Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:2530 - Security Advisory
Issued:
2017-08-23
Updated:
2017-08-23

RHSA-2017:2530 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: java-1.6.0-ibm security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for java-1.6.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.

This update upgrades IBM Java SE 6 to version 6 SR16-FP50.

Security Fix(es):

  • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security Vulnerabilities page listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10087, CVE-2017-10089, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10243)

IBM Java SDK and JRE 6 will not receive software updates after September 2017. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 7 and 8 are available via the Red Hat Enterprise Linux 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section.

Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

  • BZ - 1471266 - CVE-2017-10107 OpenJDK: insufficient access control checks in ActivationID (RMI, 8173697)
  • BZ - 1471270 - CVE-2017-10089 OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461)
  • BZ - 1471521 - CVE-2017-10087 OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204)
  • BZ - 1471523 - CVE-2017-10110 OpenJDK: insufficient access control checks in ImageWatched (AWT, 8174098)
  • BZ - 1471527 - CVE-2017-10101 OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)
  • BZ - 1471528 - CVE-2017-10096 OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)
  • BZ - 1471535 - CVE-2017-10067 OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)
  • BZ - 1471670 - CVE-2017-10109 OpenJDK: unbounded memory allocation in CodeSource deserialization (Serialization, 8174113)
  • BZ - 1471738 - CVE-2017-10116 OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)
  • BZ - 1471851 - CVE-2017-10115 OpenJDK: DSA implementation timing attack (JCE, 8175106)
  • BZ - 1471888 - CVE-2017-10108 OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105)
  • BZ - 1471889 - CVE-2017-10053 OpenJDK: reading of unprocessed image data in JPEGImageReader (2D, 8169209)
  • BZ - 1472345 - CVE-2017-10102 OpenJDK: incorrect handling of references in DGC (RMI, 8163958)
  • BZ - 1472666 - CVE-2017-10243 OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)
  • BZ - 1472667 - CVE-2017-10105 Oracle JDK: unspecified vulnerability fixed in 6u161, 7u151, and 8u141 (Deployment)

CVEs

  • CVE-2017-10053
  • CVE-2017-10067
  • CVE-2017-10087
  • CVE-2017-10089
  • CVE-2017-10096
  • CVE-2017-10101
  • CVE-2017-10102
  • CVE-2017-10105
  • CVE-2017-10107
  • CVE-2017-10108
  • CVE-2017-10109
  • CVE-2017-10110
  • CVE-2017-10115
  • CVE-2017-10116
  • CVE-2017-10243

References

  • https://access.redhat.com/security/updates/classification/#critical
  • https://developer.ibm.com/javasdk/support/security-vulnerabilities/
  • https://developer.ibm.com/javasdk/support/lifecycle/
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
x86_64
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 4cd695cfbbb6344f04fb68a749037eb01d0210227475d9e2fd7f76a5c3310627
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 1cf062270231c8f3156ea8f25fea9c1701af659f04d73c56579332cd15fbf4a7
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 3b828d34a71e8c89c0211ded404199eaa835665cff087ca80a22e0ad98171aab
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 657ed3f42b38a71e5a4c1f260d4b73de80d2dff963ce7a6efec8b8a8667641c3
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 08635ea04c6e32b37a36c51222faf8ac88f8502dd00fc26fe5a5b3ae8db88a5c
java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: e3db55fa080eb9b688a916558a80a2e2f14909415a655e7b25066fb4a96fbfe9
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 6d5a2d830d7ec7517f55860f51a5d57584950bb6b7c6cc323b74a2f166d5ca4b
i386
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 9139d48794273239c8ca3b99097796d0665fffe73d8fc75dd53efa1848c72794
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: c642e8ace629e73a0667cf28e78c180d9d59a08b0754d551ba5aeb949c929191
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 4eddeadba557633cf70a53533d5f31a48f1863751f42536df8aa3e845320f56d
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 1431dee0c9441a551bfcef7d7c736c766965d8ee9304edf5af3ee36fd2b4e9e1
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: c044437c741e65804dac82860584319e25bd0412e6c5f36e969391b9c2808cc7
java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: dd5f87172d13fdb9721a0a10cbbc455fa7d317507fec9b2d003c3f6d5311aed1
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 08fbe8332feaaf494bca9e83e1f520ff14f689eba77435e76f6f760eaa9d6a1b

Red Hat Enterprise Linux Workstation 6

SRPM
x86_64
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 4cd695cfbbb6344f04fb68a749037eb01d0210227475d9e2fd7f76a5c3310627
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 1cf062270231c8f3156ea8f25fea9c1701af659f04d73c56579332cd15fbf4a7
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 3b828d34a71e8c89c0211ded404199eaa835665cff087ca80a22e0ad98171aab
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 657ed3f42b38a71e5a4c1f260d4b73de80d2dff963ce7a6efec8b8a8667641c3
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 08635ea04c6e32b37a36c51222faf8ac88f8502dd00fc26fe5a5b3ae8db88a5c
java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: e3db55fa080eb9b688a916558a80a2e2f14909415a655e7b25066fb4a96fbfe9
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 6d5a2d830d7ec7517f55860f51a5d57584950bb6b7c6cc323b74a2f166d5ca4b
i386
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 9139d48794273239c8ca3b99097796d0665fffe73d8fc75dd53efa1848c72794
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: c642e8ace629e73a0667cf28e78c180d9d59a08b0754d551ba5aeb949c929191
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 4eddeadba557633cf70a53533d5f31a48f1863751f42536df8aa3e845320f56d
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 1431dee0c9441a551bfcef7d7c736c766965d8ee9304edf5af3ee36fd2b4e9e1
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: c044437c741e65804dac82860584319e25bd0412e6c5f36e969391b9c2808cc7
java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: dd5f87172d13fdb9721a0a10cbbc455fa7d317507fec9b2d003c3f6d5311aed1
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 08fbe8332feaaf494bca9e83e1f520ff14f689eba77435e76f6f760eaa9d6a1b

Red Hat Enterprise Linux Desktop 6

SRPM
x86_64
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 4cd695cfbbb6344f04fb68a749037eb01d0210227475d9e2fd7f76a5c3310627
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 1cf062270231c8f3156ea8f25fea9c1701af659f04d73c56579332cd15fbf4a7
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 3b828d34a71e8c89c0211ded404199eaa835665cff087ca80a22e0ad98171aab
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 657ed3f42b38a71e5a4c1f260d4b73de80d2dff963ce7a6efec8b8a8667641c3
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 08635ea04c6e32b37a36c51222faf8ac88f8502dd00fc26fe5a5b3ae8db88a5c
java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: e3db55fa080eb9b688a916558a80a2e2f14909415a655e7b25066fb4a96fbfe9
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 6d5a2d830d7ec7517f55860f51a5d57584950bb6b7c6cc323b74a2f166d5ca4b
i386
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 9139d48794273239c8ca3b99097796d0665fffe73d8fc75dd53efa1848c72794
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: c642e8ace629e73a0667cf28e78c180d9d59a08b0754d551ba5aeb949c929191
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 4eddeadba557633cf70a53533d5f31a48f1863751f42536df8aa3e845320f56d
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 1431dee0c9441a551bfcef7d7c736c766965d8ee9304edf5af3ee36fd2b4e9e1
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: c044437c741e65804dac82860584319e25bd0412e6c5f36e969391b9c2808cc7
java-1.6.0-ibm-plugin-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: dd5f87172d13fdb9721a0a10cbbc455fa7d317507fec9b2d003c3f6d5311aed1
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.i686.rpm SHA-256: 08fbe8332feaaf494bca9e83e1f520ff14f689eba77435e76f6f760eaa9d6a1b

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
s390x
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.s390x.rpm SHA-256: c99ebaea0e9bb03b705c98288d81ec31803f43ef2ff00aca27121a6a7d2de1d0
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.s390x.rpm SHA-256: e09f2295ccee73225237c72724f276476145dc4f3c99e95ef9c7aa00ca0a5dd4
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.s390x.rpm SHA-256: 73576e71c027eca1dac3baf0b9910fd66245d455a4dc4e429525e08c940745f3
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.s390x.rpm SHA-256: 1c2297e267ca59c5b04dc4b2099bd22375f91aa08c2f8675d32def937d1b6394
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.s390x.rpm SHA-256: 5cd5831a2fd6ae505a045c767ee5d42e931b96728b5a40481f54ef22e73cab80

Red Hat Enterprise Linux for Power, big endian 6

SRPM
ppc64
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.ppc64.rpm SHA-256: d2c5f90fd2c4df38174a46b5afb0fc74ca544702c5db801e569d32964f6517bb
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.ppc64.rpm SHA-256: 17d76b67e2f57e3a3d56e6dc9ac984f8d1217849b69a2f7bfa8026e8009615d1
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.ppc64.rpm SHA-256: e869f3ce9e338baa5d0a26d21cd8c4ded893a326a65af77843af3f3c3df7d9f5
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.ppc64.rpm SHA-256: 46dc85af166b080240a950b2f8692d80f8b1371c0b837874e5c04dfe070c1383
java-1.6.0-ibm-jdbc-1.6.0.16.50-1jpp.1.el6_9.ppc64.rpm SHA-256: 9398163c8c4e1c4ea7442ca49ec1bc3a6bb4299b9ffe39f7f78d900661e17cd4
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.ppc64.rpm SHA-256: de1edd4185b534a9676f45379d77f99a62d1eafef68a04328777bd8febae7efa

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
x86_64
java-1.6.0-ibm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 4cd695cfbbb6344f04fb68a749037eb01d0210227475d9e2fd7f76a5c3310627
java-1.6.0-ibm-demo-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 1cf062270231c8f3156ea8f25fea9c1701af659f04d73c56579332cd15fbf4a7
java-1.6.0-ibm-devel-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 3b828d34a71e8c89c0211ded404199eaa835665cff087ca80a22e0ad98171aab
java-1.6.0-ibm-javacomm-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 657ed3f42b38a71e5a4c1f260d4b73de80d2dff963ce7a6efec8b8a8667641c3
java-1.6.0-ibm-src-1.6.0.16.50-1jpp.1.el6_9.x86_64.rpm SHA-256: 6d5a2d830d7ec7517f55860f51a5d57584950bb6b7c6cc323b74a2f166d5ca4b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility