Red Hat Product Errata RHSA-2016:1039 - Security Advisory

Issued:: 2016-05-11
Updated:: 2016-05-11

RHSA-2016:1039 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: java-1.8.0-ibm security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR3.

Security Fix(es):

This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2016-0264, CVE-2016-0363, CVE-2016-0376, CVE-2016-0686, CVE-2016-0687, CVE-2016-3422, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

BZ - 1324044 - CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix
BZ - 1327743 - CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)
BZ - 1327749 - CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051)
BZ - 1328059 - CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)
BZ - 1328210 - CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)
BZ - 1328618 - CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)
BZ - 1328619 - CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)
BZ - 1328620 - CVE-2016-3422 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)
BZ - 1330986 - CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
BZ - 1331359 - CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM

CVEs

References

http://www.redhat.com/security/updates/classification/#normal

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 08ed84342e0f82bffaa8daaa6dffef9b12fa8b7538e778733b2e19a50c7f4858
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: d447cd11dee2f81f5ca80e7a641d0e31f73c28cfe4e098b5712d399502f71592
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 2ccfd210d79f831e1c0629fe86f891c6a1f6d0b2fd36e5289118956204902dbb
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 3859afee573cb28cc1ad103a505a3f0299f2aa42a7a6113e12f35ccef2e7c1b9
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: e82dc41c1851225bd06c4a05b5e498824f8a5c6968ed10a712361922a1469eb9
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 74829830f15692bd38c1b7f24d6be7d55cb10795f9ff2d5bf97e3aefefa7e22f
i386
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1d4c7cb2623c2c1872a25f6e2b41f6f68e9f48701037bda7ace70c899a13274b
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 2d08de5b7c482b5cfd942ca7843c3e8e05769cfecab6ec3bcd04e28e6fbed63b
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 027c63ae52d1019094544879c0f06a6fc0be77db7819c5563476015807db8760
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 76074fdaeb86f3c3512c7677e7d9fd1a45ddc076bb6f84631621da39a2cb0e53
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: b3b05fbaacd49cd377e9684ead8764e1c2bfa9083d201ead70099e4556fc0073
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1fcdaea4866716910127d728b228ff7c28a4822c137fdf037904bbc89a1f2b62

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 08ed84342e0f82bffaa8daaa6dffef9b12fa8b7538e778733b2e19a50c7f4858
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: d447cd11dee2f81f5ca80e7a641d0e31f73c28cfe4e098b5712d399502f71592
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 2ccfd210d79f831e1c0629fe86f891c6a1f6d0b2fd36e5289118956204902dbb
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 3859afee573cb28cc1ad103a505a3f0299f2aa42a7a6113e12f35ccef2e7c1b9
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: e82dc41c1851225bd06c4a05b5e498824f8a5c6968ed10a712361922a1469eb9
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 74829830f15692bd38c1b7f24d6be7d55cb10795f9ff2d5bf97e3aefefa7e22f
i386
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1d4c7cb2623c2c1872a25f6e2b41f6f68e9f48701037bda7ace70c899a13274b
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 2d08de5b7c482b5cfd942ca7843c3e8e05769cfecab6ec3bcd04e28e6fbed63b
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 027c63ae52d1019094544879c0f06a6fc0be77db7819c5563476015807db8760
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 76074fdaeb86f3c3512c7677e7d9fd1a45ddc076bb6f84631621da39a2cb0e53
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: b3b05fbaacd49cd377e9684ead8764e1c2bfa9083d201ead70099e4556fc0073
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1fcdaea4866716910127d728b228ff7c28a4822c137fdf037904bbc89a1f2b62

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 08ed84342e0f82bffaa8daaa6dffef9b12fa8b7538e778733b2e19a50c7f4858
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: d447cd11dee2f81f5ca80e7a641d0e31f73c28cfe4e098b5712d399502f71592
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 2ccfd210d79f831e1c0629fe86f891c6a1f6d0b2fd36e5289118956204902dbb
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 3859afee573cb28cc1ad103a505a3f0299f2aa42a7a6113e12f35ccef2e7c1b9
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: e82dc41c1851225bd06c4a05b5e498824f8a5c6968ed10a712361922a1469eb9
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 74829830f15692bd38c1b7f24d6be7d55cb10795f9ff2d5bf97e3aefefa7e22f
i386
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1d4c7cb2623c2c1872a25f6e2b41f6f68e9f48701037bda7ace70c899a13274b
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 2d08de5b7c482b5cfd942ca7843c3e8e05769cfecab6ec3bcd04e28e6fbed63b
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 027c63ae52d1019094544879c0f06a6fc0be77db7819c5563476015807db8760
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 76074fdaeb86f3c3512c7677e7d9fd1a45ddc076bb6f84631621da39a2cb0e53
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: b3b05fbaacd49cd377e9684ead8764e1c2bfa9083d201ead70099e4556fc0073
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1fcdaea4866716910127d728b228ff7c28a4822c137fdf037904bbc89a1f2b62

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
s390x
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.s390x.rpm	SHA-256: e3042825c2785c6032bcec23a7637dc2f03ff7a21f0b5e6f3303d6ce1f2a7319
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.s390x.rpm	SHA-256: c678fde117d6b49c35e259bede127835c882c82399b2b8ca1eb065a5c872a6ee
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.s390x.rpm	SHA-256: 35cb633856154968f34c70f996f48b801e0fc26db405d6ba70c3d3515fe108a0
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.s390x.rpm	SHA-256: 3b9758752109bc952377031bc9c0882e75f83e45a16845fc0b8c3b795d2415a9
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.s390x.rpm	SHA-256: 13f69db9d667debad4cfa1155d601af0899c154cf9cd193b210568b7b667062b

Red Hat Enterprise Linux for Power, big endian 6

SRPM
ppc64
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.ppc64.rpm	SHA-256: 83ab4d059d7995450ca55b45a27d72a2cc32a5f74daddbe61567d47d41969f56
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.ppc64.rpm	SHA-256: 01afaaae761dce50086e2292050b1ef389bccfa61329e368d1a6b98895c98a3a
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.ppc64.rpm	SHA-256: 373986981b5c0179759c44c809ed8205ee8166f0ba4e6f88ddbad5472f40ea1b
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.ppc64.rpm	SHA-256: fc055c25861538cb413ca21774a733d3e4a0347ef029af41b01ead6ea869fa83
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.ppc64.rpm	SHA-256: 34b5ddf4ee34eb682274860201ff28de95926e0bd0239a5c1abc0a7b6c67b940

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 08ed84342e0f82bffaa8daaa6dffef9b12fa8b7538e778733b2e19a50c7f4858
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: d447cd11dee2f81f5ca80e7a641d0e31f73c28cfe4e098b5712d399502f71592
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 2ccfd210d79f831e1c0629fe86f891c6a1f6d0b2fd36e5289118956204902dbb
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 74829830f15692bd38c1b7f24d6be7d55cb10795f9ff2d5bf97e3aefefa7e22f

Red Hat Enterprise Linux Server from RHUI 6

SRPM
x86_64
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 08ed84342e0f82bffaa8daaa6dffef9b12fa8b7538e778733b2e19a50c7f4858
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: d447cd11dee2f81f5ca80e7a641d0e31f73c28cfe4e098b5712d399502f71592
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 2ccfd210d79f831e1c0629fe86f891c6a1f6d0b2fd36e5289118956204902dbb
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 3859afee573cb28cc1ad103a505a3f0299f2aa42a7a6113e12f35ccef2e7c1b9
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: e82dc41c1851225bd06c4a05b5e498824f8a5c6968ed10a712361922a1469eb9
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.x86_64.rpm	SHA-256: 74829830f15692bd38c1b7f24d6be7d55cb10795f9ff2d5bf97e3aefefa7e22f
i386
java-1.8.0-ibm-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1d4c7cb2623c2c1872a25f6e2b41f6f68e9f48701037bda7ace70c899a13274b
java-1.8.0-ibm-demo-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 2d08de5b7c482b5cfd942ca7843c3e8e05769cfecab6ec3bcd04e28e6fbed63b
java-1.8.0-ibm-devel-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 027c63ae52d1019094544879c0f06a6fc0be77db7819c5563476015807db8760
java-1.8.0-ibm-jdbc-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 76074fdaeb86f3c3512c7677e7d9fd1a45ddc076bb6f84631621da39a2cb0e53
java-1.8.0-ibm-plugin-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: b3b05fbaacd49cd377e9684ead8764e1c2bfa9083d201ead70099e4556fc0073
java-1.8.0-ibm-src-1.8.0.3.0-1jpp.1.el6.i686.rpm	SHA-256: 1fcdaea4866716910127d728b228ff7c28a4822c137fdf037904bbc89a1f2b62

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation