6f548130c6305bd815a76446964
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.ppc.rpm
    MD5: 38f99500826581785c3db528feba8d00SHA-256: e49dbb289acdb1980af4085bbe8beb3f72f4135de5d771e04d3a099407bba794
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
    MD5: 5282d26661b9fccaabe68cc7752de8b3SHA-256: 41c942530cc9949c3f5e14354bd5c240d7da888f84388aa84b357708221d9a58
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.ppc.rpm
    MD5: 9bdc4cdbc98c8bd5a1e42c79e53d7e53SHA-256: ef7cee24b557678d79bb5e7d2892ad8a02a409da9f98c51fe416c7edd9f48d89
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
    MD5: e5bb3b816aa80175c712cf6be9d2b445SHA-256: 96fd5681d8ca01bd77f8d01024baaeb693525343203ddbb58251230d7596f68b
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.ppc.rpm
    MD5: 8bf8909174b6292baf3618208467a535SHA-256: 58922a4a1ae3e34669cc9aaa38c6e4eb828abafd4cf41c5e2f1adf2aed122e43
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.ppc.rpm
    MD5: 212f50ce01c04e714693756de0326298SHA-256: d180e5731f44f8ab764310c9df9e1ce259692ae605245316905d75db800a0f17
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.ppc64.rpm
    MD5: 5841cd51156a5f3168582eebfc9741a5SHA-256: ccf43d73560604e4a019d6cefb5a91932b9cf056ed8be737a0485d4fee8a5c52
 
s390x:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.s390.rpm
    MD5: 55edf3ded403195415b56b8e9b7958fdSHA-256: 26e15ff7c331e49b867bbf54ab29ad59e1f190aa323448426da9d59dc3a84305
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.s390x.rpm
    MD5: 59373d4b16f2ae48243e52eeba462de7SHA-256: d2cc1f43d591a6c33ce5ec3ea33789ff5bebc682eeafceade730b6a5a4292845
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.s390.rpm
    MD5: 5d9cff5107289d0ec13009cbb776196eSHA-256: 70cddda31e1601b54ac47ef8eb5a5a22285d896cd287a35de49dece160f45601
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.s390x.rpm
    MD5: 89957123399d1243f4f3017d9d68a42aSHA-256: 3a1186c3170e1233bf869f5e95747e58af1294a233090495e02a33fb12525fae
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.s390.rpm
    MD5: b53355a81ee6ba063cef8e2d9617b908SHA-256: b06e534921f6bda499d48c876c7bcf60e4e9e5ebb17a54dbe567ac66e27148c4
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.s390x.rpm
    MD5: b0c5c66e38348e65e27bfb82cd061636SHA-256: c7c41455e833b9412761dcaee1475fd1b4b81586ee1e802cffd67facec1f5426
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.s390.rpm
    MD5: deb4700455dd59269894819ca3bab474SHA-256: 6e0138e4ebfc45852ca125b3e0593392af194a7bf4f728be7a17a8fded4830b9
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.s390x.rpm
    MD5: 5e4a7110ef1181059e434af4e92a3dd0SHA-256: 89dae826444284dd6444035e18e43b3b9049f6b11c576b8b707d7c53dc64d67e
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.s390.rpm
    MD5: 49f003a76715a7da4a1013dd8fb26142SHA-256: 383cabe252d5da7639364fa38b2658c9a35037c7e0da2f5b3fe2523caefa19aa
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.s390x.rpm
    MD5: 98577049389ae8e9c7be47185b5169bcSHA-256: b58821d75880ce0cfddc0e96cda8aca782d72a4f41226f2a493e6e458a9b9a37
 
x86_64:
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: eba4f29e876e9600446d50f0c6159870SHA-256: b6a97e986ac7b9c0fdfb6fc4753aa7451d413e317b48039bee2b793c93ab4b20
java-1.7.0-ibm-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 4751e0cf4cd7cea1abd16f9185841f7fSHA-256: 413f6bf18ed664ef130cb3b494836bdfb77a48097334e380e0db4a5cf6329c6c
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 977471c2b9cf2739d982463981328aa7SHA-256: 6fdf41f7a648597acd2c643cbfadd772a5938f665b47776b1e64894db7b21729
java-1.7.0-ibm-demo-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: b8a1f303fcfeeb487eebb5d0d61427c9SHA-256: a17fddf0b7a82bff05043c377b1d9b1f027011b2ad2ffd393a8222ae38cd93b2
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: c87886ed8011e07bf7abca7bcaffdd1fSHA-256: 1303429d783d264267784061575363109dde3b848b849235b87938c36643615a
java-1.7.0-ibm-devel-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 46ed4d074ab5631b48b773b6114e3d30SHA-256: 089a3c2b9d977643a5346d2400f7abf963b5cb0f8477ac2e2122052edfcf34a5
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: f427720186a884683ba0570fd3178923SHA-256: d7e886b275041b276e96272eb4e769f7218e50da3f086e4636c043daa2d8607f
java-1.7.0-ibm-jdbc-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: c0a3364005dc8cbd7fc72d7586b675c1SHA-256: 2eee9c900423eb2a638ffeea2cb7b92de8dc76424a0fd6fdb05969c6a7f5e177
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: aa14c08734b7c1bafb1326c4d98d5204SHA-256: eb974a2df3155ab74acf47d28cfbbaf229175417c402ea2614e92e1d29c77e1e
java-1.7.0-ibm-plugin-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 75faf86c241875703a70df8741ece85dSHA-256: a6676817ed191349157dc821642a8eb972d036fe1d71b8dd31814f4150cabf01
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.i386.rpm
    MD5: 4dc4d8ec14e55f73a1cb6828e1dbab6eSHA-256: bde89f54e802162d3e7e6c43f0dc4a987ce84bd39184dc50dea53d78cf8055d9
java-1.7.0-ibm-src-1.7.0.9.10-1jpp.2.el5.x86_64.rpm
    MD5: 27cd5ba4ffc9fd2e2075ecc309823012SHA-256: 3847d20186fd433c06c0befcec65c155eb4ba277067f22f5f8673b42fa906c9c
 
(The unlinked packages above are only available from the Red Hat Network)
1223211 – CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks1241965 – CVE-2015-2625 OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694)1242019 – CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)1242234 – CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397)1242240 – CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405)1242275 – CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)1242281 – CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)1242372 – CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853)1242379 – CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378)1242394 – CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)1242447 – CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)1242456 – CVE-2015-2613 NSS / JCE: missing EC parameter validation in ECDH_Derive() (OpenJDK JCE, 8075833)1243139 – CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401)1243283 – CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)1243284 – CVE-2015-4736 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)1243286 – CVE-2015-2619 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)1243287 – CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)1243290 – CVE-2015-4729 Oracle JDK: unspecified vulnerability fixed in 7u85 and 8u51 (Deployment)1243300 – CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)1244828 – CVE-2015-1931 IBM JDK: plain text data stored in memory dumps

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply