Red Hat Product Errata RHSA-2013:1081 - Security Advisory

Issued:: 2013-07-16
Updated:: 2013-07-16

RHSA-2013:1081 - Security Advisory

Overview
Updated Packages

Synopsis

Important: java-1.5.0-ibm security update

Type/Severity

Security Advisory: Important

Topic

Updated java-1.5.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2013-1500, CVE-2013-1571,
CVE-2013-2443, CVE-2013-2444, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448,
CVE-2013-2450, CVE-2013-2452, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,
CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,
CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473,
CVE-2013-3743)

Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and
US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the
original reporter of CVE-2013-1571.

All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16-FP3 release. All running
instances of IBM Java must be restarted for this update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server - Extended Update Support 6.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 6.4 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.9 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.9 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.9 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.5 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.4 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.9 ppc
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.4 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9 i386
Red Hat Enterprise Linux Server - AUS 6.4 x86_64
Red Hat Enterprise Linux Server - AUS 5.9 x86_64
Red Hat Enterprise Linux Server - AUS 5.9 i386
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.4 s390x

Fixes

BZ - 973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)
BZ - 975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243)
BZ - 975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)
BZ - 975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)
BZ - 975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)
BZ - 975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438)
BZ - 975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597)
BZ - 975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601)
BZ - 975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071)
BZ - 975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328)
BZ - 975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
BZ - 975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038)
BZ - 975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642)
BZ - 975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120)
BZ - 975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330)
BZ - 975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033)
BZ - 975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812)
BZ - 975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)
BZ - 975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)
BZ - 975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)
BZ - 975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)
BZ - 975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D)
BZ - 975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Update Support 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: e2c0ab3e9952ac5515ca1dae6326e3ab9ba33058b60fc32042d427aaaf823f5b
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 1d201b7bb07697b248b6aa60d1f5bdf96fd1eb16ff2f44a977b26ed238505b50
java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: f2872d99d1caa6d2efaca09b866b60eb3c6ebcb2e48e0957085a0e35e2763bba
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 61878171d51db1d2c64af284185d2f9eb139859c6dd3cf3bf87e684225e72b5d
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 74c2b5af71c673a6d460ce79821c4510f2cb12bac78e1783c167e7b84e06ba5a
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: d61ecd3ae1779ebf3b28d169a1c60cafcb020220436a1315e84eea42e2994e58
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: c3e918dd04ca2933eb42fb0c2c8ed0e66d273d5699e75e0abf6b8c9cb2e8804c
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0f3500e78407af78c32e25268d7d808342910b3861401f99f8a0df0e7dc5bd5e
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 7efb2a88d5f20870c073d3abd76e1dbb253347bb0f216de35c7ae99c2151cc73
java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0bf8ac3a9c3df8f355d476153f8d1030eb5a38bf01f29d80e170a4b72a03f499
java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 57f882c4690712a9771e34d7a4a1c65c862ce9fc2f8ba838516278966ba2365a
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: c7d3455e98619098165428a62d344b2af9adad58e44cabc95163e35d1acad7d1
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: a08f10c74c86438f85cc2ee78a5665583c9d1b3ff8d1e781ce51790457d8253c
i386
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: e2c0ab3e9952ac5515ca1dae6326e3ab9ba33058b60fc32042d427aaaf823f5b
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 61878171d51db1d2c64af284185d2f9eb139859c6dd3cf3bf87e684225e72b5d
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: d61ecd3ae1779ebf3b28d169a1c60cafcb020220436a1315e84eea42e2994e58
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0f3500e78407af78c32e25268d7d808342910b3861401f99f8a0df0e7dc5bd5e
java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0bf8ac3a9c3df8f355d476153f8d1030eb5a38bf01f29d80e170a4b72a03f499
java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 57f882c4690712a9771e34d7a4a1c65c862ce9fc2f8ba838516278966ba2365a
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: c7d3455e98619098165428a62d344b2af9adad58e44cabc95163e35d1acad7d1

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: e2c0ab3e9952ac5515ca1dae6326e3ab9ba33058b60fc32042d427aaaf823f5b
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 1d201b7bb07697b248b6aa60d1f5bdf96fd1eb16ff2f44a977b26ed238505b50
java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: f2872d99d1caa6d2efaca09b866b60eb3c6ebcb2e48e0957085a0e35e2763bba
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 61878171d51db1d2c64af284185d2f9eb139859c6dd3cf3bf87e684225e72b5d
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 74c2b5af71c673a6d460ce79821c4510f2cb12bac78e1783c167e7b84e06ba5a
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: d61ecd3ae1779ebf3b28d169a1c60cafcb020220436a1315e84eea42e2994e58
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: c3e918dd04ca2933eb42fb0c2c8ed0e66d273d5699e75e0abf6b8c9cb2e8804c
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0f3500e78407af78c32e25268d7d808342910b3861401f99f8a0df0e7dc5bd5e
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 7efb2a88d5f20870c073d3abd76e1dbb253347bb0f216de35c7ae99c2151cc73
java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0bf8ac3a9c3df8f355d476153f8d1030eb5a38bf01f29d80e170a4b72a03f499
java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 57f882c4690712a9771e34d7a4a1c65c862ce9fc2f8ba838516278966ba2365a
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: c7d3455e98619098165428a62d344b2af9adad58e44cabc95163e35d1acad7d1
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: a08f10c74c86438f85cc2ee78a5665583c9d1b3ff8d1e781ce51790457d8253c
i386
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: e2c0ab3e9952ac5515ca1dae6326e3ab9ba33058b60fc32042d427aaaf823f5b
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 61878171d51db1d2c64af284185d2f9eb139859c6dd3cf3bf87e684225e72b5d
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: d61ecd3ae1779ebf3b28d169a1c60cafcb020220436a1315e84eea42e2994e58
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0f3500e78407af78c32e25268d7d808342910b3861401f99f8a0df0e7dc5bd5e
java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0bf8ac3a9c3df8f355d476153f8d1030eb5a38bf01f29d80e170a4b72a03f499
java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 57f882c4690712a9771e34d7a4a1c65c862ce9fc2f8ba838516278966ba2365a
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: c7d3455e98619098165428a62d344b2af9adad58e44cabc95163e35d1acad7d1

Red Hat Enterprise Linux Server - AUS 5.9

SRPM
x86_64
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: e2c0ab3e9952ac5515ca1dae6326e3ab9ba33058b60fc32042d427aaaf823f5b
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 1d201b7bb07697b248b6aa60d1f5bdf96fd1eb16ff2f44a977b26ed238505b50
java-1.5.0-ibm-accessibility-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: f2872d99d1caa6d2efaca09b866b60eb3c6ebcb2e48e0957085a0e35e2763bba
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 61878171d51db1d2c64af284185d2f9eb139859c6dd3cf3bf87e684225e72b5d
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 74c2b5af71c673a6d460ce79821c4510f2cb12bac78e1783c167e7b84e06ba5a
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: d61ecd3ae1779ebf3b28d169a1c60cafcb020220436a1315e84eea42e2994e58
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: c3e918dd04ca2933eb42fb0c2c8ed0e66d273d5699e75e0abf6b8c9cb2e8804c
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0f3500e78407af78c32e25268d7d808342910b3861401f99f8a0df0e7dc5bd5e
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: 7efb2a88d5f20870c073d3abd76e1dbb253347bb0f216de35c7ae99c2151cc73
java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0bf8ac3a9c3df8f355d476153f8d1030eb5a38bf01f29d80e170a4b72a03f499
java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 57f882c4690712a9771e34d7a4a1c65c862ce9fc2f8ba838516278966ba2365a
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: c7d3455e98619098165428a62d344b2af9adad58e44cabc95163e35d1acad7d1
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.x86_64.rpm	SHA-256: a08f10c74c86438f85cc2ee78a5665583c9d1b3ff8d1e781ce51790457d8253c
i386
java-1.5.0-ibm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: e2c0ab3e9952ac5515ca1dae6326e3ab9ba33058b60fc32042d427aaaf823f5b
java-1.5.0-ibm-demo-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 61878171d51db1d2c64af284185d2f9eb139859c6dd3cf3bf87e684225e72b5d
java-1.5.0-ibm-devel-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: d61ecd3ae1779ebf3b28d169a1c60cafcb020220436a1315e84eea42e2994e58
java-1.5.0-ibm-javacomm-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0f3500e78407af78c32e25268d7d808342910b3861401f99f8a0df0e7dc5bd5e
java-1.5.0-ibm-jdbc-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 0bf8ac3a9c3df8f355d476153f8d1030eb5a38bf01f29d80e170a4b72a03f499
java-1.5.0-ibm-plugin-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: 57f882c4690712a9771e34d7a4a1c65c862ce9fc2f8ba838516278966ba2365a
java-1.5.0-ibm-src-1.5.0.16.3-1jpp.1.el5_9.i386.rpm	SHA-256: c7d3455e98619098165428a62d344b2af9adad58e44cabc95163e35d1acad7d1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories