Home Tags Applet

Tag: Applet

RHSA-2017:0061-1: Important: java-1.6.0-openjdk security update

An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environmentand the OpenJDK 6 Java Software Development Kit.Security Fix(es):* It was discovered that the Hotspot component of OpenJDK did not properly checkarguments of the System.arraycopy() function in certain cases.

An untrusted Javaapplication or applet could use this flaw to corrupt virtual machine's memoryand completely bypass Java sandbox restrictions. (CVE-2016-5582)* It was discovered that the Hotspot component of OpenJDK did not properly checkreceived Java Debug Wire Protocol (JDWP) packets.

An attacker could possibly usethis flaw to send debugging commands to a Java program running with debuggingenabled if they could make victim's browser send HTTP requests to the JDWP portof the debugged application. (CVE-2016-5573)* It was discovered that the Libraries component of OpenJDK did not restrict theset of algorithms used for Jar integrity verification.

This flaw could allow anattacker to modify content of the Jar file that used weak signing key or hashalgorithm. (CVE-2016-5542)Note: After this update, MD2 hash algorithm and RSA keys with less than 1024bits are no longer allowed to be used for Jar integrity verification by default.MD5 hash algorithm is expected to be disabled by default in the future updates.A newly introduced security property jdk.jar.disabledAlgorithms can be used tocontrol the set of disabled algorithms.* A flaw was found in the way the JMX component of OpenJDK handled classloaders.An untrusted Java application or applet could use this flaw to bypass certainJava sandbox restrictions. (CVE-2016-5554)* A flaw was found in the way the Networking component of OpenJDK handled HTTPproxy authentication.

A Java application could possibly expose HTTPS serverauthentication credentials via a plain text network connection to an HTTP proxyif proxy asked for authentication. (CVE-2016-5597)Note: After this update, Basic HTTP proxy authentication can no longer be usedwhen tunneling HTTPS connection through an HTTP proxy. Newly introduced systemproperties jdk.http.auth.proxying.disabledSchemes andjdk.http.auth.tunneling.disabledSchemes can be used to control whichauthentication schemes can be requested by an HTTP proxy when proxying HTTP andHTTPS connections respectively. Red Hat Enterprise Linux (v. 5 server) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.src.rpm     MD5: 62b8da09e0380dbf693d1fa5b0d89e99SHA-256: ff98f4755038905f34b6fc78fc26c5ac6af11b42b341822d138e8852cdff4a93   IA-32: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 15eda9126b5acaa82324eddf7d9e10b6SHA-256: cbce9713450abece01723411e82770ddb5c56eb57fd6ca130fa2a8360f717804 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 6934010f17f03bee857bb53ffb7e0e50SHA-256: 29d0bea089a74b928a1e0ada85b581d40524708c6f89e6a92017c75fe8be1d2d java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 709323256fc17a526b99d482411b0eb5SHA-256: 310aee115201ed002da01f85ebb874e0918bccef9689bf4b5031f6087853da2b java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: ced0f2bb8978fef2a5c52cf4c129cf48SHA-256: a91d375cbcaf7dc67a5af4f89017ef4fa4059f0906af15fe2a7286db22a065ec java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: abfb6cf49e3d540a8fecbc0329532f3aSHA-256: 02d6365ef87d32ecdbee341177a6c1777edbeb0adbd67043fc22400efa67a556 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 78f93e3cb8cb58bb34ce54d1b752cd5dSHA-256: c76656d8ade38f6326693a64f4f08b4e815e444de9468572c9b7e0e214624172   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: b7037d5268e6cc57e015427c3f8f471fSHA-256: 3ddf81b6384c4ba97c13a8a4ac62c607b56b78abff5299ab0abff15dd2ce5e7a java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: 79c27da140914b62d833c29d3acb549fSHA-256: 795e8e8fb2638cc3b4124d60bb0ecc73311d703b4e0b950b2481f4852fd18f7c java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: a893795244cd5acbbc63770a75a791efSHA-256: 733d0b48b8b17deb92757e59bf1873b45e24b48f3b7333071e0676ba8177c257 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: f7f4ff5bf63db28da25940c550b0bc73SHA-256: ab3a4e7a020f45adb159a9ebda9d6a060053e2abb88eeb583fc4fd73822571ac java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: c0dc09e999a9b7a4e0bdbd4c45b19cf2SHA-256: 4353fe6b065adebb44171001b668da9a4c4152536d0bb769b440b7527f3799f5 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: 4194283d0f676fea5e5c2ad718592f15SHA-256: 5483c081a6056f7be73bff2bd1502fc047a93c6aa938dc0a22a4c1f4272230ce   Red Hat Enterprise Linux Desktop (v. 5 client) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.src.rpm     MD5: 62b8da09e0380dbf693d1fa5b0d89e99SHA-256: ff98f4755038905f34b6fc78fc26c5ac6af11b42b341822d138e8852cdff4a93   IA-32: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 15eda9126b5acaa82324eddf7d9e10b6SHA-256: cbce9713450abece01723411e82770ddb5c56eb57fd6ca130fa2a8360f717804 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 6934010f17f03bee857bb53ffb7e0e50SHA-256: 29d0bea089a74b928a1e0ada85b581d40524708c6f89e6a92017c75fe8be1d2d java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 709323256fc17a526b99d482411b0eb5SHA-256: 310aee115201ed002da01f85ebb874e0918bccef9689bf4b5031f6087853da2b java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: ced0f2bb8978fef2a5c52cf4c129cf48SHA-256: a91d375cbcaf7dc67a5af4f89017ef4fa4059f0906af15fe2a7286db22a065ec java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: abfb6cf49e3d540a8fecbc0329532f3aSHA-256: 02d6365ef87d32ecdbee341177a6c1777edbeb0adbd67043fc22400efa67a556 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.i386.rpm     MD5: 78f93e3cb8cb58bb34ce54d1b752cd5dSHA-256: c76656d8ade38f6326693a64f4f08b4e815e444de9468572c9b7e0e214624172   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: b7037d5268e6cc57e015427c3f8f471fSHA-256: 3ddf81b6384c4ba97c13a8a4ac62c607b56b78abff5299ab0abff15dd2ce5e7a java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: 79c27da140914b62d833c29d3acb549fSHA-256: 795e8e8fb2638cc3b4124d60bb0ecc73311d703b4e0b950b2481f4852fd18f7c java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: a893795244cd5acbbc63770a75a791efSHA-256: 733d0b48b8b17deb92757e59bf1873b45e24b48f3b7333071e0676ba8177c257 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: f7f4ff5bf63db28da25940c550b0bc73SHA-256: ab3a4e7a020f45adb159a9ebda9d6a060053e2abb88eeb583fc4fd73822571ac java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: c0dc09e999a9b7a4e0bdbd4c45b19cf2SHA-256: 4353fe6b065adebb44171001b668da9a4c4152536d0bb769b440b7527f3799f5 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el5_11.x86_64.rpm     MD5: 4194283d0f676fea5e5c2ad718592f15SHA-256: 5483c081a6056f7be73bff2bd1502fc047a93c6aa938dc0a22a4c1f4272230ce   Red Hat Enterprise Linux Desktop (v. 6) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm     MD5: 41d0d17080a35fc8dd695acd0353517fSHA-256: f6cc610e3a388527667d6b38fd05c595816692b68391df374de0cd0527ed19e6   IA-32: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 148dd92c388bc30f7f4146d3fffdc762SHA-256: d0ded59db734b4b812259b239a5b420807910d361ef66f7921a1a54db6630bca java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: df4a83794169233a6985ab83fc1c658bSHA-256: a0ba65917c1f5027126a30a9e25e353d277af721e48fd5cd6da1f2e95ed71706 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 3828a1f1590c0a42bb697099f0c50deaSHA-256: a584b6fbb85f207f13d4fcad972ad4e6c2ff157a3ad6afdb28f0de050c2430de java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 13aec09a400c8c607481fec57b2101c1SHA-256: afd56586bc7f554cb48e033fb652d497872ff68d3fd8e855047e67637adc01e5 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 7860ca55e896ad5797627594fb832675SHA-256: 4bfab57b30a007033ff0aeb466a3612db0e86e345d833b412ceadba30dc8a959 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: ac9a1e126b68e35fabda0def19971d6cSHA-256: 78a29079ddecff31f675062cf725b72dc1770754bd0f48221d0d2c5204bc67d0   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: b770890f63756adca744c93b10b74024SHA-256: 9e6192d96c036365fa9a36ad252e1ed5e032d9eadff11b682b3c528d2cc154df java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: d590c54a7c4bd068fc1672421cfbf834SHA-256: ace6e2bfdd386a9d802e422a09f044858c2bc93d5697e2570c93ffda0636300c java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 9fae0a467a584fac72e7a8cd1f035ce7SHA-256: 98776ca2310a1bcafed2d34f60130506b98674329da2d79753e6ee76a97af8c9 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 214a2471cde0280d894fc9230401da97SHA-256: 9c0cc086ed1b8f666e5dbdc44a7f2bc6cbecc95d8ba5a0f7728da8234a6f1f85 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 56bcd6516ea415a12414b86e0d641d35SHA-256: e243ee580e782f06ba761f42d3a786d211893d49f204d90262abfbf31fbc52c0 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 7839c88b5e7c11241adedae9ab0b7010SHA-256: 68ec16118724f19526903cde0140c58247dc955412e42fc6d9ace4af7b93df10   Red Hat Enterprise Linux Desktop (v. 7) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm     MD5: 977f0de972ef6cee2fc31033498f1809SHA-256: e0ad4861f4323a0f0b60f171289daf79b27e64328d2a82b976d5393fce777a3a   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: f8bc12b78d49b68ec53755c3cdb5b25eSHA-256: 941663708bc285be58825e24584b4643907e3f52046016a3192a673ab2c949e9 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 8667d7a3b8cdd8d129904c16daf1a223SHA-256: acda3dbc68c3a5130bbd101b354f65ca4963a3e30e15fbe3cdbbf6213011cfd4 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: eb3118360b8d1fd3a36cd591ab246c64SHA-256: 3e622c7f365647c8e765a5fafa43f0d018f5fdfb738eadaa33ada103f3c36b79 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 80b3e8839d006edd2c6c9a869e3defa4SHA-256: c64e1acfc669b74dc450603c04bfec50ad624632f0d9d6dfb95b45723e4c6cb6 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 52ce2e0d69df5cecf6715552c9705c44SHA-256: f4c025ce84fd5d55f385de25775cc66999a75c5c8f1f8d886e80bd1e4a391845 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 843114e9509c450dea97fb0e62d5e6cfSHA-256: f5056591ec127fc0f1263b193cdefd88e7d84e9a69258b3fa36a98ff454e46cb   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm     MD5: 41d0d17080a35fc8dd695acd0353517fSHA-256: f6cc610e3a388527667d6b38fd05c595816692b68391df374de0cd0527ed19e6   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: b770890f63756adca744c93b10b74024SHA-256: 9e6192d96c036365fa9a36ad252e1ed5e032d9eadff11b682b3c528d2cc154df java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: d590c54a7c4bd068fc1672421cfbf834SHA-256: ace6e2bfdd386a9d802e422a09f044858c2bc93d5697e2570c93ffda0636300c java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 9fae0a467a584fac72e7a8cd1f035ce7SHA-256: 98776ca2310a1bcafed2d34f60130506b98674329da2d79753e6ee76a97af8c9 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 214a2471cde0280d894fc9230401da97SHA-256: 9c0cc086ed1b8f666e5dbdc44a7f2bc6cbecc95d8ba5a0f7728da8234a6f1f85 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 56bcd6516ea415a12414b86e0d641d35SHA-256: e243ee580e782f06ba761f42d3a786d211893d49f204d90262abfbf31fbc52c0 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 7839c88b5e7c11241adedae9ab0b7010SHA-256: 68ec16118724f19526903cde0140c58247dc955412e42fc6d9ace4af7b93df10   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm     MD5: 977f0de972ef6cee2fc31033498f1809SHA-256: e0ad4861f4323a0f0b60f171289daf79b27e64328d2a82b976d5393fce777a3a   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: f8bc12b78d49b68ec53755c3cdb5b25eSHA-256: 941663708bc285be58825e24584b4643907e3f52046016a3192a673ab2c949e9 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 8667d7a3b8cdd8d129904c16daf1a223SHA-256: acda3dbc68c3a5130bbd101b354f65ca4963a3e30e15fbe3cdbbf6213011cfd4 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: eb3118360b8d1fd3a36cd591ab246c64SHA-256: 3e622c7f365647c8e765a5fafa43f0d018f5fdfb738eadaa33ada103f3c36b79 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 80b3e8839d006edd2c6c9a869e3defa4SHA-256: c64e1acfc669b74dc450603c04bfec50ad624632f0d9d6dfb95b45723e4c6cb6 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 52ce2e0d69df5cecf6715552c9705c44SHA-256: f4c025ce84fd5d55f385de25775cc66999a75c5c8f1f8d886e80bd1e4a391845 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 843114e9509c450dea97fb0e62d5e6cfSHA-256: f5056591ec127fc0f1263b193cdefd88e7d84e9a69258b3fa36a98ff454e46cb   Red Hat Enterprise Linux Server (v. 6) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm     MD5: 41d0d17080a35fc8dd695acd0353517fSHA-256: f6cc610e3a388527667d6b38fd05c595816692b68391df374de0cd0527ed19e6   IA-32: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 148dd92c388bc30f7f4146d3fffdc762SHA-256: d0ded59db734b4b812259b239a5b420807910d361ef66f7921a1a54db6630bca java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: df4a83794169233a6985ab83fc1c658bSHA-256: a0ba65917c1f5027126a30a9e25e353d277af721e48fd5cd6da1f2e95ed71706 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 3828a1f1590c0a42bb697099f0c50deaSHA-256: a584b6fbb85f207f13d4fcad972ad4e6c2ff157a3ad6afdb28f0de050c2430de java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 13aec09a400c8c607481fec57b2101c1SHA-256: afd56586bc7f554cb48e033fb652d497872ff68d3fd8e855047e67637adc01e5 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 7860ca55e896ad5797627594fb832675SHA-256: 4bfab57b30a007033ff0aeb466a3612db0e86e345d833b412ceadba30dc8a959 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: ac9a1e126b68e35fabda0def19971d6cSHA-256: 78a29079ddecff31f675062cf725b72dc1770754bd0f48221d0d2c5204bc67d0   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: b770890f63756adca744c93b10b74024SHA-256: 9e6192d96c036365fa9a36ad252e1ed5e032d9eadff11b682b3c528d2cc154df java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: d590c54a7c4bd068fc1672421cfbf834SHA-256: ace6e2bfdd386a9d802e422a09f044858c2bc93d5697e2570c93ffda0636300c java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 9fae0a467a584fac72e7a8cd1f035ce7SHA-256: 98776ca2310a1bcafed2d34f60130506b98674329da2d79753e6ee76a97af8c9 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 214a2471cde0280d894fc9230401da97SHA-256: 9c0cc086ed1b8f666e5dbdc44a7f2bc6cbecc95d8ba5a0f7728da8234a6f1f85 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 56bcd6516ea415a12414b86e0d641d35SHA-256: e243ee580e782f06ba761f42d3a786d211893d49f204d90262abfbf31fbc52c0 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 7839c88b5e7c11241adedae9ab0b7010SHA-256: 68ec16118724f19526903cde0140c58247dc955412e42fc6d9ace4af7b93df10   Red Hat Enterprise Linux Server (v. 7) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm     MD5: 977f0de972ef6cee2fc31033498f1809SHA-256: e0ad4861f4323a0f0b60f171289daf79b27e64328d2a82b976d5393fce777a3a   PPC: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm     MD5: c35195d0593a2e591ccb1572fdd940e4SHA-256: 845e7dcc75de51c4d1d030ae747e77d36273fb3ef97f337e2118c4be09d08be8 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm     MD5: a982de974e960c74552a60863ffb4360SHA-256: b5ea1aca60a978c250494ae551c1d956b0243d13eeefff21c7bf12962bc7998c java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm     MD5: beaee6c6c11d2a20e62cbdddf92d88c7SHA-256: 8e4a49042487d001f28b94ab59c1e7c25c3f477afccd58d8a17951e491d86da1 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm     MD5: 396b1cfc3c5b17e321552a5abe9a54e4SHA-256: 9ac6c9481d76c7c5bbf1ab2cfb72e78ddadec244a2bdf689cf8f0a00bb36c108 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm     MD5: 4936c495c76541dc0057b4799150be88SHA-256: 923a517df2b9b0b78e4262945bdce5d3400cecae8e2aef1dc2ffce03503c2d0f java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.ppc64.rpm     MD5: e3fb0108bdfffa48e0725519787ad174SHA-256: 5e9c8d924dd37c0e86b3e4186d47aaa9dd7a2d7e0ee7a706cd3531f7f92cae2b   s390x: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.s390x.rpm     MD5: daca04d82b9840499a56dad46101abf9SHA-256: 6c3a75fc57cdcacb9167c64d47ff40af9e7bc6a07bf105ceeb3ec28466868bfc java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm     MD5: 0a13558f4cc5f44fc1038125343ca238SHA-256: 6b74bda56b96bffe3c321e1a251acd08d7277ca13446e9a8444d4fc1cc02479f java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.s390x.rpm     MD5: c7f58384a64bcd256979b53881003cf2SHA-256: 90af02f0fa8fb98da2b39980117618db8fe57b0eac3d125396c33ca60ece9956 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.s390x.rpm     MD5: c3048e901c961709159a6a62ad9b955fSHA-256: 1085cc26bab49a0b7a8fe310b5bd20ba056ca11eb53ee90d9fa8c8ddb6499df7 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.s390x.rpm     MD5: ededde72778d03d235767f7440f2efceSHA-256: 28414652ae5f469b4c2b458de06eae090fc7d723860cd0adf180ce89e2c0b68c java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.s390x.rpm     MD5: 6ecf08322d052f58f463442af821b6b9SHA-256: 8184a37e3c824468ca19a551f1b1e68000041adfbe14631de6744d21507bfbd9   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: f8bc12b78d49b68ec53755c3cdb5b25eSHA-256: 941663708bc285be58825e24584b4643907e3f52046016a3192a673ab2c949e9 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 8667d7a3b8cdd8d129904c16daf1a223SHA-256: acda3dbc68c3a5130bbd101b354f65ca4963a3e30e15fbe3cdbbf6213011cfd4 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: eb3118360b8d1fd3a36cd591ab246c64SHA-256: 3e622c7f365647c8e765a5fafa43f0d018f5fdfb738eadaa33ada103f3c36b79 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 80b3e8839d006edd2c6c9a869e3defa4SHA-256: c64e1acfc669b74dc450603c04bfec50ad624632f0d9d6dfb95b45723e4c6cb6 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 52ce2e0d69df5cecf6715552c9705c44SHA-256: f4c025ce84fd5d55f385de25775cc66999a75c5c8f1f8d886e80bd1e4a391845 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 843114e9509c450dea97fb0e62d5e6cfSHA-256: f5056591ec127fc0f1263b193cdefd88e7d84e9a69258b3fa36a98ff454e46cb   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm     MD5: 977f0de972ef6cee2fc31033498f1809SHA-256: e0ad4861f4323a0f0b60f171289daf79b27e64328d2a82b976d5393fce777a3a   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: f8bc12b78d49b68ec53755c3cdb5b25eSHA-256: 941663708bc285be58825e24584b4643907e3f52046016a3192a673ab2c949e9 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 8667d7a3b8cdd8d129904c16daf1a223SHA-256: acda3dbc68c3a5130bbd101b354f65ca4963a3e30e15fbe3cdbbf6213011cfd4 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: eb3118360b8d1fd3a36cd591ab246c64SHA-256: 3e622c7f365647c8e765a5fafa43f0d018f5fdfb738eadaa33ada103f3c36b79 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 80b3e8839d006edd2c6c9a869e3defa4SHA-256: c64e1acfc669b74dc450603c04bfec50ad624632f0d9d6dfb95b45723e4c6cb6 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 52ce2e0d69df5cecf6715552c9705c44SHA-256: f4c025ce84fd5d55f385de25775cc66999a75c5c8f1f8d886e80bd1e4a391845 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 843114e9509c450dea97fb0e62d5e6cfSHA-256: f5056591ec127fc0f1263b193cdefd88e7d84e9a69258b3fa36a98ff454e46cb   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.src.rpm     MD5: 41d0d17080a35fc8dd695acd0353517fSHA-256: f6cc610e3a388527667d6b38fd05c595816692b68391df374de0cd0527ed19e6   IA-32: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 148dd92c388bc30f7f4146d3fffdc762SHA-256: d0ded59db734b4b812259b239a5b420807910d361ef66f7921a1a54db6630bca java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: df4a83794169233a6985ab83fc1c658bSHA-256: a0ba65917c1f5027126a30a9e25e353d277af721e48fd5cd6da1f2e95ed71706 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 3828a1f1590c0a42bb697099f0c50deaSHA-256: a584b6fbb85f207f13d4fcad972ad4e6c2ff157a3ad6afdb28f0de050c2430de java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 13aec09a400c8c607481fec57b2101c1SHA-256: afd56586bc7f554cb48e033fb652d497872ff68d3fd8e855047e67637adc01e5 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: 7860ca55e896ad5797627594fb832675SHA-256: 4bfab57b30a007033ff0aeb466a3612db0e86e345d833b412ceadba30dc8a959 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.i686.rpm     MD5: ac9a1e126b68e35fabda0def19971d6cSHA-256: 78a29079ddecff31f675062cf725b72dc1770754bd0f48221d0d2c5204bc67d0   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: b770890f63756adca744c93b10b74024SHA-256: 9e6192d96c036365fa9a36ad252e1ed5e032d9eadff11b682b3c528d2cc154df java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: d590c54a7c4bd068fc1672421cfbf834SHA-256: ace6e2bfdd386a9d802e422a09f044858c2bc93d5697e2570c93ffda0636300c java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 9fae0a467a584fac72e7a8cd1f035ce7SHA-256: 98776ca2310a1bcafed2d34f60130506b98674329da2d79753e6ee76a97af8c9 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 214a2471cde0280d894fc9230401da97SHA-256: 9c0cc086ed1b8f666e5dbdc44a7f2bc6cbecc95d8ba5a0f7728da8234a6f1f85 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 56bcd6516ea415a12414b86e0d641d35SHA-256: e243ee580e782f06ba761f42d3a786d211893d49f204d90262abfbf31fbc52c0 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el6_8.x86_64.rpm     MD5: 7839c88b5e7c11241adedae9ab0b7010SHA-256: 68ec16118724f19526903cde0140c58247dc955412e42fc6d9ace4af7b93df10   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.src.rpm     MD5: 977f0de972ef6cee2fc31033498f1809SHA-256: e0ad4861f4323a0f0b60f171289daf79b27e64328d2a82b976d5393fce777a3a   x86_64: java-1.6.0-openjdk-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: f8bc12b78d49b68ec53755c3cdb5b25eSHA-256: 941663708bc285be58825e24584b4643907e3f52046016a3192a673ab2c949e9 java-1.6.0-openjdk-debuginfo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 8667d7a3b8cdd8d129904c16daf1a223SHA-256: acda3dbc68c3a5130bbd101b354f65ca4963a3e30e15fbe3cdbbf6213011cfd4 java-1.6.0-openjdk-demo-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: eb3118360b8d1fd3a36cd591ab246c64SHA-256: 3e622c7f365647c8e765a5fafa43f0d018f5fdfb738eadaa33ada103f3c36b79 java-1.6.0-openjdk-devel-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 80b3e8839d006edd2c6c9a869e3defa4SHA-256: c64e1acfc669b74dc450603c04bfec50ad624632f0d9d6dfb95b45723e4c6cb6 java-1.6.0-openjdk-javadoc-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 52ce2e0d69df5cecf6715552c9705c44SHA-256: f4c025ce84fd5d55f385de25775cc66999a75c5c8f1f8d886e80bd1e4a391845 java-1.6.0-openjdk-src-1.6.0.41-1.13.13.1.el7_3.x86_64.rpm     MD5: 843114e9509c450dea97fb0e62d5e6cfSHA-256: f5056591ec127fc0f1263b193cdefd88e7d84e9a69258b3fa36a98ff454e46cb   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

RHSA-2016:2658-1: Important: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environmentand the OpenJDK 7 Java Software Development Kit.Security Fix(es):* It was discovered that the Hotspot component of OpenJDK did not properly checkarguments of the System.arraycopy() function in certain cases.

An untrusted Javaapplication or applet could use this flaw to corrupt virtual machine's memoryand completely bypass Java sandbox restrictions. (CVE-2016-5582)* It was discovered that the Hotspot component of OpenJDK did not properly checkreceived Java Debug Wire Protocol (JDWP) packets.

An attacker could possibly usethis flaw to send debugging commands to a Java program running with debuggingenabled if they could make victim's browser send HTTP requests to the JDWP portof the debugged application. (CVE-2016-5573)* It was discovered that the Libraries component of OpenJDK did not restrict theset of algorithms used for Jar integrity verification.

This flaw could allow anattacker to modify content of the Jar file that used weak signing key or hashalgorithm. (CVE-2016-5542)Note: After this update, MD2 hash algorithm and RSA keys with less than 1024bits are no longer allowed to be used for Jar integrity verification by default.MD5 hash algorithm is expected to be disabled by default in the future updates.A newly introduced security property jdk.jar.disabledAlgorithms can be used tocontrol the set of disabled algorithms.* A flaw was found in the way the JMX component of OpenJDK handled classloaders.An untrusted Java application or applet could use this flaw to bypass certainJava sandbox restrictions. (CVE-2016-5554)* A flaw was found in the way the Networking component of OpenJDK handled HTTPproxy authentication.

A Java application could possibly expose HTTPS serverauthentication credentials via a plain text network connection to an HTTP proxyif proxy asked for authentication. (CVE-2016-5597)Note: After this update, Basic HTTP proxy authentication can no longer be usedwhen tunneling HTTPS connection through an HTTP proxy. Newly introduced systemproperties jdk.http.auth.proxying.disabledSchemes andjdk.http.auth.tunneling.disabledSchemes can be used to control whichauthentication schemes can be requested by an HTTP proxy when proxying HTTP andHTTPS connections respectively. Red Hat Enterprise Linux (v. 5 server) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11.src.rpm     MD5: 5e1108a3f737fdbfbec5021d596985c8SHA-256: 154073e34307bf8792a1bc672647c608cd90bc8dce034c588f775e4ac6e26dc2   IA-32: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 4048df5f4ced459f03f9d037d71b68f3SHA-256: 0b82c7278d70e0f6cbbee298b2a3733f2e2b7738ef48e63c28bbf56c71916f18 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 8dbe2886e20dd62033c3375e476c25caSHA-256: f820b53c4e56e67909b951ce296db5bba2e32c8a8bacc0fe380d5bf4b3ab50d1 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 4a95f693b1f9f532dbf5bbecb16224efSHA-256: a7f52a7d19ac88b5af348fe6cc6793a5d94938661aebd234a3ea3a142998dd19 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 3837e674a491325cb52d871c279795d8SHA-256: 2dd2737d4cb665b3d841144d37d3cac6a476a7e300e5cf4272634597e989001a java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 0ac7b318f5b9fe0a522e473be999fa60SHA-256: f19b0682e0584c3e38829739ca7841d97ec01d3728aad057440bb11426e8f591 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: dc708169e2f0504219eaa66ea4c6a7d9SHA-256: 691588665d6a5a6db769a9df0f7e6fc25fd268343f18a869fe5ea3191fead3a0   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: 6ac323703461c146b778d183929f539bSHA-256: f678395669cf61867ef8d70c2511a3f1842d4828df909626953ee5521e6006bc java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: e0b686942890681f3bd856963fdb858cSHA-256: 82ba9c423386684859b69ea71fb7a7e31f39f8152b24e1642360a8b2cca6aaf4 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: 54d439db6309642b7a864a89a16af08eSHA-256: 84db6315f36243fb89c51fdfd7280f24c54cbc1b1c3e12b1b6a65349bfa93450 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: 59a8cc5b55ee3c4ed1e2bd41469cc335SHA-256: c9511d678f343d4378745a08165fd7a47962a0b45790220402cc58d80791d731 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: b4f84c926902d7edbd7b163a240d7d3eSHA-256: c955ba72d015de84c2155c12945fc92378ee11254325b144b248eb60554cc4b3 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: c2b6ce74b572c4929252b2bf5a519055SHA-256: 59b274169f56dcb220a32b36cf3d74a793b568ef5ec61569453b45d85f997e5a   Red Hat Enterprise Linux Desktop (v. 5 client) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11.src.rpm     MD5: 5e1108a3f737fdbfbec5021d596985c8SHA-256: 154073e34307bf8792a1bc672647c608cd90bc8dce034c588f775e4ac6e26dc2   IA-32: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 4048df5f4ced459f03f9d037d71b68f3SHA-256: 0b82c7278d70e0f6cbbee298b2a3733f2e2b7738ef48e63c28bbf56c71916f18 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 8dbe2886e20dd62033c3375e476c25caSHA-256: f820b53c4e56e67909b951ce296db5bba2e32c8a8bacc0fe380d5bf4b3ab50d1 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 4a95f693b1f9f532dbf5bbecb16224efSHA-256: a7f52a7d19ac88b5af348fe6cc6793a5d94938661aebd234a3ea3a142998dd19 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 3837e674a491325cb52d871c279795d8SHA-256: 2dd2737d4cb665b3d841144d37d3cac6a476a7e300e5cf4272634597e989001a java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: 0ac7b318f5b9fe0a522e473be999fa60SHA-256: f19b0682e0584c3e38829739ca7841d97ec01d3728aad057440bb11426e8f591 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el5_11.i386.rpm     MD5: dc708169e2f0504219eaa66ea4c6a7d9SHA-256: 691588665d6a5a6db769a9df0f7e6fc25fd268343f18a869fe5ea3191fead3a0   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: 6ac323703461c146b778d183929f539bSHA-256: f678395669cf61867ef8d70c2511a3f1842d4828df909626953ee5521e6006bc java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: e0b686942890681f3bd856963fdb858cSHA-256: 82ba9c423386684859b69ea71fb7a7e31f39f8152b24e1642360a8b2cca6aaf4 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: 54d439db6309642b7a864a89a16af08eSHA-256: 84db6315f36243fb89c51fdfd7280f24c54cbc1b1c3e12b1b6a65349bfa93450 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: 59a8cc5b55ee3c4ed1e2bd41469cc335SHA-256: c9511d678f343d4378745a08165fd7a47962a0b45790220402cc58d80791d731 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: b4f84c926902d7edbd7b163a240d7d3eSHA-256: c955ba72d015de84c2155c12945fc92378ee11254325b144b248eb60554cc4b3 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el5_11.x86_64.rpm     MD5: c2b6ce74b572c4929252b2bf5a519055SHA-256: 59b274169f56dcb220a32b36cf3d74a793b568ef5ec61569453b45d85f997e5a   Red Hat Enterprise Linux Desktop (v. 6) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.src.rpm     MD5: d0fdbfd48fbf121596b6ef6a22ae9400SHA-256: 5f6d47f282025217fdda9bafa7f84bdac6cfb4ec8be55060dc145ba463850566   IA-32: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: d58d79c046ede24636ab309df6df8ec4SHA-256: 74620c6a2d87b8491c84566679e110bf0e5c69ea24a502ccf4db315d2e1add9f java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: 6c6af9aa5877e3ce922de5c279b0b8c4SHA-256: 708dded09de8923d01380cda21d49cc0fbccb7bdfa918337a1686179e43df562 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: bd1be4307c70d981409584b04ab54adaSHA-256: 5d5b0be07677a59ca0ea0eb04607d67a7b103deba1f33d8c6b816e3383baaff2 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: e13c85a1c48c5ada10858d2d456aac5eSHA-256: 4cb449d2b8e3e2398b9ed26a6162d9f5a60ab182a675aae4f596f0f91b5a6c7c java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el6_8.noarch.rpm     MD5: 7ba635224ff44d380c8c14d7c10ed1c2SHA-256: b439d86f48a29b564f12d74bb37c43a61252d54707b0359f1a5963a0ec47ee70 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: ac98dd553f94db98d03b554979e862c3SHA-256: 1ae19c58d5ab37e0811cff91046428dc123d244ce84a69a51d1b44317f71d952   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 694f7bd0503e44f34f0bce6bd7198f78SHA-256: c250ef96deff445120f9c22fcae38bb0db523a97c497eba342292bee40e12397 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 2281af1a401449e1d75945ebc89ca956SHA-256: da111fc164feaacd41757c5ebaeed2e1ff074c06746f0f1018d2d4eafff781d6 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: c24e6d69bc037ce64a9e531a4c2848aeSHA-256: 4b4b5cb015c9e4500ec51e8cdfd640afee44e630ed033f376639647e107ff660 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 0ea4af218a1817ca920617a8aa9ed9d3SHA-256: 599b6234281fb58c1fcd6c06f9ec0410387bbe06d2d23d5fc35e389b066a2615 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el6_8.noarch.rpm     MD5: 7ba635224ff44d380c8c14d7c10ed1c2SHA-256: b439d86f48a29b564f12d74bb37c43a61252d54707b0359f1a5963a0ec47ee70 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 41e994dd3409d753cad6b876357e7433SHA-256: cf8c709a96b1197ef8c0c93f16e9ee11ae431fc8e7cb8203094256c3cb2588ff   Red Hat Enterprise Linux Desktop (v. 7) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.src.rpm     MD5: 7736ff7259e7da6f81bdccbe49cdcf0fSHA-256: b475f8306b260436450097c6f8b6a6511527ac6e3e9f5bc4c9a9dcbf89991e04   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: f10e02124f8226950317c2cea13621ceSHA-256: ca90a1f1694843777e16c9d540eab63061b95f3aca080ffedda7e4b51b6bd760 java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 431292bd8d1632d3162657852b637450SHA-256: 464a8c9a70c208335cc40abdb37562f5e0ab590d04a487176d574064b483260a java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 9db43c9923a49970c506d3ddaf3a2ebdSHA-256: 0fd57dd1e08fbf374acc455dc73eebd9c5d6cdb6cb094caba5e2636e932b3358 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 78dcde4c97d65feec57137871a0f34c2SHA-256: 3c8dc12d68406fa012e5c3b65f06784b9a4a7411048149421d6093f6162aedbe java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 75c60c9aaba5d8d3489c43dbab52558cSHA-256: cae2f47ad8e3f9c6fa7be68931b2d81bfe8190b4dbc99c020258acb0da7231bd java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 2274dbb2721c5ab836d2be6f09abc28bSHA-256: 17da10c8913ee9bedbcc230e852f150eb1069120bfa82d4e730a06e1a1f235b4 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: d9e5610983e2f7beba9c4ad279ce7bb0SHA-256: 80c3107f9ceb64a2666b9c61da3c65ae954a6f3ecbeeb1ba3498ae95ed9f19e6   Red Hat Enterprise Linux HPC Node (v. 6) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.src.rpm     MD5: d0fdbfd48fbf121596b6ef6a22ae9400SHA-256: 5f6d47f282025217fdda9bafa7f84bdac6cfb4ec8be55060dc145ba463850566   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 694f7bd0503e44f34f0bce6bd7198f78SHA-256: c250ef96deff445120f9c22fcae38bb0db523a97c497eba342292bee40e12397 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 2281af1a401449e1d75945ebc89ca956SHA-256: da111fc164feaacd41757c5ebaeed2e1ff074c06746f0f1018d2d4eafff781d6 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: c24e6d69bc037ce64a9e531a4c2848aeSHA-256: 4b4b5cb015c9e4500ec51e8cdfd640afee44e630ed033f376639647e107ff660 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 0ea4af218a1817ca920617a8aa9ed9d3SHA-256: 599b6234281fb58c1fcd6c06f9ec0410387bbe06d2d23d5fc35e389b066a2615 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el6_8.noarch.rpm     MD5: 7ba635224ff44d380c8c14d7c10ed1c2SHA-256: b439d86f48a29b564f12d74bb37c43a61252d54707b0359f1a5963a0ec47ee70 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 41e994dd3409d753cad6b876357e7433SHA-256: cf8c709a96b1197ef8c0c93f16e9ee11ae431fc8e7cb8203094256c3cb2588ff   Red Hat Enterprise Linux HPC Node (v. 7) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.src.rpm     MD5: 7736ff7259e7da6f81bdccbe49cdcf0fSHA-256: b475f8306b260436450097c6f8b6a6511527ac6e3e9f5bc4c9a9dcbf89991e04   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: f10e02124f8226950317c2cea13621ceSHA-256: ca90a1f1694843777e16c9d540eab63061b95f3aca080ffedda7e4b51b6bd760 java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 431292bd8d1632d3162657852b637450SHA-256: 464a8c9a70c208335cc40abdb37562f5e0ab590d04a487176d574064b483260a java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 9db43c9923a49970c506d3ddaf3a2ebdSHA-256: 0fd57dd1e08fbf374acc455dc73eebd9c5d6cdb6cb094caba5e2636e932b3358 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 78dcde4c97d65feec57137871a0f34c2SHA-256: 3c8dc12d68406fa012e5c3b65f06784b9a4a7411048149421d6093f6162aedbe java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 75c60c9aaba5d8d3489c43dbab52558cSHA-256: cae2f47ad8e3f9c6fa7be68931b2d81bfe8190b4dbc99c020258acb0da7231bd java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 2274dbb2721c5ab836d2be6f09abc28bSHA-256: 17da10c8913ee9bedbcc230e852f150eb1069120bfa82d4e730a06e1a1f235b4 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: d9e5610983e2f7beba9c4ad279ce7bb0SHA-256: 80c3107f9ceb64a2666b9c61da3c65ae954a6f3ecbeeb1ba3498ae95ed9f19e6   Red Hat Enterprise Linux Server (v. 6) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.src.rpm     MD5: d0fdbfd48fbf121596b6ef6a22ae9400SHA-256: 5f6d47f282025217fdda9bafa7f84bdac6cfb4ec8be55060dc145ba463850566   IA-32: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: d58d79c046ede24636ab309df6df8ec4SHA-256: 74620c6a2d87b8491c84566679e110bf0e5c69ea24a502ccf4db315d2e1add9f java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: 6c6af9aa5877e3ce922de5c279b0b8c4SHA-256: 708dded09de8923d01380cda21d49cc0fbccb7bdfa918337a1686179e43df562 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: bd1be4307c70d981409584b04ab54adaSHA-256: 5d5b0be07677a59ca0ea0eb04607d67a7b103deba1f33d8c6b816e3383baaff2 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: e13c85a1c48c5ada10858d2d456aac5eSHA-256: 4cb449d2b8e3e2398b9ed26a6162d9f5a60ab182a675aae4f596f0f91b5a6c7c java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el6_8.noarch.rpm     MD5: 7ba635224ff44d380c8c14d7c10ed1c2SHA-256: b439d86f48a29b564f12d74bb37c43a61252d54707b0359f1a5963a0ec47ee70 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: ac98dd553f94db98d03b554979e862c3SHA-256: 1ae19c58d5ab37e0811cff91046428dc123d244ce84a69a51d1b44317f71d952   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 694f7bd0503e44f34f0bce6bd7198f78SHA-256: c250ef96deff445120f9c22fcae38bb0db523a97c497eba342292bee40e12397 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 2281af1a401449e1d75945ebc89ca956SHA-256: da111fc164feaacd41757c5ebaeed2e1ff074c06746f0f1018d2d4eafff781d6 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: c24e6d69bc037ce64a9e531a4c2848aeSHA-256: 4b4b5cb015c9e4500ec51e8cdfd640afee44e630ed033f376639647e107ff660 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 0ea4af218a1817ca920617a8aa9ed9d3SHA-256: 599b6234281fb58c1fcd6c06f9ec0410387bbe06d2d23d5fc35e389b066a2615 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el6_8.noarch.rpm     MD5: 7ba635224ff44d380c8c14d7c10ed1c2SHA-256: b439d86f48a29b564f12d74bb37c43a61252d54707b0359f1a5963a0ec47ee70 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 41e994dd3409d753cad6b876357e7433SHA-256: cf8c709a96b1197ef8c0c93f16e9ee11ae431fc8e7cb8203094256c3cb2588ff   Red Hat Enterprise Linux Server (v. 7) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.src.rpm     MD5: 7736ff7259e7da6f81bdccbe49cdcf0fSHA-256: b475f8306b260436450097c6f8b6a6511527ac6e3e9f5bc4c9a9dcbf89991e04   PPC: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.ppc64.rpm     MD5: d86a637c3da1ba42c62d3c9e0f15117cSHA-256: 70c436fbce1dca62e89e8be60717918386b15eb9247c2d6070b6c89e2e617388 java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.ppc64.rpm     MD5: 352420ef0ba214c358cf63e032104668SHA-256: 035e28eb288e6aff5cd9de5e0d896267673915df3e8c2280e084f38517588566 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.ppc64.rpm     MD5: cb9b9f8ba9d7f3373959f00907abcdf1SHA-256: 918748ecdb4ea261401a5fbf4bc0d3b4eecf2bc108aeda389d31e09652dc91b5 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.ppc64.rpm     MD5: 2059ff8b8ad462870b32e13459cf111cSHA-256: cf982327d07e88a5d4abfc530d08824966c2392f0cebaa2dde6eae47bc7540b2 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.ppc64.rpm     MD5: 0cf15e95bbab57d363a2582fde0c14e6SHA-256: 6c54cc99ee7edb930a65309d2cd9b8480072f50a788d3cf62373f061d0f3c140 java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.ppc64.rpm     MD5: 3bdc8d714dc22d8b095fd08a885489edSHA-256: f4fbb528aa86ac0f6f02c3123c9a3b049894616a29b3bd0312c50fb32b963da5 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.ppc64.rpm     MD5: 05f297229b39caffc9a55d180ef0039fSHA-256: 9331ebbb0c484e56dae890470a61bc3d0da7ce5d061775fd78c6bb3bea1e136c   PPC64LE: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.ppc64le.rpm     MD5: 7b260f4dac8c3a5713591f6b4ee386afSHA-256: d368e17a7dea53e7a21f4c720902829336505a74a957f6ff1236bd45b0dab0fd java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.ppc64le.rpm     MD5: 4bd1c8d3b45654eb571eeb881b9708faSHA-256: 634dae2c24ea848f723e59ebb16eea84b416362f5f236e7f0b13c4413817e798 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.ppc64le.rpm     MD5: 5695b25154e85b2e3af2b96ab38ac177SHA-256: a704b59153d3f4c0f6d7cddccac74ae5c36dd747c54997793480d4a0a6f3951f java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.ppc64le.rpm     MD5: 6a1d338755015e1dde7661735b7d343eSHA-256: b2da8895336199328434b404a642f4009023feebfd55d06f2fe3f66e19d951a7 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.ppc64le.rpm     MD5: f3f562519c473e180a74f05fd2d46b47SHA-256: b1aca2779fe093cbbd5df5186cfeb630861c00bda9ee75515100d556ef19ec43 java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.ppc64le.rpm     MD5: 1ad8fd33a63452537068464fc50d613aSHA-256: bf03fa586676332181053904e9cc3da86a49c72152cf0cdcfe7932a8c3aa61e1 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.ppc64le.rpm     MD5: 49c37645d7aafbfd8239f9efc2b82aa5SHA-256: 86bd23b3102dd44ac2f37c7e6e1c41748b855a913fdaace96c0f338cff591f3c   s390x: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.s390x.rpm     MD5: 8180fe7e01e58f3c8d2515b3d9d981a3SHA-256: 09e3a59591fd31bd51f3007ae76830eadb88fbba045dd7631381f536b8492410 java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.s390x.rpm     MD5: 3b7f73a415e373c42b433e4811882d74SHA-256: ab596d029932586bd9aec93ab8dbb323146e99ca68188fbe69a1b27235f63755 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.s390x.rpm     MD5: 0d99bb0e65e04fde28cf77f83c0ccc55SHA-256: 78af91778f3236f42205204566b3edd7d2292a647dfcdd2036877b4cc005ddc5 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.s390x.rpm     MD5: 631c042d0c83caf3af7859f6d0c4d7b9SHA-256: 521da50f9f5524f085f08457645d6f3556b7a60faec7846b40d220b8bdcbcbef java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.s390x.rpm     MD5: fdbf44bf111beeda184334110b165eacSHA-256: 0c8f7ff2ecae945a687f9a39c74e70f66d8de12ff664f9c55967b02dc44dcd20 java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.s390x.rpm     MD5: 53ca002734c85ed200670084045bb20cSHA-256: 722aa6d08532efda10134b6e22af8206ebd8ebbc7a834735d4194d6631905a11 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.s390x.rpm     MD5: 1b82fc9672aed5c5d56bb93fd894ac67SHA-256: c969172a5f45436fb8b7a72d19829c7104f66fabda2f28555b773dbfcffc2c5b   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: f10e02124f8226950317c2cea13621ceSHA-256: ca90a1f1694843777e16c9d540eab63061b95f3aca080ffedda7e4b51b6bd760 java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 431292bd8d1632d3162657852b637450SHA-256: 464a8c9a70c208335cc40abdb37562f5e0ab590d04a487176d574064b483260a java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 9db43c9923a49970c506d3ddaf3a2ebdSHA-256: 0fd57dd1e08fbf374acc455dc73eebd9c5d6cdb6cb094caba5e2636e932b3358 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 78dcde4c97d65feec57137871a0f34c2SHA-256: 3c8dc12d68406fa012e5c3b65f06784b9a4a7411048149421d6093f6162aedbe java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 75c60c9aaba5d8d3489c43dbab52558cSHA-256: cae2f47ad8e3f9c6fa7be68931b2d81bfe8190b4dbc99c020258acb0da7231bd java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 2274dbb2721c5ab836d2be6f09abc28bSHA-256: 17da10c8913ee9bedbcc230e852f150eb1069120bfa82d4e730a06e1a1f235b4 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: d9e5610983e2f7beba9c4ad279ce7bb0SHA-256: 80c3107f9ceb64a2666b9c61da3c65ae954a6f3ecbeeb1ba3498ae95ed9f19e6   Red Hat Enterprise Linux Server TUS (v. 7.3) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.src.rpm     MD5: 7736ff7259e7da6f81bdccbe49cdcf0fSHA-256: b475f8306b260436450097c6f8b6a6511527ac6e3e9f5bc4c9a9dcbf89991e04   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: f10e02124f8226950317c2cea13621ceSHA-256: ca90a1f1694843777e16c9d540eab63061b95f3aca080ffedda7e4b51b6bd760 java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 431292bd8d1632d3162657852b637450SHA-256: 464a8c9a70c208335cc40abdb37562f5e0ab590d04a487176d574064b483260a java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 9db43c9923a49970c506d3ddaf3a2ebdSHA-256: 0fd57dd1e08fbf374acc455dc73eebd9c5d6cdb6cb094caba5e2636e932b3358 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 78dcde4c97d65feec57137871a0f34c2SHA-256: 3c8dc12d68406fa012e5c3b65f06784b9a4a7411048149421d6093f6162aedbe java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 75c60c9aaba5d8d3489c43dbab52558cSHA-256: cae2f47ad8e3f9c6fa7be68931b2d81bfe8190b4dbc99c020258acb0da7231bd java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 2274dbb2721c5ab836d2be6f09abc28bSHA-256: 17da10c8913ee9bedbcc230e852f150eb1069120bfa82d4e730a06e1a1f235b4 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: d9e5610983e2f7beba9c4ad279ce7bb0SHA-256: 80c3107f9ceb64a2666b9c61da3c65ae954a6f3ecbeeb1ba3498ae95ed9f19e6   Red Hat Enterprise Linux Workstation (v. 6) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.src.rpm     MD5: d0fdbfd48fbf121596b6ef6a22ae9400SHA-256: 5f6d47f282025217fdda9bafa7f84bdac6cfb4ec8be55060dc145ba463850566   IA-32: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: d58d79c046ede24636ab309df6df8ec4SHA-256: 74620c6a2d87b8491c84566679e110bf0e5c69ea24a502ccf4db315d2e1add9f java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: 6c6af9aa5877e3ce922de5c279b0b8c4SHA-256: 708dded09de8923d01380cda21d49cc0fbccb7bdfa918337a1686179e43df562 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: bd1be4307c70d981409584b04ab54adaSHA-256: 5d5b0be07677a59ca0ea0eb04607d67a7b103deba1f33d8c6b816e3383baaff2 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: e13c85a1c48c5ada10858d2d456aac5eSHA-256: 4cb449d2b8e3e2398b9ed26a6162d9f5a60ab182a675aae4f596f0f91b5a6c7c java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el6_8.noarch.rpm     MD5: 7ba635224ff44d380c8c14d7c10ed1c2SHA-256: b439d86f48a29b564f12d74bb37c43a61252d54707b0359f1a5963a0ec47ee70 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el6_8.i686.rpm     MD5: ac98dd553f94db98d03b554979e862c3SHA-256: 1ae19c58d5ab37e0811cff91046428dc123d244ce84a69a51d1b44317f71d952   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 694f7bd0503e44f34f0bce6bd7198f78SHA-256: c250ef96deff445120f9c22fcae38bb0db523a97c497eba342292bee40e12397 java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 2281af1a401449e1d75945ebc89ca956SHA-256: da111fc164feaacd41757c5ebaeed2e1ff074c06746f0f1018d2d4eafff781d6 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: c24e6d69bc037ce64a9e531a4c2848aeSHA-256: 4b4b5cb015c9e4500ec51e8cdfd640afee44e630ed033f376639647e107ff660 java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 0ea4af218a1817ca920617a8aa9ed9d3SHA-256: 599b6234281fb58c1fcd6c06f9ec0410387bbe06d2d23d5fc35e389b066a2615 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.1.el6_8.noarch.rpm     MD5: 7ba635224ff44d380c8c14d7c10ed1c2SHA-256: b439d86f48a29b564f12d74bb37c43a61252d54707b0359f1a5963a0ec47ee70 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.1.el6_8.x86_64.rpm     MD5: 41e994dd3409d753cad6b876357e7433SHA-256: cf8c709a96b1197ef8c0c93f16e9ee11ae431fc8e7cb8203094256c3cb2588ff   Red Hat Enterprise Linux Workstation (v. 7) SRPMS: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.src.rpm     MD5: 7736ff7259e7da6f81bdccbe49cdcf0fSHA-256: b475f8306b260436450097c6f8b6a6511527ac6e3e9f5bc4c9a9dcbf89991e04   x86_64: java-1.7.0-openjdk-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: f10e02124f8226950317c2cea13621ceSHA-256: ca90a1f1694843777e16c9d540eab63061b95f3aca080ffedda7e4b51b6bd760 java-1.7.0-openjdk-accessibility-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 431292bd8d1632d3162657852b637450SHA-256: 464a8c9a70c208335cc40abdb37562f5e0ab590d04a487176d574064b483260a java-1.7.0-openjdk-debuginfo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 9db43c9923a49970c506d3ddaf3a2ebdSHA-256: 0fd57dd1e08fbf374acc455dc73eebd9c5d6cdb6cb094caba5e2636e932b3358 java-1.7.0-openjdk-demo-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 78dcde4c97d65feec57137871a0f34c2SHA-256: 3c8dc12d68406fa012e5c3b65f06784b9a4a7411048149421d6093f6162aedbe java-1.7.0-openjdk-devel-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 75c60c9aaba5d8d3489c43dbab52558cSHA-256: cae2f47ad8e3f9c6fa7be68931b2d81bfe8190b4dbc99c020258acb0da7231bd java-1.7.0-openjdk-headless-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: 2274dbb2721c5ab836d2be6f09abc28bSHA-256: 17da10c8913ee9bedbcc230e852f150eb1069120bfa82d4e730a06e1a1f235b4 java-1.7.0-openjdk-javadoc-1.7.0.121-2.6.8.0.el7_3.noarch.rpm     MD5: fb0357196450bf2dd212c3b5844cbb8bSHA-256: 627236db6d1158a1775817331733e677b10b93358a669bcbfed3410595e8a199 java-1.7.0-openjdk-src-1.7.0.121-2.6.8.0.el7_3.x86_64.rpm     MD5: d9e5610983e2f7beba9c4ad279ce7bb0SHA-256: 80c3107f9ceb64a2666b9c61da3c65ae954a6f3ecbeeb1ba3498ae95ed9f19e6   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

RHBA-2016:2662-1: Satellite 5.7 bug fix update

Updated spacewalk-backend, spacewalk-java, spacewalk-utils, satellite-schema andspacewalk-schema packages that fix several bugs and add various enhancements arenow available for Red Hat Satellite 5.7. Red Hat Satellite is a systems management tool for Linux-based infrastructure.It allows for provisioning, remote management, and monitoring of multiple Linuxdeployments with a single centralized tool.This update fixes the following bugs:* Prior to this update, uploading a kickstart-profile generated by anaconda onRed Hat Enterprise Linux 6 resulted in a warning message, "This kickstartprofile uses a different type of encryption by default than the root password iscurrently using. You must reset the root password to encrypt it with the newmethod." Satellite now understands sha512-hashed passwords, and the warning nolonger appears. (BZ#1122422)* Prior to this update, the "Inactive Systems" page sorted 'Last Checked In'alphabetically instead of using time order.

This has been fixed and the sort nowbehaves correctly. (BZ#1124809)* Prior to this update, the performance characteristics ofspacewalk-clone-by-date on a Satellite using a PostgreSQL database graduallydeteriorated over time, before suddenly resetting back to more acceptablelevels.

This update adds several tuning-hints to the rhnChannelPackage tablethat allows the PostgreSQL query-analyzer to keep up with rapid changes to thattable, allowing the tool's performance to remain at a consistent acceptablelevel. (BZ#1297610)* Prior to this update, spacewalk-clone-by-date sometimes got stuck in arecursion dependency-checking loop until it failed.

This bug fixes the rootcause of the problem. (BZ#1331023)* Prior to this update, attempting to modify a kickstart URL using thekickstart.profile.setAdvancedOptions command would be ignored.

This has beenfixed. (BZ#1356173)* In a previous erratum, changes were introduced in an attempt to boost thetool's performance.

The performance gain was minor at best, and the changessometimes resulted in incomplete package-lists being copied to the clonedchannel.

This change has been reverted. (BZ#1367915)* In a previous erratum, spacewalk-clone-by-date was modified to allow it tocopy only specific RPMs when required for dependency-resolution, instead ofrequiring the cloning of the entire erratum that delivered those RPMs.

This ledto a variety of subtle dependency-resolution failures in cloned channels.

Thischange has been reverted. (BZ#1369185)* This update enhances the output of spacewalk-clone-by-date to include asummary of any errata cloned for dependency resolution, as well as cleaning upand clarifying the log output sent to /var/log/errata-clone.log. (BZ#1369888)* With this update, a user's timezone and browser locale have been added to thedata gathered by spacewalk-debug as an aid to problem determination.(BZ#1372721)* With this update, a variety of typos and grammar mistakes were fixed in thespacewalk-clone-by-date manual page. (BZ#1382272)Users of Red Hat Satellite are advised to upgrade to these updated packages,which fix these bugs and add these enhancements. Application of this errata involves updating the database schema.For general instructions on the database schema upgrade, consult the followingdocument first: https://access.redhat.com/site/articles/273633Before applying this update, make sure all previously-released errata relevantto your system have been applied.

To apply this erratum, take the followingsteps:* Shut down Red Hat Satellite by running the following command as root:rhn-satellite stop* Backup the database.

For embedded or managed database variants, please consultRed Hat Satellite 5.6 documentation.

For an external database, consult yourdatabase administrator.* Upgrade the errata packages.

Details on how to apply this update are availableat https://access.redhat.com/site/articles/11258* Update the database schema using the spacewalk-schema-upgrade command.

To doso, run as root:spacewalk-schema-upgradeThis process will update your database schema to the latest version.

Thespacewalk-schema-upgrade command will inform you about the results of theupgrade and exact locations of schema upgrade log files.* Restart Red Hat Satellite by running the following as root:rhn-satellite startRed Hat Satellite (v. 5.7 for RHEL 6) SRPMS: satellite-schema-5.7.0.25-1.el6sat.src.rpm     MD5: b0381dd499766b3d9a3d6420fc908d43SHA-256: 112ddf078f2debd07456134a0431a3027a589d0a5db965899bdd39a230fb58f5 spacewalk-backend-2.3.3-45.el6sat.src.rpm     MD5: 0c8b2a36309054fbdea10e747ab9ee80SHA-256: e87ed0c79a0421088da4ad1e6e9df451973f451d0d5aaff869ffe6369075363d spacewalk-java-2.3.8-155.el6sat.src.rpm     MD5: 0ef5309988fb8a61ecc776905c9e5ec9SHA-256: 09e0fc3725ad58db8070d45a124ff6720f2a2b0d989b5d9ba5218871ff298dd7 spacewalk-schema-2.3.2-28.el6sat.src.rpm     MD5: 965accbb8875d27bd564446fdfc7848eSHA-256: 86c3778773c1c837a8031ce46c9a0fff3aec3f1df3565448d77ac151915b82d5 spacewalk-utils-2.3.2-30.el6sat.src.rpm     MD5: 9527454e4048b93891e18a34f1c08295SHA-256: d577ce273935612c4484cd407fc56948c9c333e16afc26d6044b0acea7480170   s390x: satellite-schema-5.7.0.25-1.el6sat.noarch.rpm     MD5: dae96d9782dd52c68fc6fafa36f8a3d1SHA-256: 925579f67cb3da094b90abe1d5c8c1686b6f2c37a0a54c5156f7c69266c97420 spacewalk-backend-2.3.3-45.el6sat.noarch.rpm     MD5: 6b3323b90ff4259f9ee37a64b328cb3bSHA-256: 93b0813ad537b9549299a88599354836203c98ec1060a620584886d9d4043868 spacewalk-backend-app-2.3.3-45.el6sat.noarch.rpm     MD5: 087900b59a2e9e71e497f9eba042f9f1SHA-256: 03857a7ff99cce9b378d05be502dbe2c9fe7d8b66f46629cf4649b715f4dfc36 spacewalk-backend-applet-2.3.3-45.el6sat.noarch.rpm     MD5: 920ffb98b8036ff7e9d4d73bfd2ec62aSHA-256: 233462073bf69053762ef3d18329ab014b09674268b3ab70ff403949e6603e18 spacewalk-backend-config-files-2.3.3-45.el6sat.noarch.rpm     MD5: d5cfa9a9f4744805f1c3e71ea2cbb2e7SHA-256: 72b6b3f32a598b9bbd3ab8aef586b918b93baf8c1c6875ee242e62b63a7aa476 spacewalk-backend-config-files-common-2.3.3-45.el6sat.noarch.rpm     MD5: b8e439b1ce9e9fb10e2f0e16639a5afeSHA-256: fd19cf6ccdc05e17e7c74892f1fc6e7e1ab5bef56563616e9cbac3553cb0ad29 spacewalk-backend-config-files-tool-2.3.3-45.el6sat.noarch.rpm     MD5: e78833c25a8cf814ff87ca6b0bfa74ffSHA-256: 7e2000de3c6f005c7d2fb38258a15683194cf3683617c9a61acf81333ac8dddd spacewalk-backend-iss-2.3.3-45.el6sat.noarch.rpm     MD5: 2d1b2e2c0af0bc5b5669f399f8adc35bSHA-256: a453251637deba736f7bec99aa408478318d2c419047ca5c16c0a2258a643bb8 spacewalk-backend-iss-export-2.3.3-45.el6sat.noarch.rpm     MD5: e2dbf1d54c5c90d8e265a9676238e08dSHA-256: 49e1be5e330e8f0f53de789b3a7d277dc4c3faf36284a2d415bc847a36176348 spacewalk-backend-libs-2.3.3-45.el6sat.noarch.rpm     MD5: 7e2ffd98453a73717438f1f1851a6e86SHA-256: 8fa6fba9d50d52822a3e600ed1014422ae743a6ce48a78aa1ea9446d7d6cb9bc spacewalk-backend-package-push-server-2.3.3-45.el6sat.noarch.rpm     MD5: 9271889f2ed9dc2e6ec610e3a160ac89SHA-256: a2bf4d94cb82e068436bbff84a50dcd2f38af1b2d9f118b68e179c51f989ad59 spacewalk-backend-server-2.3.3-45.el6sat.noarch.rpm     MD5: cb4ba5c4f450aa9d49771e661b763f62SHA-256: 5d625a335fc4bf2c5d83141f21b75a46758908c6790d4042e6369eea3b88a3fb spacewalk-backend-sql-2.3.3-45.el6sat.noarch.rpm     MD5: 1426251c860819050343eee6f2a6f89cSHA-256: d0250318b31dec97ed502ebcc08fb32d8bffa1df9cf1896001cf8865ac8b9637 spacewalk-backend-sql-oracle-2.3.3-45.el6sat.noarch.rpm     MD5: 73183df02a2da47cfa9bb54019cf48d1SHA-256: 3bfd887221397b06acd520cefdf0ec73d2c9a977fd89a1a69ab0f0d5ec56e26c spacewalk-backend-sql-postgresql-2.3.3-45.el6sat.noarch.rpm     MD5: 39674cd0345394a34866b42fe56ecfe1SHA-256: 9c06c911dcc7367057cf4e3e6522985704396ca57523a8ec99c2e1b1afe81e15 spacewalk-backend-tools-2.3.3-45.el6sat.noarch.rpm     MD5: 099a8dd355be136099568c7d3981a60bSHA-256: 6d0eb7081c157ea86d76516666d17193caf44d980a8f5f0ae9dec59d9eb15c91 spacewalk-backend-xml-export-libs-2.3.3-45.el6sat.noarch.rpm     MD5: 6884fc7440210f33b5201e2610f08024SHA-256: fba1412c5f72e3a962d0d9960557c57e1ea4f19ac5d0217920b3f506f0fc4d66 spacewalk-backend-xmlrpc-2.3.3-45.el6sat.noarch.rpm     MD5: fb6905715ca39c95ea77dbb489f61827SHA-256: 4dcf326ac6134bc93a25274510562c62922705f20d70f3372b2be8703aef9ad7 spacewalk-java-2.3.8-155.el6sat.noarch.rpm     MD5: 74eef689118481f5165e6c7e5ea55084SHA-256: e7c88e3cfb76abbb9847a222f250149944e3a3323566d8e7d350dd52ef34a895 spacewalk-java-config-2.3.8-155.el6sat.noarch.rpm     MD5: 6e969960578860e407be656b53248129SHA-256: d9a82721d091f3c2808a7a75072489b868fa72c4717401202aefb3784980cd56 spacewalk-java-lib-2.3.8-155.el6sat.noarch.rpm     MD5: 852cd539cebb425aec40f49e3a4d3273SHA-256: 8981930f89eda9c2d914b83a78ae517b2e410807ef97e0e18ec5dca085f16bce spacewalk-java-oracle-2.3.8-155.el6sat.noarch.rpm     MD5: 6e5567868e84bfd153ed5617da3539afSHA-256: 9de3d7547485e67110b42d5f264ab9109a4a7b56dcd5a6ff533e2f93edb4baf1 spacewalk-java-postgresql-2.3.8-155.el6sat.noarch.rpm     MD5: b4bc80f77987ae593b70cb953c149496SHA-256: f21567f3de05fb50a6e40fb63e2b7c1faa2e203d2a5401525f0b0ea623536fad spacewalk-schema-2.3.2-28.el6sat.noarch.rpm     MD5: 02120c992241155983650738662b6bdfSHA-256: 9572659e5eb7cdac47312c7bf7c7c512c9ee1794204a2db268f21563ba423ddf spacewalk-taskomatic-2.3.8-155.el6sat.noarch.rpm     MD5: 60c7437c7eafe6beb7952c746da41307SHA-256: ae0fdcd2dc8602f0ffd7f18279ec0c83c3b3f7a38b6451ce6363db49bdbfa0f0 spacewalk-utils-2.3.2-30.el6sat.noarch.rpm     MD5: 6ddcd952df856c730913e4869c85b14fSHA-256: 25cf9344d38ee7991a850cc414690977073a874dc05c956f588617f480158ea0   x86_64: satellite-schema-5.7.0.25-1.el6sat.noarch.rpm     MD5: dae96d9782dd52c68fc6fafa36f8a3d1SHA-256: 925579f67cb3da094b90abe1d5c8c1686b6f2c37a0a54c5156f7c69266c97420 spacewalk-backend-2.3.3-45.el6sat.noarch.rpm     MD5: 6b3323b90ff4259f9ee37a64b328cb3bSHA-256: 93b0813ad537b9549299a88599354836203c98ec1060a620584886d9d4043868 spacewalk-backend-app-2.3.3-45.el6sat.noarch.rpm     MD5: 087900b59a2e9e71e497f9eba042f9f1SHA-256: 03857a7ff99cce9b378d05be502dbe2c9fe7d8b66f46629cf4649b715f4dfc36 spacewalk-backend-applet-2.3.3-45.el6sat.noarch.rpm     MD5: 920ffb98b8036ff7e9d4d73bfd2ec62aSHA-256: 233462073bf69053762ef3d18329ab014b09674268b3ab70ff403949e6603e18 spacewalk-backend-config-files-2.3.3-45.el6sat.noarch.rpm     MD5: d5cfa9a9f4744805f1c3e71ea2cbb2e7SHA-256: 72b6b3f32a598b9bbd3ab8aef586b918b93baf8c1c6875ee242e62b63a7aa476 spacewalk-backend-config-files-common-2.3.3-45.el6sat.noarch.rpm     MD5: b8e439b1ce9e9fb10e2f0e16639a5afeSHA-256: fd19cf6ccdc05e17e7c74892f1fc6e7e1ab5bef56563616e9cbac3553cb0ad29 spacewalk-backend-config-files-tool-2.3.3-45.el6sat.noarch.rpm     MD5: e78833c25a8cf814ff87ca6b0bfa74ffSHA-256: 7e2000de3c6f005c7d2fb38258a15683194cf3683617c9a61acf81333ac8dddd spacewalk-backend-iss-2.3.3-45.el6sat.noarch.rpm     MD5: 2d1b2e2c0af0bc5b5669f399f8adc35bSHA-256: a453251637deba736f7bec99aa408478318d2c419047ca5c16c0a2258a643bb8 spacewalk-backend-iss-export-2.3.3-45.el6sat.noarch.rpm     MD5: e2dbf1d54c5c90d8e265a9676238e08dSHA-256: 49e1be5e330e8f0f53de789b3a7d277dc4c3faf36284a2d415bc847a36176348 spacewalk-backend-libs-2.3.3-45.el6sat.noarch.rpm     MD5: 7e2ffd98453a73717438f1f1851a6e86SHA-256: 8fa6fba9d50d52822a3e600ed1014422ae743a6ce48a78aa1ea9446d7d6cb9bc spacewalk-backend-package-push-server-2.3.3-45.el6sat.noarch.rpm     MD5: 9271889f2ed9dc2e6ec610e3a160ac89SHA-256: a2bf4d94cb82e068436bbff84a50dcd2f38af1b2d9f118b68e179c51f989ad59 spacewalk-backend-server-2.3.3-45.el6sat.noarch.rpm     MD5: cb4ba5c4f450aa9d49771e661b763f62SHA-256: 5d625a335fc4bf2c5d83141f21b75a46758908c6790d4042e6369eea3b88a3fb spacewalk-backend-sql-2.3.3-45.el6sat.noarch.rpm     MD5: 1426251c860819050343eee6f2a6f89cSHA-256: d0250318b31dec97ed502ebcc08fb32d8bffa1df9cf1896001cf8865ac8b9637 spacewalk-backend-sql-oracle-2.3.3-45.el6sat.noarch.rpm     MD5: 73183df02a2da47cfa9bb54019cf48d1SHA-256: 3bfd887221397b06acd520cefdf0ec73d2c9a977fd89a1a69ab0f0d5ec56e26c spacewalk-backend-sql-postgresql-2.3.3-45.el6sat.noarch.rpm     MD5: 39674cd0345394a34866b42fe56ecfe1SHA-256: 9c06c911dcc7367057cf4e3e6522985704396ca57523a8ec99c2e1b1afe81e15 spacewalk-backend-tools-2.3.3-45.el6sat.noarch.rpm     MD5: 099a8dd355be136099568c7d3981a60bSHA-256: 6d0eb7081c157ea86d76516666d17193caf44d980a8f5f0ae9dec59d9eb15c91 spacewalk-backend-xml-export-libs-2.3.3-45.el6sat.noarch.rpm     MD5: 6884fc7440210f33b5201e2610f08024SHA-256: fba1412c5f72e3a962d0d9960557c57e1ea4f19ac5d0217920b3f506f0fc4d66 spacewalk-backend-xmlrpc-2.3.3-45.el6sat.noarch.rpm     MD5: fb6905715ca39c95ea77dbb489f61827SHA-256: 4dcf326ac6134bc93a25274510562c62922705f20d70f3372b2be8703aef9ad7 spacewalk-java-2.3.8-155.el6sat.noarch.rpm     MD5: 74eef689118481f5165e6c7e5ea55084SHA-256: e7c88e3cfb76abbb9847a222f250149944e3a3323566d8e7d350dd52ef34a895 spacewalk-java-config-2.3.8-155.el6sat.noarch.rpm     MD5: 6e969960578860e407be656b53248129SHA-256: d9a82721d091f3c2808a7a75072489b868fa72c4717401202aefb3784980cd56 spacewalk-java-lib-2.3.8-155.el6sat.noarch.rpm     MD5: 852cd539cebb425aec40f49e3a4d3273SHA-256: 8981930f89eda9c2d914b83a78ae517b2e410807ef97e0e18ec5dca085f16bce spacewalk-java-oracle-2.3.8-155.el6sat.noarch.rpm     MD5: 6e5567868e84bfd153ed5617da3539afSHA-256: 9de3d7547485e67110b42d5f264ab9109a4a7b56dcd5a6ff533e2f93edb4baf1 spacewalk-java-postgresql-2.3.8-155.el6sat.noarch.rpm     MD5: b4bc80f77987ae593b70cb953c149496SHA-256: f21567f3de05fb50a6e40fb63e2b7c1faa2e203d2a5401525f0b0ea623536fad spacewalk-schema-2.3.2-28.el6sat.noarch.rpm     MD5: 02120c992241155983650738662b6bdfSHA-256: 9572659e5eb7cdac47312c7bf7c7c512c9ee1794204a2db268f21563ba423ddf spacewalk-taskomatic-2.3.8-155.el6sat.noarch.rpm     MD5: 60c7437c7eafe6beb7952c746da41307SHA-256: ae0fdcd2dc8602f0ffd7f18279ec0c83c3b3f7a38b6451ce6363db49bdbfa0f0 spacewalk-utils-2.3.2-30.el6sat.noarch.rpm     MD5: 6ddcd952df856c730913e4869c85b14fSHA-256: 25cf9344d38ee7991a850cc414690977073a874dc05c956f588617f480158ea0   (The unlinked packages above are only available from the Red Hat Network) 1356173 - kickstart.profile.set_advanced_options does not update kickstart file1367915 - spacewalk-clone-by-date may not clone all packages correctly1369185 - spacewalk-clone-by-date *must* clone errata when needed for dependency resolution1369888 - Recent clone-by-date logging changes incomplete1372721 - collect users timezone and browser locale options to spacewalk-debug1382272 - Typo in spacewalk-clone-by-date man page These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Monster Oracle update patches database, Java

Bigger is not necessarily better, but it's beginning to look like Oracle will be releasing a monster Critical Patch Update (CPU) every quarter.

These security updates affect databases, networking components, operating systems, applications server, Java, and ERP systems, leaving IT administrators to wrestle with the task of testing, verifying, and deploying several dozen patches in a timely manner. The CPU is getting bigger -- the average number of vulnerabilities patched in 2014 and 2015 was 128 and 161, respectively, compared to this year's average of 228 vulnerabilities -- but most of the focus remains on the company's middleware products. Of the 253 security flaws fixed in the October Critical Patch Update (CPU), Oracle Database, MySQL, Java, Linux and virtualization products, and the Sun Systems suite accounted for just a third of the patches. Oracle addressed 12 vulnerabilities in its core Oracle Database Server, 31 in the MySQL database, seven in Java SE, 13 in Oracle Linux and virtualization products, and 16 in the Sun Systems suite, which includes Solaris and Sparc Enterprise. Several of these vulnerabilities are considered critical and could be remotely exploited without requiring authentication. Database is important again The last several updates from Oracle addressed few database flaws, but this latest CPU showed the flagship product a little bit of love. Oracle Database Server has nine new security fixes, of which only one was rated critical with a CVSS v3 base score of 9.1. However, that vulnerability in OJVM (CVE 2016-5555), which affects Oracle Database Server 11.2.0.4 and 12.1.0.2, cannot be remotely exploited over a network without requiring user credentials.
In contrast, the six-year-old vulnerability in the Application Express component (CVE-2010-5312) has a CVSS v3 score of just 6.1 but can be exploited over the network without authentication. An issue with the DBA-level privileged accounts (CVE 2016-3562) applies only to client-only installations and doesn't need to have Oracle Database Server installed. Two vulnerabilities in Oracle Secure Backup may be remotely exploitable without authentication, but were rated just 5.8 on the CVSS v3 scale, making them of medium severity.

The last security flaw, in Oracle Big Data Graph, is related to the Apache Commons Collections and is not remotely exploitable without authentication. For Oracle MySQL, the most serious security flaws are in the Server:Security:Encryption component (CVE-2016-6304) and in the Python Connector (CVE-2016-5598) because they may be remotely exploited without authentication.

Even so, Oracle did not consider these issues critical, assigning them CVSS v3 scores of 7.5 and 5.6, respectively.

There were three fixes for the Encryption component and six for InnoDB. Databases are typically not exposed to the internet, but administrators should plan on patching the vulnerabilities in MySQL Connector and Application Express as they are remotely exploitable and attackers can use them after compromising another system on the network. Keep that Java patched Administrators who support Java applications should pay close attention to the Java patches, as Oracle released seven important security updates that affect every version of Java Platforms 6, 7, and 8, and eight critical security updates for Oracle's Java-powered WebLogic and GlassFish application platforms. Nearly all of the disclosed vulnerabilities are remotely exploitable without authentication, meaning any application running on the current or earlier versions of these Java products could be susceptible to remote attacks and exploitation. Two of the Java Platform vulnerabilities affect the Java Management Extensions (JMXs) and Networking APIs built into the Java Platform.

Critical Java applications are likely operating with these flawed APIs and should be prioritized for patching as quickly as possible. "These two APIs are present and loaded in all but the most trivial Java applications," said Waratek CTO John Matthew Holt. The CVSS scores for the Java security flaws assume that the user running the Java applet or Java Web Start application has administrator privileges.

This is a common user scenario in Windows, which is why the scores are so high.
In environments where users do not have administrator privileges -- a typical situation for Solaris and Linux users, and also for some Windows users -- the impact scores drop significantly.

A CVSS v3 base score of 9.6 for a Java SE flaw drops to 7.1 in those deployments, Oracle said in the advisory. Java on Windows machines should have priority.

This advisory also shows why it pays off for Windows administrators to not give higher privileges by default to their users.  "Users should only use the default Java Plug-in and Java Web Start from the latest JDK or JRE 8 releases," Oracle said. Even though Oracle WebLogic Server and Oracle Glassfish Server are grouped into Oracle Fusion Middleware, Holt highlighted the five vulnerabilities in WebLogic and two in GlassFish that are remotely exploitable over HTTP and HTTPS protocols without authentication.

A successful exploit against critical business applications on Java-powered WebLogic and GlassFish applications could hijack the application stack and expose confidential application data. Remote exploits over HTTP/HTTPS pose serious risks due to the "ubiquity of HTTP/HTTPS access to Java-powered applications," Holt warned. Fixes in for Oracle Linux and Sun Systems, too Oracle also fixed 13 flaws in Oracle Virtualization, four of which are remotely exploitable without authentication.

Eight flaws affected Oracle VM VirtualBox, and the most critical one, affecting the VirtualBox Remote Desktop Extension (CVE-2016-5605), applies to every single version of VirtualBox prior to 5.1.4. Much like the database issues, the flaw in VirtualBox's OpenSSL component (CVE-2016-6304) should be prioritized and patched immediately because attackers can use this flaw as they move laterally through the network. On the operating system, Oracle fixed 16 vulnerabilities in the Oracle Sun Systems Products Suite, which includes Solaris and the Sun ZFS Storage Appliance Kit. The CVSS v3 scores range from 2.8 to 8.2, but three issues that can be exploited over a network without requiring user credentials are all of low severity.

Even so, administrators should pay attention to the fixes for ZFS Storage appliance's DNS, the IKE component in Solaris, and HTTP in Solaris because of the risk of a remote attack. Set the priority list Organizations prioritize patches differently. One with a lot of Java users on Windows would bump up the patches' priority higher than one that's a pure-Linux shop.

Critical business applications on WebLogic will need some attention, as will those organizations that use VirtualBox throughout their virtualized infrastructure. Researchers at ERPScan sorted the fixed vulnerabilities by their CVSS v3 scores and noted that the flaw in Oracle WebLogic Server (CVE-2016-5535), which affects versions 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1, was third on the list.

A successful attack can result in a takeover of Oracle WebLogic Server.

The vulnerability in JavaSE's Hotspot subcomponent (CVE-2016-5582) was fifth. While easily exploitable, a successful attack using this vulnerability would require human interaction from a person other than the attacker. Oracle didn't indicate whether any of these flaws are being exploited in the wild, but warned against skipping the patches in favor of workarounds. While it's possible to reduce the risk of successful attack by blocking network protocols or removing certain privileges or access to certain packages, they do not correct the underlying problem. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible," the company wrote in the advisory accompanying the CPU release.

RHBA-2016:1645-1: Satellite 5.7 bug fix update

Updated spacecmd, spacewalk-backend, spacewalk-java, spacewalk-utils,satellite-schema and spacewalk-schema packages that fix several bugs and addvarious enhancements are now available for Red Hat Satellite 5.7. Red Hat Satellite is a systems management tool for Linux-based infrastructures.It allows for provisioning, remote management and monitoring of multiple Linuxdeployments with a single, centralized tool.This update fixes the following bugs:* Prior to this update, attempting to convert more than one system fromconsuming Regular entitlements to Flex entitlements would result in an InternalServer Error 500.

The bug has been fixed and systems are now either converted,or an error message is displayed if there are not sufficient entitlements toconvert them. (BZ#1126499)* Under certain circumstances, registering or deleting large numbers of systemssimultaneously could result in database deadlocks when attempting to referenceor update entitlement counts.

This update locks the affected tables in such away as to prevent these deadlocks. (BZ#1179770)* This update adds the ability to delete source RPMs that have been added to theSatellite. (BZ#1192879)* Under certain circumstances, satellite-sync could fail with aUnicodeDecodeError.

This update provides the ability to download all filesbefore attempting to decompress them, should the problem occur.

There exists anew configuration parameter, 'sync_to_temp', in rhn_server.conf, and a newcommand line argument to satellite-sync, --sync-to-temp, to invoke the newfunctionality. (BZ#1313532)* This update fixes the spacecmd package_search command so that it avoids addingspurious quote marks in a way that breaks the search when invoked from theshell. (BZ#1315060)* Prior to this update, removing an erratum from a channel would not mark thechannel to have its repodata be regenerated.

This has been fixed. (BZ#1330610)* Prior to this update, attempting to filter Software Channel Entitlements inthe web UI with a filter string longer than 8192 characters would fail with anHTTP 503 error and a "SEVERE: Buffer overflow" error in catalina.out.

This isaddressed by limiting the web UI filter to a more reasonable size. (BZ#1334296)* Prior to this update, attempting to access the OrgDetails page for anonexistent organization would result in an internal server error. With thisupdate, the page simply shows a "No such organization exists" error message.(BZ#1334308)* Prior to this update, attempting to filter the System Group Administratorspage resulted in an internal server error.

This has been fixed. (BZ#1335104)* Prior to this update, attempting to upload large configuration files wouldresult in an IOException in the backend.

This has been fixed. (BZ#1351785)* The log output of the spacewalk-clone-by-date command has been cleaned up, asummary count of RPMs included for dependency resolution has been added to thecommand's output, and the manual page has been updated to document the existenceof the tool's log file. (BZ#1366343)Users of Red Hat Satellite are advised to upgrade to these updated packages,which fix these bugs and add these enhancements. Application of this errata involves updating the database schema.For general instructions on the database schema upgrade, consult the followingdocument first: https://access.redhat.com/site/articles/273633Before applying this update, make sure all previously-released errata relevantto your system have been applied.

To apply this erratum, take the followingsteps:* Shut down Red Hat Satellite by running the following command as root:rhn-satellite stop* Backup the database.

For embedded or managed database variants, please consultRed Hat Satellite 5.6 documentation.

For an external database, consult yourdatabase administrator.* Upgrade the errata packages.

Details on how to apply this update are availableat https://access.redhat.com/site/articles/11258* Update the database schema using the spacewalk-schema-upgrade command.

To doso, run as root:spacewalk-schema-upgradeThis process will update your database schema to the latest version.

Thespacewalk-schema-upgrade command will inform you about the results of theupgrade and exact locations of schema upgrade log files.* Restart Red Hat Satellite by running the following as root:rhn-satellite startRed Hat Satellite (v. 5.7 for RHEL 6) SRPMS: satellite-schema-5.7.0.24-1.el6sat.src.rpm     MD5: 56e16d2e110de7b1f1f7d4d00eba158cSHA-256: 9f6adf4f52fd8d71782340d71c34cc15a98b193d8a507e3b631625d764a364f1 spacecmd-2.3.0-5.el6sat.src.rpm     MD5: 809e4ed7a5a380d7bfe72df7cd4c4a2eSHA-256: 98f724a64588cd7f25b9dce6c8281d87fa2a6d5aa8428c3fd85ea2a7485a81bd spacewalk-backend-2.3.3-43.el6sat.src.rpm     MD5: 6b5bfc2214deea941a7bb6a374191d82SHA-256: 79bb5f43378e3cf53966cd4dbcd7902db8d2b5be6521d62018e4cad7dc3b704c spacewalk-java-2.3.8-153.el6sat.src.rpm     MD5: ab64252a34cebddd5353914fac4c0785SHA-256: 533eb3d8bcc1d15961b5332e1cb6cfddb732e21b30d8456d63e4a546405f560a spacewalk-schema-2.3.2-27.el6sat.src.rpm     MD5: 4b6663da0079f5d845b16c41bbe2c64aSHA-256: edbd325f91c8f2be66d5ab9abbe34799d30ae24c08c3d357637bbc9e1120f76c spacewalk-utils-2.3.2-25.el6sat.src.rpm     MD5: 8504dafdbaa87f102bce165914708979SHA-256: 9ce61745baeb7099fcd63a13fb8417fceee4c264b8cf7f3754dd82f3f29e76a2   s390x: satellite-schema-5.7.0.24-1.el6sat.noarch.rpm     MD5: cf0ae92a50478e0410b9aace123c1eb8SHA-256: 7a5185e3c81fdcf19b2b734ba254c691f2290fe3ee1c3b39143c91c67bb457e2 spacecmd-2.3.0-5.el6sat.noarch.rpm     MD5: 8c75a9647f6c2eb6cbb1f749822a1e9cSHA-256: f8765fe65a9b6031198f5d7c020b5cb2d85f1e5a044d36720da7f2bd0959d317 spacewalk-backend-2.3.3-43.el6sat.noarch.rpm     MD5: dd482a3a3ad20096aaa233fbafd70ae2SHA-256: ee0126a754ed79372ae14652001cde2e7b7bac1b74123b4188e7ff28b51e2100 spacewalk-backend-app-2.3.3-43.el6sat.noarch.rpm     MD5: f18dd0706ce2aa4c59951d44b2263503SHA-256: 99c79fc5b8dbbeb1cf88abedd171af0dea28a197642ad31e45bdfcd699bf0619 spacewalk-backend-applet-2.3.3-43.el6sat.noarch.rpm     MD5: cf0c97a68e9d4405355ed6120b619077SHA-256: a2318d2729af888ed6b3d30d2ceead155d81927c7f3b71b04724bbc9b79b67cb spacewalk-backend-config-files-2.3.3-43.el6sat.noarch.rpm     MD5: 1c7810e27b48337c7c5e27bdd32e2669SHA-256: 0e68c3b0a46b0950788a08d23c62fbb3d086eb9601975ff7df18e86e9c5f0a74 spacewalk-backend-config-files-common-2.3.3-43.el6sat.noarch.rpm     MD5: f311f83f554df7d9df632dff4640b2d6SHA-256: 817eacb966c6619f9396be2ea7cad9e4a1b36f5a73d59c169c042c1d0b1ae4a5 spacewalk-backend-config-files-tool-2.3.3-43.el6sat.noarch.rpm     MD5: 234e012814c10753a708d8cc442ecd96SHA-256: 86f03cf833e86d6017f7c435346e2eeb52d91c46cdad6eff0e788ad6fdb5e319 spacewalk-backend-iss-2.3.3-43.el6sat.noarch.rpm     MD5: ed4a56620f5a434d87e31acd11189125SHA-256: 326387aa554206f651843e756c66895922b6f7cc5d553d5f4f428db21fa31f1b spacewalk-backend-iss-export-2.3.3-43.el6sat.noarch.rpm     MD5: 9201a78b3e53bfc7d766f2cd90761a7aSHA-256: 9d5e81435fd5eaffcf67cb087d4a145cee1ad80fc9c95ab2fe273096ad05077d spacewalk-backend-libs-2.3.3-43.el6sat.noarch.rpm     MD5: 0241f3071d83b5e56e2c2ace2d1cef45SHA-256: dedb1001562606c2ae13803cbee29c14bb1a1917a0cd5df45586d8d4827852c6 spacewalk-backend-package-push-server-2.3.3-43.el6sat.noarch.rpm     MD5: 204d51aaa5b174ee8fb96cc9046bee58SHA-256: 5ecc81cbcff1151d89a9cb1cde5da6fef290ff621e437d97e3519b742e24fdf7 spacewalk-backend-server-2.3.3-43.el6sat.noarch.rpm     MD5: 0c32a987b703053459966bfd125af998SHA-256: e8170baec2c0def381f55934a5d5ba731a2d43efe2abfb2808dc95bd0d31194e spacewalk-backend-sql-2.3.3-43.el6sat.noarch.rpm     MD5: ac2973eba41e473876593e13d08c571eSHA-256: 855cf52b20bbfb40f252ec8fdc6c00b23dd5b08727898d4c4a1ae44a4d6fd181 spacewalk-backend-sql-oracle-2.3.3-43.el6sat.noarch.rpm     MD5: 0bb0c3d22c5514ae7c036c5a370f3ae8SHA-256: 15422b3c9f33e5a6bf9187b39cf3c79ab36b8a79acd6b5e7c0998b297004ded8 spacewalk-backend-sql-postgresql-2.3.3-43.el6sat.noarch.rpm     MD5: 908a8d15a24a268c897e9f6951736669SHA-256: 76c5ef874bda9de2ce418d4ed0e58d19c74d725e2d11ddac847b68455acb4ec8 spacewalk-backend-tools-2.3.3-43.el6sat.noarch.rpm     MD5: 4bdc0e9d5c81b51f95841d10dbf43e82SHA-256: 5ef86a1e9d7f33db04998d733484b9687a0d84e2c55cc40c0a14797cf263b806 spacewalk-backend-xml-export-libs-2.3.3-43.el6sat.noarch.rpm     MD5: cdf927d10e8ba995ab24bc9caa5b3216SHA-256: 4e0b7c2cee8362a10b76000ea20364b1cb0812a91a7f8f24f05dd7da76a44d21 spacewalk-backend-xmlrpc-2.3.3-43.el6sat.noarch.rpm     MD5: 8d44f4179a2220eb52a3a74b30597ebbSHA-256: e09d785a91c460c8a2109251c0b10926d72208c6ed0dc6fe8f8e94347eb2552b spacewalk-java-2.3.8-153.el6sat.noarch.rpm     MD5: 96819c5d756e8452869ef408b300400aSHA-256: c74b69ebe9f68fee644ee8fb30732ebf1a7d99da20bbcea0b00f81354e54aa9d spacewalk-java-config-2.3.8-153.el6sat.noarch.rpm     MD5: 8bcb170f1651178104552d4576ecc26fSHA-256: 62dd920eba1b289a1d6661f853dd422b6739ecdb4cecd2bf8dd6faacfd6ed47c spacewalk-java-lib-2.3.8-153.el6sat.noarch.rpm     MD5: 53d56377d95485ae64ac15858debc04bSHA-256: b9f298186f75dc5b186a6a9ac5df72d1c6e230deaca7977bd172e33db436d1b7 spacewalk-java-oracle-2.3.8-153.el6sat.noarch.rpm     MD5: 0cd5684b72791f0f54caf424502885f0SHA-256: 495c5c4039dc0e39b57ddd28333decc0c9b11bffadd6098feef1ae8ca7703775 spacewalk-java-postgresql-2.3.8-153.el6sat.noarch.rpm     MD5: 8181c79b538530d7374da01ecd483ca2SHA-256: 1919b9200a162456e4366a4b98daac869e7fa5b90b347f9417b67cec32f443c5 spacewalk-schema-2.3.2-27.el6sat.noarch.rpm     MD5: d056d19e1857311dd95db5938056f334SHA-256: 3e31694332b403ae7752c98a24b5db914fc7ccb4be35bc69c6463d04d1bda1e1 spacewalk-taskomatic-2.3.8-153.el6sat.noarch.rpm     MD5: 612943b390b1e246207a5ebb6bf6bff0SHA-256: 476ac73d69fcf34c7b98be02f1d8a4bb801895e2810161ec2bcb93a86e6cb984 spacewalk-utils-2.3.2-25.el6sat.noarch.rpm     MD5: 9c6b55def5ad28a22255544e7005a460SHA-256: 29cae08dff2ec99a41ea5d41aa47556ca2a5a4e015a4121079729609a6b990c0   x86_64: satellite-schema-5.7.0.24-1.el6sat.noarch.rpm     MD5: cf0ae92a50478e0410b9aace123c1eb8SHA-256: 7a5185e3c81fdcf19b2b734ba254c691f2290fe3ee1c3b39143c91c67bb457e2 spacecmd-2.3.0-5.el6sat.noarch.rpm     MD5: 8c75a9647f6c2eb6cbb1f749822a1e9cSHA-256: f8765fe65a9b6031198f5d7c020b5cb2d85f1e5a044d36720da7f2bd0959d317 spacewalk-backend-2.3.3-43.el6sat.noarch.rpm     MD5: dd482a3a3ad20096aaa233fbafd70ae2SHA-256: ee0126a754ed79372ae14652001cde2e7b7bac1b74123b4188e7ff28b51e2100 spacewalk-backend-app-2.3.3-43.el6sat.noarch.rpm     MD5: f18dd0706ce2aa4c59951d44b2263503SHA-256: 99c79fc5b8dbbeb1cf88abedd171af0dea28a197642ad31e45bdfcd699bf0619 spacewalk-backend-applet-2.3.3-43.el6sat.noarch.rpm     MD5: cf0c97a68e9d4405355ed6120b619077SHA-256: a2318d2729af888ed6b3d30d2ceead155d81927c7f3b71b04724bbc9b79b67cb spacewalk-backend-config-files-2.3.3-43.el6sat.noarch.rpm     MD5: 1c7810e27b48337c7c5e27bdd32e2669SHA-256: 0e68c3b0a46b0950788a08d23c62fbb3d086eb9601975ff7df18e86e9c5f0a74 spacewalk-backend-config-files-common-2.3.3-43.el6sat.noarch.rpm     MD5: f311f83f554df7d9df632dff4640b2d6SHA-256: 817eacb966c6619f9396be2ea7cad9e4a1b36f5a73d59c169c042c1d0b1ae4a5 spacewalk-backend-config-files-tool-2.3.3-43.el6sat.noarch.rpm     MD5: 234e012814c10753a708d8cc442ecd96SHA-256: 86f03cf833e86d6017f7c435346e2eeb52d91c46cdad6eff0e788ad6fdb5e319 spacewalk-backend-iss-2.3.3-43.el6sat.noarch.rpm     MD5: ed4a56620f5a434d87e31acd11189125SHA-256: 326387aa554206f651843e756c66895922b6f7cc5d553d5f4f428db21fa31f1b spacewalk-backend-iss-export-2.3.3-43.el6sat.noarch.rpm     MD5: 9201a78b3e53bfc7d766f2cd90761a7aSHA-256: 9d5e81435fd5eaffcf67cb087d4a145cee1ad80fc9c95ab2fe273096ad05077d spacewalk-backend-libs-2.3.3-43.el6sat.noarch.rpm     MD5: 0241f3071d83b5e56e2c2ace2d1cef45SHA-256: dedb1001562606c2ae13803cbee29c14bb1a1917a0cd5df45586d8d4827852c6 spacewalk-backend-package-push-server-2.3.3-43.el6sat.noarch.rpm     MD5: 204d51aaa5b174ee8fb96cc9046bee58SHA-256: 5ecc81cbcff1151d89a9cb1cde5da6fef290ff621e437d97e3519b742e24fdf7 spacewalk-backend-server-2.3.3-43.el6sat.noarch.rpm     MD5: 0c32a987b703053459966bfd125af998SHA-256: e8170baec2c0def381f55934a5d5ba731a2d43efe2abfb2808dc95bd0d31194e spacewalk-backend-sql-2.3.3-43.el6sat.noarch.rpm     MD5: ac2973eba41e473876593e13d08c571eSHA-256: 855cf52b20bbfb40f252ec8fdc6c00b23dd5b08727898d4c4a1ae44a4d6fd181 spacewalk-backend-sql-oracle-2.3.3-43.el6sat.noarch.rpm     MD5: 0bb0c3d22c5514ae7c036c5a370f3ae8SHA-256: 15422b3c9f33e5a6bf9187b39cf3c79ab36b8a79acd6b5e7c0998b297004ded8 spacewalk-backend-sql-postgresql-2.3.3-43.el6sat.noarch.rpm     MD5: 908a8d15a24a268c897e9f6951736669SHA-256: 76c5ef874bda9de2ce418d4ed0e58d19c74d725e2d11ddac847b68455acb4ec8 spacewalk-backend-tools-2.3.3-43.el6sat.noarch.rpm     MD5: 4bdc0e9d5c81b51f95841d10dbf43e82SHA-256: 5ef86a1e9d7f33db04998d733484b9687a0d84e2c55cc40c0a14797cf263b806 spacewalk-backend-xml-export-libs-2.3.3-43.el6sat.noarch.rpm     MD5: cdf927d10e8ba995ab24bc9caa5b3216SHA-256: 4e0b7c2cee8362a10b76000ea20364b1cb0812a91a7f8f24f05dd7da76a44d21 spacewalk-backend-xmlrpc-2.3.3-43.el6sat.noarch.rpm     MD5: 8d44f4179a2220eb52a3a74b30597ebbSHA-256: e09d785a91c460c8a2109251c0b10926d72208c6ed0dc6fe8f8e94347eb2552b spacewalk-java-2.3.8-153.el6sat.noarch.rpm     MD5: 96819c5d756e8452869ef408b300400aSHA-256: c74b69ebe9f68fee644ee8fb30732ebf1a7d99da20bbcea0b00f81354e54aa9d spacewalk-java-config-2.3.8-153.el6sat.noarch.rpm     MD5: 8bcb170f1651178104552d4576ecc26fSHA-256: 62dd920eba1b289a1d6661f853dd422b6739ecdb4cecd2bf8dd6faacfd6ed47c spacewalk-java-lib-2.3.8-153.el6sat.noarch.rpm     MD5: 53d56377d95485ae64ac15858debc04bSHA-256: b9f298186f75dc5b186a6a9ac5df72d1c6e230deaca7977bd172e33db436d1b7 spacewalk-java-oracle-2.3.8-153.el6sat.noarch.rpm     MD5: 0cd5684b72791f0f54caf424502885f0SHA-256: 495c5c4039dc0e39b57ddd28333decc0c9b11bffadd6098feef1ae8ca7703775 spacewalk-java-postgresql-2.3.8-153.el6sat.noarch.rpm     MD5: 8181c79b538530d7374da01ecd483ca2SHA-256: 1919b9200a162456e4366a4b98daac869e7fa5b90b347f9417b67cec32f443c5 spacewalk-schema-2.3.2-27.el6sat.noarch.rpm     MD5: d056d19e1857311dd95db5938056f334SHA-256: 3e31694332b403ae7752c98a24b5db914fc7ccb4be35bc69c6463d04d1bda1e1 spacewalk-taskomatic-2.3.8-153.el6sat.noarch.rpm     MD5: 612943b390b1e246207a5ebb6bf6bff0SHA-256: 476ac73d69fcf34c7b98be02f1d8a4bb801895e2810161ec2bcb93a86e6cb984 spacewalk-utils-2.3.2-25.el6sat.noarch.rpm     MD5: 9c6b55def5ad28a22255544e7005a460SHA-256: 29cae08dff2ec99a41ea5d41aa47556ca2a5a4e015a4121079729609a6b990c0   (The unlinked packages above are only available from the Red Hat Network) 1126499 - ISE 500 when systems were converted from regular entitlements to flex1315060 - spacecmd package-search doesn't return results when ran from command line, same works from spacecmd shell1330610 - Deleting the errata does not trigger a repo regeneration process under taskomatic1334296 - HTTP 503 error when filtering list of Software Channel Entitlements1334308 - Accessing Organization management page with non-existing org ID causes internal server error1335104 - Filtering System Group's Administrators causes ISE1351785 - non buffered input stream for Config File causes issues with stream reset1366343 - spacewalk-clone-by-date could use clearer output/logging These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Free Tools & Training To ‘Hack Yourself’ Into Better Security

How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset. Perhaps you’ve purchased the best cybersecurity technology available. Maybe you’ve brought in a red team (or have one in-house). You feel prepared in case of a cyber attack. However, there’s another step to attaining the proper level of preparation for today’s sophisticated cyber attacks: making sure your blue team knows how attackers operate. If you can implement a “hack-yourself” program effectively, you can improve the effectiveness of your defense-in-depth strategies by having a blue team capable of carrying out red team exercises to gain a better awareness of how attackers might approach certain network vulnerabilities. When your network is under attack, your most valuable asset is time.

The faster you understand you’re being attacked and the quicker you understand what’s happening, the faster you can identify where the attackers are and what they’re doing. Responding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven’t yet achieved. The first step in improving preparation is theoretical training in the latest tools, techniques and procedures.

Cybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conference can provide the higher-level, theoretical learning to get your security team moving toward proper awareness and preparation.

The next step is to introduce red team exercises. Red team exercises with third-party consultants can help large enterprises spot critical vulnerabilities in their networks. However, many companies rely on these red team exercises to the point that they don’t maintain the proper level of internal cybersecurity awareness.

External red team exercises offer a level of expertise that most organization don’t have internally.

But there is also real value in implementing a “hack-yourself” program to build your security posture from the inside -- and arm your blue team with the necessary skills to think like the red team and improve your security posture. More than simulationsRather than having your security team practice hacking skills on third-party sites, internal red team exercises are carried out on your real network--they are not just simulations.

But to get the most out of a “hack yourself” program and avoid causing damage to the network, your security team must have the proper training to identify vulnerabilities as it hunts for data, administrator credentials, or any other valuable assets on your servers. One way to ensure your security team has the proper training to carry out an advanced “hack-yourself” program is to invest in the Cyber Guardians program from the SANS Institute.

The Cyber Guardians program consists of four core courses and corresponding certificates. The program is meant to provide security professionals with knowledge about all kinds of cyber attacks and how to respond to them accordingly.

After your security team has achieved Cyber Guardian status, you’ll know that they are capable of understanding many techniques attackers might use to maneuver through your network. Once your internal red team is trained to enact the “hack-yourself” program, you need to supply them with tools similar to those that attackers have at their disposal when launching threats.

The following are two toolkits blue teams can use together for an effective “hack-yourself” program: Metasploit through Kali Linux and Cobalt Strike. MetasploitMetasploit, which has been labeled the Attacker’s Playbook by many in the cybersecurity community, offers a rich library of exploits you can run on a number of different servers.
If your blue team can simulate the various steps of APT attacks, they will better be able to spot the attack paths and vulnerabilities that might have otherwise allowed major data breaches. However, before your internal security team can start using Metasploit to its fullest potential, they’ll need specific training. Offensive Security offers a free training program for the toolkit called Metasploit Unleashed. Cobalt StrikeCobalt Strike is a tool used by red teams to emulate real network threats. You can use the tools within Cobalt Strike to conduct penetration testing.

The toolkit’s website says the software includes functionality for: Network reconnaissance Attack packages for Java Applet, Microsoft Office, Microsoft Windows, website cloning and more Spear phishing Collaboration within the penetration team Post exploitation (execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads) Covert communications to evade security systems Browser pivoting to avoid two-factor authentication Reporting and logging to analyze the results of the exercise While Metasploit offers a collection of exploits for blue teams to use, the tools and functionality in Cobalt Strike help blue teams gather information and move laterally without exploits. With the combination of an exploit toolkit and a set of tools reconnaissance and lateral movement, your trained security team can successfully carry out a “hack-yourself” program and uncover even the deepest layer of vulnerabilities. Why "hack yourself?"If you’ve never experienced a cyber attack, you will likely think the first time will happen exactly as how you’ve studied.

Consequently, you will be caught off guard when an attack actually occurs; there will be so much more information that it’s hard to understand what’s important, what isn’t important, and what to investigate further.

The more you practice internally, the better prepared you’ll be when the time comes that you’re actually under attack. Related Content: Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016.

Click for information on the conference schedule and to register.
Ofer Israeli is illusive networks' founder and vice president of research and development. Prior to founding illusive networks, Ofer was a team leader at Check Point Software Technologies, where he led the endpoint security management and the cloud and document security ...
View Full Bio More Insights

Tools & Training To ‘Hack Yourself’ Into Better Security

How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset. Perhaps you’ve purchased the best cybersecurity technology available. Maybe you’ve brought in a red team (or have one in-house). You feel prepared in case of a cyber attack. However, there’s another step to attaining the proper level of preparation for today’s sophisticated cyber attacks: making sure your blue team knows how attackers operate. If you can implement a “hack-yourself” program effectively, you can improve the effectiveness of your defense-in-depth strategies by having a blue team capable of carrying out red team exercises to gain a better awareness of how attackers might approach certain network vulnerabilities. When your network is under attack, your most valuable asset is time.

The faster you understand you’re being attacked and the quicker you understand what’s happening, the faster you can identify where the attackers are and what they’re doing. Responding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven’t yet achieved. The first step in improving preparation is theoretical training in the latest tools, techniques and procedures.

Cybersecurity conferences such as Black Hat, DefCon, BSides and the Chaos Communication Conference can provide the higher-level, theoretical learning to get your security team moving toward proper awareness and preparation.

The next step is to introduce red team exercises. Red team exercises with third-party consultants can help large enterprises spot critical vulnerabilities in their networks. However, many companies rely on these red team exercises to the point that they don’t maintain the proper level of internal cybersecurity awareness.

External red team exercises offer a level of expertise that most organization don’t have internally.

But there is also real value in implementing a “hack-yourself” program to build your security posture from the inside -- and arm your blue team with the necessary skills to think like the red team and improve your security posture. More than simulationsRather than having your security team practice hacking skills on third-party sites, internal red team exercises are carried out on your real network--they are not just simulations.

But to get the most out of a “hack yourself” program and avoid causing damage to the network, your security team must have the proper training to identify vulnerabilities as it hunts for data, administrator credentials, or any other valuable assets on your servers. One way to ensure your security team has the proper training to carry out an advanced “hack-yourself” program is to invest in the Cyber Guardians program from the SANS Institute.

The Cyber Guardians program consists of four core courses and corresponding certificates. The program is meant to provide security professionals with knowledge about all kinds of cyber attacks and how to respond to them accordingly.

After your security team has achieved Cyber Guardian status, you’ll know that they are capable of understanding many techniques attackers might use to maneuver through your network. Once your internal red team is trained to enact the “hack-yourself” program, you need to supply them with tools similar to those that attackers have at their disposal when launching threats.

The following are two toolkits blue teams can use together for an effective “hack-yourself” program: Metasploit through Kali Linux and Cobalt Strike. MetasploitMetasploit, which has been labeled the Attacker’s Playbook by many in the cybersecurity community, offers a rich library of exploits you can run on a number of different servers.
If your blue team can simulate the various steps of APT attacks, they will better be able to spot the attack paths and vulnerabilities that might have otherwise allowed major data breaches. However, before your internal security team can start using Metasploit to its fullest potential, they’ll need specific training. Offensive Security offers a free training program for the toolkit called Metasploit Unleashed. Cobalt StrikeCobalt Strike is a tool used by red teams to emulate real network threats. You can use the tools within Cobalt Strike to conduct penetration testing.

The toolkit’s website says the software includes functionality for: Network reconnaissance Attack packages for Java Applet, Microsoft Office, Microsoft Windows, website cloning and more Spear phishing Collaboration within the penetration team Post exploitation (execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads) Covert communications to evade security systems Browser pivoting to avoid two-factor authentication Reporting and logging to analyze the results of the exercise While Metasploit offers a collection of exploits for blue teams to use, the tools and functionality in Cobalt Strike help blue teams gather information and move laterally without exploits. With the combination of an exploit toolkit and a set of tools reconnaissance and lateral movement, your trained security team can successfully carry out a “hack-yourself” program and uncover even the deepest layer of vulnerabilities. Why "hack yourself?"If you’ve never experienced a cyber attack, you will likely think the first time will happen exactly as how you’ve studied.

Consequently, you will be caught off guard when an attack actually occurs; there will be so much more information that it’s hard to understand what’s important, what isn’t important, and what to investigate further.

The more you practice internally, the better prepared you’ll be when the time comes that you’re actually under attack. Related Content: Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016.

Click for information on the conference schedule and to register.
Ofer Israeli is illusive networks' founder and vice president of research and development. Prior to founding illusive networks, Ofer was a team leader at Check Point Software Technologies, where he led the endpoint security management and the cloud and document security ...
View Full Bio More Insights

Lurk Banker Trojan: Exclusively for Russia

One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”.

This is a kind of instruction given by more experienced Russian criminals to the younger generation.
It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don’t use compatriots to launder money.” “Working with RU” is not a great idea where cybercriminals’ safety is concerned: people from other countries are unlikely to report an incident to the Russian police.
In addition, online banking is not very popular in the RU zone – at least, it is much less popular than in the West.

This means that the potential income from operating in the RU zone is lower than in other zones, while the risk is higher. Hence the rule “Don’t work with RU”. As always, there are exceptions to the rule.

A rather prominent banker Trojan – Lurk – that is the subject of this paper has been used to steal money from Russian residents for several years. We have written about this banker Trojan before.
It caught our attention almost as soon as it appeared because it used a fileless spreading mechanism – malicious code was not saved on the hard drive and ran in memory only. However, until now no detailed description of Lurk had been published. What Makes the Trojan Different The Lurk banker Trojan is in a league of its own when it comes to malware designed to steal money from bank customers: Lurk has existed and actively evolved for over five years, but it works selectively – only on those computers where it can steal money.
In the more than five years that it has been active, about 60,000 bots have been registered in the C&C, which is not a huge number. Lurk is a versatile banker Trojan – it can steal money not only from the iBank 2 system that is used by many Russian banks but also from the unique online banking systems of some large Russian banks. Lurk actively resists detection: its developers work hard to minimize detections of their Trojan, while targeted attacks make it difficult to get new samples quickly. Based on the methods of internal organization used in the malware, its feature set and the frequency with which it is modified, it can be concluded that a team of professional developers and testers is working on the project. This is not to say that the Trojan is particularly well written: we have seen and analyzed banker Trojans with much higher code quality. Moreover, our analysis of Lurk has shown that several programmers with different levels of qualification have worked on the code.

The developers clearly made some bad choices in places, which have remained unfixed for years (needless to say, we are not going to alert the developers to their mistakes).
It is worth noting that the malware writers are developing their product: we see that the quality of code has improved over time and the solutions chosen by the developers have generally improved. What sets Lurk apart is that it is highly targeted – the authors do their best to ensure that as many victims of interest to them as possible get infected without catching the attention of analysts or researchers.

The incidents known to us make us believe that Lurk is successful at what it was designed for: we regularly receive reports of thefts from online banking systems and forensic investigations after the incidents reveal traces of Lurk on the affected machines. Victims The cybercriminals are interested in the following types of organizations: IT organizations working in telecommunications field; mass media and news aggregators; banks and financial organizations. Compromised computers of IT and telecoms companies provide the cybercriminals behind Lurk with new transfer servers through which traffic goes to the attackers’ servers. Media and news aggregator sites, particularly those visited by accountants, are used to infect a large number of users from Lurk’s ‘target audience’.

Banks and financial organizations are of interest to the cybercriminals in connection with their main goal – stealing money. We won’t comment on the reasons behind the malware authors’ attempts to get a foothold on the machines inside security agencies (these organizations are also among those targeted by Lurk). The Trojan’s targets appear to include Russia’s four largest banks. Distribution The well-known technique of drive-by downloads is used to distribute the Lurk banker Trojan.
In addition, the cybercriminals distribute the Trojan via compromised websites with legitimate software and across corporate networks – using the psexec utility. Infecting Using an Exploit Pack Lurk is distributed primarily using the infamous Angler exploit pack (cybercriminals call it XXX). With this method of distribution, users don’t have to do anything in particular for their computers to become infected. Angler is rightfully considered the flagship of exploit packs: exploits for new vulnerabilities are nearly always first implemented in Angler and only later make their way into other exploit packs (or perhaps are just borrowed’).

Exploits for zero-day vulnerabilities are also often implemented in Angler, making the exploit pack particularly dangerous. Preparation for infecting new victims with Lurk is usually performed as follows: A website that is of interest to the target audience is selected.

This can be a message board for accountants, a news portal, etc. The website is infected by stealthily placing a link on it that leads to the exploit pack’s landing page.
If it proves impossible to infect the site, a malicious link is placed into the materials of some ‘affiliate program’ that are shown on the site. Users visiting the site are redirected to the exploit pack’s landing page without their knowledge.

Angler attempts to exploit some vulnerability in the software installed on the user’s computer, which should result in the execution of Lurk’s downloader – mini. Curiously, the link to the exploit pack’s landing page is either placed for a short time or is regularly placed and removed.

For example, we have seen the message board of a well-known magazine for accountants become infected.

A malicious link appeared on the message board on weekdays for exactly two hours at lunchtime. Of course, we detected the anomalous activity and notified the owners of the resource. However, by the time they read our letter the resource was clean again and they could not identify the infection.

At the same time, during the period when the malicious link was shown on the message board, the Lurk owners managed to infect several new user machines. Infecting via Compromised Websites The second method of infection that the cybercriminals used extensively is the distribution of malicious code via legitimate websites.

Apparently, this distribution method involves providing infected files to users in the RU zone only, while other users get clean files. Infecting Machines across a Corporate Network The scheme whereby one computer in an organization is initially infected is very popular among cybercriminals.

Even if the infected machine itself is of no interest to the attackers, the computer is on the same network and on the same domain with other computers containing information that the Trojan’s owners want.
In such cases, the psexec utility developed by Mark Russinovich is used to distribute the malware across the network.

A special mini dropper is then used to execute the Trojan’s main module on other computers on the same network.

This method can result in dire consequences for the organization, since the security of a computer containing data of interest to the cybercriminals essentially depends on that of the least protected computer on the network that is under attack. Main Modules The Trojan consists of several modules that have reasonably rich capabilities.

The main Lurk modules are: mini module; prescanner module; core module (the bot’s kernel), core_x64 module (64 bit version of the kernel); mini_x64 module (64 bit version of the mini module). The mini Module In the first stage of an attack involving the Angler exploit pack, a vulnerability found in the user’s software is exploited and the mini module of Lurk banker Trojan is downloaded and executed.

As mentioned above, the user can download the malicious file from a compromised website; another possibility is infection over the local network. By Lurk standards, mini is a small program (100-400 KB).
Its main function is to download and execute two other main Lurk modules.

The address of the server used by mini is hardcoded in the program’s body. Modules are downloaded using standard GET requests.

The modules downloaded by mini are encrypted, with different encryption algorithms used.

The prescanner module is encrypted using the simple “xor-next” algorithm. Other modules are encrypted using the BlowFish algorithm (ECB Mode), the pseudo key for which is hardcoded into mini.

The real key is created from the hardcoded pseudo key using a sequential search for one character (a brute force attack). To avoid having to download additional modules every time mini is executed, the Trojan saves these modules in a separate encrypted file located in %APPDATA% folder.

The contents of the storage is encrypted with the Blowfish algorithm, using a key that depends on the time the Windows folder was created.
In addition to a plugin’s name and body, the storage file includes a list of checksums of the names of those processes in whose context the plugin is to be executed.

This information is used by mini to determine which process a plugin should be injected into: for web injection modules, this is a browser process; for the ibank module, it is Java.exe, in whose context the online banking system operates. The prescanner module According to the operating logic of mini, the second stage of the attack is to load the prescanner module.

The module is a dynamically loaded library with only one exported function – Prescan. The cybercriminals need prescanner to make their attacks as narrowly targeted as possible.
If a machine does not match the specific rules of prescanner and no online banking systems have been found on it, the module reports this to mini and the latter decides not to try to achieve persistence on the machine.
In this way, the Trojan’s developers try to avoid attracting the attention of law enforcement agencies and anti-malware product developers.

The following fact supports this idea: every time a new bot is registered by the C&C, a unique identifier – bot number – is assigned to the bot.
In the more than five years that the banker Trojan has existed, only about 60,000 bots have been registered by the C&C. Prescanner performs two main tasks: collecting information about an infected system; grabbing passwords from FTP clients found on the user’s machine. After collecting information about the machine and checking whether its rules are observed, prescanner sends a report to its command server.
In the cases that we have seen, the C&C used by prescanner was the same as that used by the mini downloader. If it is decided that a machine is unsuitable for a Lurk attack based on the analysis performed, mini and prescanner modules terminate and uninstall themselves.
If prescanner has made the decision to ensure persistence on the machine, it reports this to the mini downloader, which in turn downloads and executes the core module – the bot’s main body. The core module Core is the main module of Lurk.
Its main functions are: network interaction with the C&C; executing commands received from the cybercriminals; logging keypresses (keylogger function) and recording video from the infected system’s screen; maintaining the encrypted data storage and Lurk settings; downloading, installing and executing the Trojan’s additional modules. The core module is a communication channel of sorts between all the other malware modules and the command server.

The C&C servers used for mini and for core are different.

Core does not have a hardcoded command server address.

The address of its command server is calculated using DGA – the Domain Generation Algorithm.

Among other DGA input parameters, the Trojan’s authors use exchange quotation data received from Yahoo Finance.

This means that the data used to generate C&C addresses cannot be known to security experts in advance.

As a result, it is impossible to predict the addresses generated by Lurk. After successfully establishing a connection, data collected by the malware and the results of executing commands are sent to the command server every five minutes, with requests for new updates and commands.

All communication between the core module and the C&C is encrypted – core and C&C exchange data is in the JSON format. The function of intercepting data entered on the keyboard is implemented in the core module in the newer versions of Lurk (starting at least from 8.9773). Keypresses are intercepted only in the context of windows that have specific words/phrases in their names.

The list of these words/phrases is received from the C&C.
Intercepted data is sent to the command server during the next communication session (every 5 minutes). The main part of Lurk’s storage is located in the system registry, but some additional data belonging to the storage can be saved as a file on the hard drive.

As a rule, files are used to store a large but logically uniform volume of data, such as video captured from the screen or code for web injection.

But in any case, links to these additional files are always present in the main part of the storage, which is located in system registry. Additional modules The bot’s additional modules (plugins) are downloaded by the core module to those computers the malicious program deems most suitable.

Those modules that are required on a specific computer to steal money are downloaded to that computer. The Lurk modules currently known to us are listed in the table below. Plugin GUID Name Plugin function {5FBA6505-4075-485b-AEC4-75767D9054C9} module_Bifit A set of .class-files designed to introduce changes into the normal operation of iBank 2 systems, in order to steal money. {0F3E7AFA-1F2B-4b0e-99D6-3716A4C3D6DE} module_Bifit_admin An administrative applet for iBank 2 systems modified by cybercriminals, designed to steal credentials and key files from iBank 2 systems. {04DB063E-1454-4a73-B2CC-4DB6D4BB6AA1} module_ibank This plugin is used to inject malicious applets into the iBank 2 system.

These applets (along with other tools) are used to steal money from the user. {AABA3126-14E2-443b-A11B-FB6C1F793103} module_w3bank This plugin is designed to organize web injections into the pages of remote banking systems. {5C345F77-B111-4a85-B6D6-EC8F27F993C4} module_w3bank_scripts A set of scripts written in JavaScript for injection by the module w3bank; designed to steal money and data from remote banking systems. {50D13F6C-FC46-4fdf-A294-E149D36E54D4} module_spider An auxiliary module whose main task is to ensure other Lurk modules are loaded into the contexts of the processes iexplore.exe, firefox.exe, chrome.exe, opera.exe, jp2launcher.exe, java.exe before these processes are actually launched. {52F1F7D8-4BCC-4498-AC86-3562F81990F6} module_vnc This plugin provides remote access via VNC to the infected computer (for remote control over the infected computer). {A06B5020-0DF3-11E5-BE38-AE5E4B860EDE} rdp-plugin-x86 This plugin ensures that RDP is enabled on the infected computer. {9F786E98-3D4C-4020-8819-B97D9D4DBCC0} highLauncher Bot plugin loader at a high Integrity level (required for rdp-plugin-x86 and lsa-plugin-x86). {968A2A9A-7DF4-4E69-BF81-563AF8FFB7DC} launcher The loader of mini.
It awaits an IPC message with the name <LurkDll>, after which it loads mini with the help of LoadLibrary().
It is used in the mini launch process while escalating privileges. {5B3957F2-AAAF-4FF8-94B8-83C52AFCD2A9} lsa-plugin-x86 The plugin for grabbing administrator and/or domain accounts (the well-known program mimikatz is used). We will now look at three bot modules (plugins) in more detail – they are the modules w3bank and ibank.dll – the two workhorses of the Lurk Trojan that are directly involved in stealing money – and the module_vnc module that makes it possible to remotely control the infected system using the VNC protocol. The w3bank module The w3bank module is designed for attacks on remote banking systems.
Its main task is to perform injections into the user’s browser. In the cases of Mozilla Firefox and Google Chrome, a new browser user profile is created at each launch.

This helps hide the Trojan’s activities from the legitimate user, who will not be able to see any trace in the history of visited sites.

This also helps create a separate session on a website, parallel to an already open session.
In particular, this makes it possible to log in a second time to the site the legitimate user is working with, and perform actions in a parallel session that will not affect the user’s session. The ibank module The ibank module is designed to steal money in iBank remote banking systems. This module runs in the context of a Java virtual machine. When a Java applet is started, it is checked to see whether it belongs to the iBank 2 system.
If this remote banking system is launched, a request is sent to the C&C asking if the applet should be blocked or allowed to run.
If an “allow to run” command arrives in response, a set of Java-class files is sent to replace the original classes of the iBank applet. The infected applet enables the cybercriminals to stealthily replace the data in payment orders, leaving the original information in the printouts. The module_vnc module The module_vnc module provides the ability to remotely control an infected system using the VNC protocol. When this happens, the remote node gains full access to the system: it can see the image displayed on the screen, send and receive any files or data, including data from video/audio input devices, use the software installed on the machine and install new software. This module also makes it possible to launch browser processes with the following parameters: Mozilla Firefox: -profileGoogle Chrome: –user-data-dir=Internet Explorer: -nomerge Each time Mozilla Firefox and Google Chrome are launched a new browser user profile is created.

This helps hide the Trojan’s activities from the legitimate user, who will not be able to see any trace in the history of visited sites.

This also helps create a separate session on a website, parallel to an already open session.
In particular, this makes it possible to log in a second time to the site the legitimate user is working with, and perform actions in a parallel session that will not affect the user’s session. Stages of a Lurk attack As a result, the Trojan’s typical attack sequence is as follows: The user’s computer is infected by exploiting a vulnerability; The mini module is launched on the infected computer; mini downloads the prescanner module and launches it; prescanner steals the user’s FTP credentials; If an analysis finds that the infected computer is unsuitable, mini and prescanner silently terminate themselves. If the infected computer is of interest to the cybercriminals, the attack continues. If the attack continues, mini downloads and launches the core module, the bot’s main body. core connects to the bot’s C&C server, receives commands from the cybercriminals and executes them. core receives the bot’s additional plugins. core spies on the user: intercepts data entered from the keyboard, and captures the video stream from the screen of the infected system.

Capturing is only performed for windows with specific keywords/phrases in their names.

A list of keywords is received from the C&C and is primarily determined by the financial interests of Lurk’s owners. Using additional modules (ibank, w3bank), Lurk steals money from remote banking systems. Example of an Attack on a Bank During our research, we detected a Lurk attack on a major Russian bank that was using the w3bank module to perform web injections. We were able to obtain the scripts of the injections. The files of the infection scripts have identical names for different remote online banking systems (content.min.js), but a different GUID, as the latter is generated in a random fashion. This script intercepts the authentication information entered into the remote banking system. When the user logs in to the remote banking system, their username and password are intercepted.

After successful authentication, a parallel session is created that is hidden from the user and in which Lurk scans the banking pages and searches for the card holder’s name and the phone number linked to the card.

The malicious script collects all the information required to make a payment in that online banking system.

This information is then sent to the C&C server whose address is identical to the network address of the server communicating with the core module. In response, the C&C server may send a script to be executed in the browser context. We were unable to obtain such a script for this research. The C&C server may also register an automated payment that will be executed the next time the user logs in to the online banking system. Conclusion The Trojan’s creators have made an effort to protect their creation from researchers, and especially to protect Lurk from an in-depth analysis, or, at the very least, greatly hinder such analysis. However, despite all the difficulties of analyzing the Trojan, Lurk is quickly detected by modern anti-malware solutions. It’s not only anti-malware companies that are countering Lurk; the manufacturer of the iBank 2 system, BIFIT, is also taking measures to combat the attacks launched against its product.

The company has implemented methods to counteract banking Trojans in its iBank 2 software and investigated their effectiveness.

The BIFIT research shows that of all the protection tools implemented in iBank 2, only control over the bank’s server is effective against Lurk; all the other measures implemented in iBank 2 were successfully bypassed by the Lurk creators, testifying to their professionalism. Lurk gives the impression of being a complex, powerful system designed to achieve its creators’ criminal goals, i.e., stealing money from users.

The perseverance and focus with which they work with their Trojan suggest they are highly motivated. Kaspersky Lab counteracts this Trojan using signature-based, heuristic and proactive detection methods. With this approach, we can even detect new specimens of Lurk before they are added to our collection. Kaspersky Lab’s products detect this Trojan with the following verdicts: Trojan.Win32.Lurk, Trojan-Banker.Win32.Lurk, Trojan-Spy.Win32.Lurk. In conclusion, we give the following recommendations that may be hackneyed but are nonetheless relevant.

The security of an online banking system is ensured by: Competent design and administration of an organization’s local area networks; Regular training on information security rules and norms for employees; Use of modern security software that is regularly updated. We are confident that observing these simple rules will help ensure a high level of protection from Lurk and similar threats. IOCS: Registry keys: HKCU\Software\Classes\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887}HKLM\Software\Classes\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887}HKCU\Software\Classes\Drive\ShellEx\FolderExtensions\{118BEDCC-A901-4203-B4F2-ADCB957D1887}HKLM\Software\Classes\Drive\ShellEx\FolderExtensions\{118BEDCC-A901-4203-B4F2-ADCB957D1887} Files: Possible names of the mini module: %APPDATA%\API32.DLL%APPDATA%\dlg.dll%APPDATA%\mm.dll%APPDATA%\setup.dll%APPDATA%\help.dll%APPDATA%\mi.dll%APPDATA%\http.dll%APPDATA%\wapi.dll%APPDATA%\ER32.DLL%APPDATA%\core.dll%APPDATA%\theme.dll%APPDATA%\vw.dll%APPDATA%\el32.dll%APPDATA%\sta.dll%APPDATA%\p10.dll%APPDATA%\fc.dll%APPDATA%\in_32.dll%APPDATA%\pool.drv%APPDATA%\env.dll%APPDATA%\man.dll Possible names of the storage module: %APPDATA%\ddd2.dat%APPDATA%\pdk2.dat%APPDATA%\km48.dat%APPDATA%\9llq.dat%APPDATA%\ddqq.dat%APPDATA%\834r.dat%APPDATA%\gi4q.dat%APPDATA%\wu3w.dat%APPDATA%\qq34.dat%APPDATA%\dqd6.dat%APPDATA%\w4ff.dat%APPDATA%\ok4l.dat%APPDATA%\kfii.dat%APPDATA%\ie31.dat%APPDATA%\4433.dat Network indicators: C&C servers: 3d4vzfh68[.]com43xkchcoljx[.]comcarlton69f[.]comdiameter40i[.]comelijah69valery[.]comembassy96k[.]comevince76lambert[.]comglobe79stanhope[.]comgroom58queasy[.]comhackle14strand[.]comhotbed89internal[.]commechanic17a[.]compaper17cried[.]complaguey42u[.]compossum89hilarity[.]comrhythmic81o[.]comri493hfkzrb[.]comroomful44e[.]coms8f40ocjv[.]comscale57banana[.]comwing97pyroxene[.]comyf3zf90kz[.]com IDS rules: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:”Bot.Lurk.HTTP.C&C”; flow:established,to_server; content:”POST”; pcre:”/\?hl=[a-z]+&source=[^\r\n&]+&q=[^\r\n&]+/msi”;) MD5: mini: 185C8FFA99BA1E9B06D1A5EFFAE7B8422F3259F58A33176D938CBD9BC342FDDD217DAB08B62B6F892A7D33E05E7F788C3387E820F0F67FF00CF0C6D0F5EA2B7536DB67CCADC59D27CD4ADF5F0944330D6548D3304E5DA11ED2BED0551C3D692272D272A8198F1E5849207BC03024922D85B66824A7F2787E87079903F0ADEBDFB4FFAD760A52760FBD4CE25D7422A07BC461706E084880A9F0409E3A6B1F1ECDD0B4C0B43F539384BBDC103182E7FF42E006469EA4B34C757FD1AA38E6BDAA72E305B5D37B04A2D5D9AA8499BBF88940E9CAB9097E7F847B388B1C27425D6E9AE9DA19440FCA6F0747BDEE8C7985917FF5022EAE8004458174C10CB80CCE5317 prescanner: A802968403162F6979D72E04597B6D1F core: C15E18AFF4CDC76E99C7CB34D4782DDA8643E70F8C639C6A9DB527285AA3BDF7 ibank.dll: A6C032B192A8EDEF236B30F13BBFF2044CB6CA447C130554FF16787A56A1E278BFE73DE645C4D65D15228BD9A3EBA1B6CC891B715C4D81143491164BFF23BF27 module_vnc: 601F0691D03CD81D94AD7BE13A10A4DB6E5ADF6246C5F8A4D5F4F6BBFC5033B978EDD93CEA9BEDB90E55DE6D71CEA9C4 w3bank.dll: 1B84E30D4DF8675DC971CCB9BEE7FDF53A078D5D595B0F41AD74E1D5A05F7896

Malware 'Crysis': New Strain Combines Multiple Threats, Platforms

NEWS ANALYSIS: The latest release of Crysis malware combines ransomware with a data breach, and then spreads on its own. In some ways, the latest variation of Crysis (or Crisis, depending on whom you ask) malware either provides something for everyone,...