Synopsis

Important: java-1.6.0-openjdk security update

Type/Severity

Security Advisory: Important

Topic

Updated java-1.6.0-openjdk packages that fix two security issues are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

An improper permission check issue was discovered in the JMX component in
OpenJDK. An untrusted Java application or applet could use this flaw to
bypass Java sandbox restrictions. (CVE-2013-1486)

It was discovered that OpenJDK leaked timing information when decrypting
TLS/SSL protocol encrypted records when CBC-mode cipher suites were used.
A remote attacker could possibly use this flaw to retrieve plain text from
the encrypted packets by using a TLS/SSL server as a padding oracle.
(CVE-2013-0169)

This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to
the NEWS file, linked to in the References, for further information.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Server - Extended Update Support 5.9 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 5.9 i386
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 i386
• Red Hat Enterprise Linux Server - AUS 5.9 x86_64
• Red Hat Enterprise Linux Server - AUS 5.9 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Desktop 5 x86_64

Fixes

• BZ - 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
• BZ - 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)

CVEs

• CVE-2013-0169
• CVE-2013-1486

References

• https://access.redhat.com/security/updates/classification/#important
• http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.8/NEWS

Red Hat Enterprise Linux Server 5

SRPM
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm	SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
x86_64
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
i386
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8

Red Hat Enterprise Linux Server - Extended Update Support 5.9

SRPM
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm	SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
x86_64
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
i386
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8

Red Hat Enterprise Linux Workstation 5

SRPM
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm	SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
x86_64
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
i386
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8

Red Hat Enterprise Linux Desktop 5

SRPM
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm	SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
x86_64
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
i386
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8

Red Hat Enterprise Linux Server from RHUI 5

SRPM
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm	SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
x86_64
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
i386
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9

SRPM
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm	SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
x86_64
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
i386
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.src.rpm	SHA-256: a2ddfa1d6f681b63902e73eb12572244a401100215aba29e95c87797b51a133d
x86_64
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 6fd5305eb8f0ef8fb4f247371bc30374655fe68ed44d6d67b500a299573af9e5
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: dbf8837b57c211e7f861b9019a902efbf753cde71ea2a9000783f29705e26b4e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: fca7e54331ca775e8eabc1982c13883f0608e0397bcd51804feee550ef607418
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: 708aef3072b7b326868e1275a8838e1c8db97c067e77ba2e75ab143e78c0a238
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: ac2d7cb822cfac0c491d4d483dadfde971082b13a120370eb7320f33d683b4e5
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.x86_64.rpm	SHA-256: af2e3ac331ba3e94c920fa9fd528acfa41146db68ec61db577bec014375c6571
i386
java-1.6.0-openjdk-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: f379809a10445e0a2016d42ba13c2baa021334b02762c34a9cd266ba9f030442
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 7724f9b361373d132d204c4f5ce81b0469bb4ae617579e3f47237d2cdb0fbd5e
java-1.6.0-openjdk-demo-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 95d95aef6032a6b0aaccf933a081321cd93c8c1d1c8424b327a0c9bde46692c6
java-1.6.0-openjdk-devel-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 2261aaa9ace396d10ee8fde83d06b7b54485a40c55a880e398e9c714a2972043
java-1.6.0-openjdk-javadoc-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 34b2d91378cfdd9936b68b0b66799aab7030b03933465d7aea56ac60eb339a24
java-1.6.0-openjdk-src-1.6.0.0-1.35.1.11.8.el5_9.i386.rpm	SHA-256: 19c503be49621dea83c9dcf690df83b3b619a6106b4ea76ebdec80f67baef9e8