SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
(Red Hat Issues Fix) Oracle Java Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
SecurityTracker Alert ID:  1029724
SecurityTracker URL:  http://securitytracker.com/id/1029724
CVE Reference:   CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0385, CVE-2014-0387, CVE-2014-0403, CVE-2014-0408, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428   (Links to External Site)
Date:  Feb 5 2014
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7 Update 51
Description:   Multiple vulnerabilities were reported in Oracle Java. A remote user can execute arbitrary code on the target system. A remote user can access and modify data. A remote user can cause denial of service conditions.

A remote user can exploit a flaw in the JavaFX component to partially access data, partially modify data, and partially deny service [CVE-2013-5870].

A remote user can exploit a flaw in the Security component to partially access data, partially modify data, and partially deny service [CVE-2013-5878].

A remote user can exploit a flaw in the CORBA component to partially access data [CVE-2013-5884].

A remote user can exploit a flaw in the Deployment component to cause partial denial of service conditions [CVE-2013-5887].

A local user can exploit a flaw in the Deployment component to partially access data, partially modify data, and partially deny service [CVE-2013-5888].

A remote user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2013-5889].

A remote user can exploit a flaw in the Libraries component to gain elevated privileges [CVE-2013-5893].

A remote user can exploit a flaw in the JavaFX component to partially access data [CVE-2013-5895].

A remote user can exploit a flaw in the CORBA component to cause partial denial of service conditions [CVE-2013-5896].

A remote user can exploit a flaw in the Deployment component to partially access and partially modify data [CVE-2013-5898].

A remote user can exploit a flaw in the Deployment component to partially access data [CVE-2013-5899].

A remote user can exploit a flaw in the Deployment component to partially access data, partially modify data, and partially deny service [CVE-2013-5902].

A remote user can exploit a flaw in the Deployment component to partially access data, partially modify data, and partially deny service [CVE-2013-5904].

A remote user can exploit a flaw in the Install component to partially access data, partially modify data, and partially deny service [CVE-2013-5905].

A remote user can exploit a flaw in the Install component to partially access data, partially modify data, and partially deny service [CVE-2013-5906].

A remote user can exploit a flaw in the 2D component to gain elevated privileges [CVE-2013-5907].

A remote user can exploit a flaw in the Security component to partially modify data [CVE-2013-5910].

A remote user can exploit a flaw in the Networking component to partially access data [CVE-2014-0368].

A remote user can exploit a flaw in the Serviceability component to partially access data, partially modify data, and partially deny service [CVE-2014-0373].

A remote user can exploit a flaw in the Deployment component to partially access and partially modify data [CVE-2014-0375].

A remote user can exploit a flaw in the JAXP component to partially modify data [CVE-2014-0376].

A remote user can exploit a flaw in the JavaFX component to cause partial denial of service conditions [CVE-2014-0382].

A remote user can exploit a flaw in the Install component to gain elevated privileges [CVE-2014-0385].

A remote user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2014-0387].

A remote user can exploit a flaw in the Deployment component to partially access and partially modify data [CVE-2014-0403].

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2014-0408].

A remote user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2014-0410].

A remote user can exploit a flaw in the JSSE component to partially access and partially modify data [CVE-2014-0411].

A remote user can exploit a flaw in the Deployment component to gain elevated privileges [CVE-2014-0415].

A remote user can exploit a flaw in the JAAS component to partially modify data [CVE-2014-0416].

A remote user can exploit a flaw in the 2D component to gain elevated privileges [CVE-2014-0417].

A remote user can exploit a flaw in the Deployment component to partially access data, partially modify data, and partially deny service [CVE-2014-0418].

A remote user can exploit a flaw in the Beans component to gain elevated privileges [CVE-2014-0422].

A remote authenticated user can exploit a flaw in the Deployment component to partially access data and cause partial denial of service conditions [CVE-2014-0423].

A remote user can exploit a flaw in the CORBA component to partially access data, partially modify data, and partially deny service [CVE-2014-0424].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-0428].

The following researchers reported these and other Oracle vulnerabilities:

Adam Willard of Foreground Security; Alexander Kornbrust of Red Database Security; Alexey Tyurin of ERPScan (Digital Security Research Group); Apple Inc.; Arseniy Akuney of TELUS Security Labs; Borked of the Google Security Team;
Carlo Di Dato of iDefense; Christopher Meyer of Ruhr-University Bochum; Daniel EkBerg of Kentor AB Sweden; Esteban Martinez Fayo formerly of Application Security Inc.; Fernando Munoz; Information Security Office for the University of Texas at Austin;
John Leitch working with HP's Zero Day Initiative; Joseph Sheridan of Reactionis; Juraj Somorovsky of Ruhr-University Bochum; Matthew Daley; Oliver Gruskovnjak of Portcullis Inc;
Sam Thomas of Pentest Limited; Sebastian Schinzel of University of Applied Sciences Munster; Tanel Poder; Will Dormann of CERT/CC; and Yuki Chen of Trend Micro.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can access and modify data.

A remote user can cause denial of service conditions.

Solution:   Red Hat has issued a fix for java-1.7.0-ibm.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2014-0134.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  5, 6

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2014 Oracle Java Multiple Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service



 Source Message Contents

Subject:  [RHSA-2014:0134-01] Critical: java-1.7.0-ibm security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.7.0-ibm security update
Advisory ID:       RHSA-2014:0134-01
Product:           Red Hat Enterprise Linux Supplementary
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0134.html
Issue date:        2014-02-04
CVE Names:         CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 
                   CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 
                   CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 
                   CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 
                   CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 
                   CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 
                   CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 
                   CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 
                   CVE-2014-0428 
=====================================================================

1. Summary:

Updated java-1.7.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2013-5878, CVE-2013-5884,
CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898,
CVE-2013-5899, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373,
CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410,
CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0422,
CVE-2014-0423, CVE-2014-0424, CVE-2014-0428)

All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR6-FP1 release. All running
instances of IBM Java must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1051519 - CVE-2014-0428 OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)
1051528 - CVE-2014-0422 OpenJDK: insufficient package access checks in the Naming component (JNDI, 8025758)
1051699 - CVE-2014-0373 OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126)
1051823 - CVE-2013-5878 OpenJDK: null xmlns handling issue (Security, 8025026)
1051911 - CVE-2013-5884 OpenJDK: insufficient security checks in CORBA stub factories (CORBA, 8026193)
1051912 - CVE-2014-0416 OpenJDK: insecure subject principals set handling (JAAS, 8024306)
1051923 - CVE-2014-0376 OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)
1052915 - CVE-2013-5907 ICU: Layout Engine LookupProcessor insufficient input checks (JDK 2D, 8025034)
1052919 - CVE-2014-0368 OpenJDK: insufficient Socket checkListen checks (Networking, 8011786)
1052942 - CVE-2013-5910 OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
1053010 - CVE-2014-0411 OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)
1053066 - CVE-2014-0423 OpenJDK: XXE issue in decoder (Beans, 8023245)
1053266 - CVE-2013-5896 OpenJDK: com.sun.corba.se. should be restricted package (CORBA, 8025022)
1053495 - CVE-2014-0410 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053496 - CVE-2014-0415 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053499 - CVE-2013-5889 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053501 - CVE-2014-0417 Oracle JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)
1053502 - CVE-2014-0387 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053504 - CVE-2014-0424 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053507 - CVE-2014-0403 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053508 - CVE-2014-0375 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053515 - CVE-2013-5887 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053516 - CVE-2013-5899 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053517 - CVE-2013-5888 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)
1053518 - CVE-2013-5898 Oracle JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.i386.rpm

x86_64:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.i386.rpm

ppc:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.ppc.rpm
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.ppc64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.ppc.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.ppc64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.ppc.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.ppc64.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.ppc.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.ppc64.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10.ppc.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.ppc.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.ppc64.rpm

s390x:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.s390.rpm
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.s390x.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.s390.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.s390x.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.s390.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.s390x.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.s390.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.s390x.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.s390.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.s390x.rpm

x86_64:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.i386.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el5_10.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.i686.rpm

x86_64:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.i686.rpm

ppc64:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.ppc64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.ppc64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.ppc64.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.ppc64.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.ppc64.rpm

s390x:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.s390x.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.s390x.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.s390x.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.s390x.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.s390x.rpm

x86_64:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5.i686.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.i686.rpm

x86_64:
java-1.7.0-ibm-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-demo-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-devel-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-jdbc-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-plugin-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm
java-1.7.0-ibm-src-1.7.0.6.1-1jpp.1.el6_5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2013-5878.html
https://www.redhat.com/security/data/cve/CVE-2013-5884.html
https://www.redhat.com/security/data/cve/CVE-2013-5887.html
https://www.redhat.com/security/data/cve/CVE-2013-5888.html
https://www.redhat.com/security/data/cve/CVE-2013-5889.html
https://www.redhat.com/security/data/cve/CVE-2013-5896.html
https://www.redhat.com/security/data/cve/CVE-2013-5898.html
https://www.redhat.com/security/data/cve/CVE-2013-5899.html
https://www.redhat.com/security/data/cve/CVE-2013-5907.html
https://www.redhat.com/security/data/cve/CVE-2013-5910.html
https://www.redhat.com/security/data/cve/CVE-2014-0368.html
https://www.redhat.com/security/data/cve/CVE-2014-0373.html
https://www.redhat.com/security/data/cve/CVE-2014-0375.html
https://www.redhat.com/security/data/cve/CVE-2014-0376.html
https://www.redhat.com/security/data/cve/CVE-2014-0387.html
https://www.redhat.com/security/data/cve/CVE-2014-0403.html
https://www.redhat.com/security/data/cve/CVE-2014-0410.html
https://www.redhat.com/security/data/cve/CVE-2014-0411.html
https://www.redhat.com/security/data/cve/CVE-2014-0415.html
https://www.redhat.com/security/data/cve/CVE-2014-0416.html
https://www.redhat.com/security/data/cve/CVE-2014-0417.html
https://www.redhat.com/security/data/cve/CVE-2014-0422.html
https://www.redhat.com/security/data/cve/CVE-2014-0423.html
https://www.redhat.com/security/data/cve/CVE-2014-0424.html
https://www.redhat.com/security/data/cve/CVE-2014-0428.html
https://access.redhat.com/security/updates/classification/#critical
https://www.ibm.com/developerworks/java/jdk/alerts/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFS8U3fXlSAg2UNWIIRAr5cAJ9s3BxMCGbANClAwz7++hDYvCcHAgCfVYcC
y4JqdYZc6qEwNgOalK4QVjU=
=zUG7
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC