Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0413 Low: Oracle Java SE 6 - notification of end of public updates 21 March 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Oracle Java SE 6 Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 5 Red Hat Enterprise Linux WS/Desktop 5 Impact/Access: Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade Original Bulletin: https://rhn.redhat.com/errata/RHSA-2013-0666.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: Oracle Java SE 6 - notification of end of public updates Advisory ID: RHSA-2013:0666-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0666.html Issue date: 2013-03-20 ===================================================================== 1. Summary: Updates to the java-1.6.0-sun packages that disable the Java Web Browser Plug-in and Web Start included in these packages. As a result, customers who rely on Java-based browser applets may need to re-configure their browser to use one of the Java implementations listed in the Solution section below. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Oracle Java SE 6 will not receive updates after February 28, 2013. The Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and in Red Hat Network (RHN) channels will continue to be available. Red Hat will continue to provide these packages only as a courtesy to customers. Red Hat will not provide updates to these packages after this date. Once customers update their system by installing the packages associated with this advisory, the Oracle Java Web Plug-in will be disabled. As a result, customers who rely on Java-based browser applets may need to re-configure their browser to use one of the Java implementations listed in the Solution section below. All users of java-1.6.0-sun are advised to upgrade to these updated packages. 4. Solution: Red Hat recommends that customers using Oracle Java SE 6 choose one of the following alternative Java implementations: * OpenJDK 6, which is available and supported in Red Hat Enterprise Linux 5 and 6. * IBM's Java SE 6, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels through September 2017. * OpenJDK 7, which is available and supported in Red Hat Enterprise Linux 5 and 6. * IBM's Java SE 7, which is available on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels. * Oracle Java SE 7, which is available today on the Red Hat Enterprise Linux 5 and 6 Supplementary media and Supplementary RHN channels. Please refer to Red Hat Knowledge solution 314713 for information on how to install and configure any of these Java implementations. This solution also describes how customers who rely on Java-based browser applets can re-configure their Java Web Plug-in. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.3.el5_9.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.i586.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.3.el5_9.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.i686.rpm x86_64: java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.i686.rpm java-1.6.0-sun-devel-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.43-1jpp.4.el6_4.x86_64.rpm java-1.6.0-sun-src-1.6.0.43-1jpp.4.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 6. References: https://access.redhat.com/security/updates/classification/#low http://www.ibm.com/developerworks/java/jdk/lifecycle/index.html https://access.redhat.com/knowledge/solutions/314713 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRSd59XlSAg2UNWIIRAq8CAJ0XrgtmV8UgLvjJSsTJi/ZlhT9yqQCgoKDU es9FDe+AoZlufJcpmMlthLw= =D0KK - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUUp/ju4yVqjM2NGpAQJFQA//TNOkC4MS4BVH4qKj4Q2PEbRZa4vYuJvL /rk/73ZmorVJh9jXJCmFI62hLCvh13owfJaew/KVekSg2qo9o1Xk67g9offfvR07 CXbeImMF/T8vjhkful1usBDpRiPvyEi48BLU8KWkSK4xPwz7YrNsCZpZCG++3ii/ Dsbp5i477G/AI4/PowAr7ssRksYdl7oR50oYh/1DpgvP9p7gWEbibZOppbx8LBPF rkNwmcaksZmOn5zD5avtAf2zBbjSIOqHvwBqoaaHV2FSlcFBa4IIWM+kmkCjkkxF 0aOx+ZB/df9xzQdlV52u5w5lU6vJCrl9Ak5ciXoiNFv5JsxAGJ99F8RpwOAT5gAo ztwQMLXilE4ILT4OKKWbgKEhqVF60RkECaOQ6/qBdCyTQ13AhkGtj0x6JeDFz9f+ /affHfPG0LNvkDKrAsoUiWqURVoDmQkaK9IHsEKYlkCEIDu/TN9ZGWytP6SZSa0k z4MP0oN8bd4TP1fLOGZu+nqEIHkG7uI4yC4U3x3riNdehqAvAAgFc/oarqlZd/H2 k57+0BabOk5LSWFZJyN4eC/d9y9amNE1AlmbgfMVpBH55GEunXSOY0Xx1ytw/yRg IeOskZeOXU0XLsWHtgqKmt1eiL2OpHx7CkUuz5orCC1WwzlplRyf4Duagdq1GH9P b3wn5Auss5w= =ctlf -----END PGP SIGNATURE-----