Red Hat Product Errata RHSA-2013:0624 - Security Advisory

Issued:: 2013-03-11
Updated:: 2013-03-11

RHSA-2013:0624 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: java-1.5.0-ibm security update

Type/Severity

Security Advisory: Critical

Topic

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2013-0409, CVE-2013-0424,
CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432,
CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443,
CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478,
CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493)

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16 release. All running instances
of IBM Java must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server - Extended Update Support 6.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 6.4 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.9 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.9 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.9 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.5 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.4 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.9 ppc
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 i386
Red Hat Enterprise Linux Server - AUS 6.4 x86_64
Red Hat Enterprise Linux Server - AUS 5.9 x86_64
Red Hat Enterprise Linux Server - AUS 5.9 i386
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.4 s390x

Fixes

BZ - 859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
BZ - 906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
BZ - 906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
BZ - 906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
BZ - 906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
BZ - 906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
BZ - 906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
BZ - 907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
BZ - 907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
BZ - 907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)
BZ - 907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
BZ - 907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
BZ - 907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
BZ - 907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
BZ - 907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
BZ - 907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
BZ - 907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
BZ - 907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
BZ - 913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
BZ - 917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
BZ - 917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675)

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177
i386
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 31ea021a451d1bea0986a8af144a8f109e6757a062a51df936a99ed9b65ed71b
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177
i386
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 31ea021a451d1bea0986a8af144a8f109e6757a062a51df936a99ed9b65ed71b
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177
i386
java-1.5.0-ibm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 80c6cf120f95fe3dfb62092a72b16f164e30f532ac0ed2723582969a4c88fbcb
java-1.5.0-ibm-accessibility-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 31ea021a451d1bea0986a8af144a8f109e6757a062a51df936a99ed9b65ed71b
java-1.5.0-ibm-demo-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 57a6cd2a773f30075c51a567d5c7df8b7d1a2f769e70b3597419d1d83b3a567d
java-1.5.0-ibm-devel-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: ae44e7442990b7b300635fee2ec9d51ae9c6623e10240ae339475e4fd8c7431f
java-1.5.0-ibm-javacomm-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: c1ecf2add6d9e598646fd6ecc631d321c91dcc87e4588fc3277d5943ddd04ac8
java-1.5.0-ibm-jdbc-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: b90a5e659840e550be525766024367e3c5191018a85a1e73dd7ec197f384f3f7
java-1.5.0-ibm-plugin-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 99e57e70d5bdf11c19f5bd8348fc69784bed9c46a13714edad5d842f6845d781
java-1.5.0-ibm-src-1.5.0.16.0-1jpp.1.el5_9.i386.rpm	SHA-256: 9a7cd9761fbf258ff9a41ec5040cb8446976a7c7088fdf2dae3d113836511177

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories