Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1517
Low: Red Hat Network Satellite server IBM Java Runtime security update
24 October 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Red Hat Network Satellite server IBM Java Runtime
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-3743 CVE-2013-2473 CVE-2013-2472
CVE-2013-2471 CVE-2013-2470 CVE-2013-2469
CVE-2013-2468 CVE-2013-2466 CVE-2013-2465
CVE-2013-2464 CVE-2013-2463 CVE-2013-2459
CVE-2013-2457 CVE-2013-2456 CVE-2013-2455
CVE-2013-2454 CVE-2013-2453 CVE-2013-2452
CVE-2013-2451 CVE-2013-2450 CVE-2013-2448
CVE-2013-2447 CVE-2013-2446 CVE-2013-2444
CVE-2013-2443 CVE-2013-2442 CVE-2013-2440
CVE-2013-2437 CVE-2013-2435 CVE-2013-2433
CVE-2013-2432 CVE-2013-2430 CVE-2013-2429
CVE-2013-2424 CVE-2013-2422 CVE-2013-2420
CVE-2013-2419 CVE-2013-2418 CVE-2013-2417
CVE-2013-2412 CVE-2013-2407 CVE-2013-2394
CVE-2013-2384 CVE-2013-2383 CVE-2013-1571
CVE-2013-1569 CVE-2013-1563 CVE-2013-1557
CVE-2013-1540 CVE-2013-1537 CVE-2013-1500
CVE-2013-1493 CVE-2013-1491 CVE-2013-1487
CVE-2013-1486 CVE-2013-1481 CVE-2013-1480
CVE-2013-1478 CVE-2013-1476 CVE-2013-1473
CVE-2013-0809 CVE-2013-0450 CVE-2013-0446
CVE-2013-0445 CVE-2013-0443 CVE-2013-0442
CVE-2013-0441 CVE-2013-0440 CVE-2013-0438
CVE-2013-0435 CVE-2013-0434 CVE-2013-0433
CVE-2013-0432 CVE-2013-0428 CVE-2013-0427
CVE-2013-0426 CVE-2013-0425 CVE-2013-0424
CVE-2013-0423 CVE-2013-0419 CVE-2013-0409
CVE-2013-0401 CVE-2013-0351 CVE-2013-0169
CVE-2012-5089 CVE-2012-5084 CVE-2012-5083
CVE-2012-5081 CVE-2012-5079 CVE-2012-5075
CVE-2012-5073 CVE-2012-5072 CVE-2012-5071
CVE-2012-5069 CVE-2012-5068 CVE-2012-4823
CVE-2012-4822 CVE-2012-4820 CVE-2012-3342
CVE-2012-3216 CVE-2012-3213 CVE-2012-3159
CVE-2012-3143 CVE-2012-1725 CVE-2012-1722
CVE-2012-1721 CVE-2012-1719 CVE-2012-1718
CVE-2012-1717 CVE-2012-1716 CVE-2012-1713
CVE-2012-1682 CVE-2012-1541 CVE-2012-1533
CVE-2012-1532 CVE-2012-1531 CVE-2012-0551
CVE-2012-0547
Reference: ASB-2013.0113
ASB-2013.0075
ASB-2013.0069
ASB-2013.0058
ASB-2013.0057
Original Bulletin:
https://rhn.redhat.com/errata/RHSA-2013-1456.html
Comment: This bulletin contains two (2) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat Network Satellite server IBM Java Runtime security update
Advisory ID: RHSA-2013:1456-01
Product: Red Hat Satellite
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1456.html
Issue date: 2013-10-23
CVE Names: CVE-2012-0547 CVE-2012-0551 CVE-2012-1531
CVE-2012-1532 CVE-2012-1533 CVE-2012-1541
CVE-2012-1682 CVE-2012-1713 CVE-2012-1716
CVE-2012-1717 CVE-2012-1718 CVE-2012-1719
CVE-2012-1721 CVE-2012-1722 CVE-2012-1725
CVE-2012-3143 CVE-2012-3159 CVE-2012-3213
CVE-2012-3216 CVE-2012-3342 CVE-2012-4820
CVE-2012-4822 CVE-2012-4823 CVE-2012-5068
CVE-2012-5069 CVE-2012-5071 CVE-2012-5072
CVE-2012-5073 CVE-2012-5075 CVE-2012-5079
CVE-2012-5081 CVE-2012-5083 CVE-2012-5084
CVE-2012-5089 CVE-2013-0169 CVE-2013-0351
CVE-2013-0401 CVE-2013-0409 CVE-2013-0419
CVE-2013-0423 CVE-2013-0424 CVE-2013-0425
CVE-2013-0426 CVE-2013-0427 CVE-2013-0428
CVE-2013-0432 CVE-2013-0433 CVE-2013-0434
CVE-2013-0435 CVE-2013-0438 CVE-2013-0440
CVE-2013-0441 CVE-2013-0442 CVE-2013-0443
CVE-2013-0445 CVE-2013-0446 CVE-2013-0450
CVE-2013-0809 CVE-2013-1473 CVE-2013-1476
CVE-2013-1478 CVE-2013-1480 CVE-2013-1481
CVE-2013-1486 CVE-2013-1487 CVE-2013-1491
CVE-2013-1493 CVE-2013-1500 CVE-2013-1537
CVE-2013-1540 CVE-2013-1557 CVE-2013-1563
CVE-2013-1569 CVE-2013-1571 CVE-2013-2383
CVE-2013-2384 CVE-2013-2394 CVE-2013-2407
CVE-2013-2412 CVE-2013-2417 CVE-2013-2418
CVE-2013-2419 CVE-2013-2420 CVE-2013-2422
CVE-2013-2424 CVE-2013-2429 CVE-2013-2430
CVE-2013-2432 CVE-2013-2433 CVE-2013-2435
CVE-2013-2437 CVE-2013-2440 CVE-2013-2442
CVE-2013-2443 CVE-2013-2444 CVE-2013-2446
CVE-2013-2447 CVE-2013-2448 CVE-2013-2450
CVE-2013-2451 CVE-2013-2452 CVE-2013-2453
CVE-2013-2454 CVE-2013-2455 CVE-2013-2456
CVE-2013-2457 CVE-2013-2459 CVE-2013-2463
CVE-2013-2464 CVE-2013-2465 CVE-2013-2466
CVE-2013-2468 CVE-2013-2469 CVE-2013-2470
CVE-2013-2471 CVE-2013-2472 CVE-2013-2473
CVE-2013-3743
=====================================================================
1. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server 5.5.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Satellite 5.5 (RHEL v.5) - s390x, x86_64
Red Hat Satellite 5.5 (RHEL v.6) - s390x, x86_64
3. Description:
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite Server
5.5. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,
CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,
CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,
CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,
CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,
CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,
CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,
CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,
CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,
CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,
CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,
CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,
CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,
CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,
CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,
CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,
CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,
CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)
Users of Red Hat Network Satellite Server 5.5 are advised to upgrade to
these updated packages, which contain the IBM Java SE 6 SR14 release. For
this update to take effect, Red Hat Network Satellite Server must be
restarted ("/usr/sbin/rhn-satellite restart"), as well as all running
instances of IBM Java.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)
829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)
831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution
876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution
876389 - CVE-2012-4823 IBM JDK: java.lang.ClassLoder defineClass() code execution
906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)
906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)
907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)
907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066)
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)
917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675)
920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)
953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)
975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243)
975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)
975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)
975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)
975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438)
975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597)
975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601)
975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071)
975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328)
975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)
975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038)
975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642)
975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120)
975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124)
975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330)
975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033)
975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812)
975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)
975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)
975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)
975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703)
975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730)
975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)
975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D)
975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)
975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
6. Package List:
Red Hat Satellite 5.5 (RHEL v.5):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.src.rpm
s390x:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
Red Hat Satellite 5.5 (RHEL v.6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.src.rpm
s390x:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-0551.html
https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-1541.html
https://www.redhat.com/security/data/cve/CVE-2012-1682.html
https://www.redhat.com/security/data/cve/CVE-2012-1713.html
https://www.redhat.com/security/data/cve/CVE-2012-1716.html
https://www.redhat.com/security/data/cve/CVE-2012-1717.html
https://www.redhat.com/security/data/cve/CVE-2012-1718.html
https://www.redhat.com/security/data/cve/CVE-2012-1719.html
https://www.redhat.com/security/data/cve/CVE-2012-1721.html
https://www.redhat.com/security/data/cve/CVE-2012-1722.html
https://www.redhat.com/security/data/cve/CVE-2012-1725.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3213.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-3342.html
https://www.redhat.com/security/data/cve/CVE-2012-4820.html
https://www.redhat.com/security/data/cve/CVE-2012-4822.html
https://www.redhat.com/security/data/cve/CVE-2012-4823.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-0351.html
https://www.redhat.com/security/data/cve/CVE-2013-0401.html
https://www.redhat.com/security/data/cve/CVE-2013-0409.html
https://www.redhat.com/security/data/cve/CVE-2013-0419.html
https://www.redhat.com/security/data/cve/CVE-2013-0423.html
https://www.redhat.com/security/data/cve/CVE-2013-0424.html
https://www.redhat.com/security/data/cve/CVE-2013-0425.html
https://www.redhat.com/security/data/cve/CVE-2013-0426.html
https://www.redhat.com/security/data/cve/CVE-2013-0427.html
https://www.redhat.com/security/data/cve/CVE-2013-0428.html
https://www.redhat.com/security/data/cve/CVE-2013-0432.html
https://www.redhat.com/security/data/cve/CVE-2013-0433.html
https://www.redhat.com/security/data/cve/CVE-2013-0434.html
https://www.redhat.com/security/data/cve/CVE-2013-0435.html
https://www.redhat.com/security/data/cve/CVE-2013-0438.html
https://www.redhat.com/security/data/cve/CVE-2013-0440.html
https://www.redhat.com/security/data/cve/CVE-2013-0441.html
https://www.redhat.com/security/data/cve/CVE-2013-0442.html
https://www.redhat.com/security/data/cve/CVE-2013-0443.html
https://www.redhat.com/security/data/cve/CVE-2013-0445.html
https://www.redhat.com/security/data/cve/CVE-2013-0446.html
https://www.redhat.com/security/data/cve/CVE-2013-0450.html
https://www.redhat.com/security/data/cve/CVE-2013-0809.html
https://www.redhat.com/security/data/cve/CVE-2013-1473.html
https://www.redhat.com/security/data/cve/CVE-2013-1476.html
https://www.redhat.com/security/data/cve/CVE-2013-1478.html
https://www.redhat.com/security/data/cve/CVE-2013-1480.html
https://www.redhat.com/security/data/cve/CVE-2013-1481.html
https://www.redhat.com/security/data/cve/CVE-2013-1486.html
https://www.redhat.com/security/data/cve/CVE-2013-1487.html
https://www.redhat.com/security/data/cve/CVE-2013-1491.html
https://www.redhat.com/security/data/cve/CVE-2013-1493.html
https://www.redhat.com/security/data/cve/CVE-2013-1500.html
https://www.redhat.com/security/data/cve/CVE-2013-1537.html
https://www.redhat.com/security/data/cve/CVE-2013-1540.html
https://www.redhat.com/security/data/cve/CVE-2013-1557.html
https://www.redhat.com/security/data/cve/CVE-2013-1563.html
https://www.redhat.com/security/data/cve/CVE-2013-1569.html
https://www.redhat.com/security/data/cve/CVE-2013-1571.html
https://www.redhat.com/security/data/cve/CVE-2013-2383.html
https://www.redhat.com/security/data/cve/CVE-2013-2384.html
https://www.redhat.com/security/data/cve/CVE-2013-2394.html
https://www.redhat.com/security/data/cve/CVE-2013-2407.html
https://www.redhat.com/security/data/cve/CVE-2013-2412.html
https://www.redhat.com/security/data/cve/CVE-2013-2417.html
https://www.redhat.com/security/data/cve/CVE-2013-2418.html
https://www.redhat.com/security/data/cve/CVE-2013-2419.html
https://www.redhat.com/security/data/cve/CVE-2013-2420.html
https://www.redhat.com/security/data/cve/CVE-2013-2422.html
https://www.redhat.com/security/data/cve/CVE-2013-2424.html
https://www.redhat.com/security/data/cve/CVE-2013-2429.html
https://www.redhat.com/security/data/cve/CVE-2013-2430.html
https://www.redhat.com/security/data/cve/CVE-2013-2432.html
https://www.redhat.com/security/data/cve/CVE-2013-2433.html
https://www.redhat.com/security/data/cve/CVE-2013-2435.html
https://www.redhat.com/security/data/cve/CVE-2013-2437.html
https://www.redhat.com/security/data/cve/CVE-2013-2440.html
https://www.redhat.com/security/data/cve/CVE-2013-2442.html
https://www.redhat.com/security/data/cve/CVE-2013-2443.html
https://www.redhat.com/security/data/cve/CVE-2013-2444.html
https://www.redhat.com/security/data/cve/CVE-2013-2446.html
https://www.redhat.com/security/data/cve/CVE-2013-2447.html
https://www.redhat.com/security/data/cve/CVE-2013-2448.html
https://www.redhat.com/security/data/cve/CVE-2013-2450.html
https://www.redhat.com/security/data/cve/CVE-2013-2451.html
https://www.redhat.com/security/data/cve/CVE-2013-2452.html
https://www.redhat.com/security/data/cve/CVE-2013-2453.html
https://www.redhat.com/security/data/cve/CVE-2013-2454.html
https://www.redhat.com/security/data/cve/CVE-2013-2455.html
https://www.redhat.com/security/data/cve/CVE-2013-2456.html
https://www.redhat.com/security/data/cve/CVE-2013-2457.html
https://www.redhat.com/security/data/cve/CVE-2013-2459.html
https://www.redhat.com/security/data/cve/CVE-2013-2463.html
https://www.redhat.com/security/data/cve/CVE-2013-2464.html
https://www.redhat.com/security/data/cve/CVE-2013-2465.html
https://www.redhat.com/security/data/cve/CVE-2013-2466.html
https://www.redhat.com/security/data/cve/CVE-2013-2468.html
https://www.redhat.com/security/data/cve/CVE-2013-2469.html
https://www.redhat.com/security/data/cve/CVE-2013-2470.html
https://www.redhat.com/security/data/cve/CVE-2013-2471.html
https://www.redhat.com/security/data/cve/CVE-2013-2472.html
https://www.redhat.com/security/data/cve/CVE-2013-2473.html
https://www.redhat.com/security/data/cve/CVE-2013-3743.html
https://access.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSZ/wXXlSAg2UNWIIRAh0tAKCyvI+fzg/YQLKd/pOKMVGUasClAACfe8NU
txj9ugDGtaxqHsieOTzEGWM=
=p6f6
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat Network Satellite server IBM Java Runtime security update
Advisory ID: RHSA-2013:1455-01
Product: Red Hat Satellite
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1455.html
Issue date: 2013-10-23
CVE Names: CVE-2011-0802 CVE-2011-0814 CVE-2011-0862
CVE-2011-0863 CVE-2011-0865 CVE-2011-0867
CVE-2011-0868 CVE-2011-0869 CVE-2011-0871
CVE-2011-0873 CVE-2011-3389 CVE-2011-3516
CVE-2011-3521 CVE-2011-3544 CVE-2011-3545
CVE-2011-3546 CVE-2011-3547 CVE-2011-3548
CVE-2011-3549 CVE-2011-3550 CVE-2011-3551
CVE-2011-3552 CVE-2011-3553 CVE-2011-3554
CVE-2011-3556 CVE-2011-3557 CVE-2011-3560
CVE-2011-3561 CVE-2011-3563 CVE-2011-5035
CVE-2012-0497 CVE-2012-0498 CVE-2012-0499
CVE-2012-0500 CVE-2012-0501 CVE-2012-0502
CVE-2012-0503 CVE-2012-0505 CVE-2012-0506
CVE-2012-0507 CVE-2012-0547 CVE-2012-0551
CVE-2012-1531 CVE-2012-1532 CVE-2012-1533
CVE-2012-1541 CVE-2012-1682 CVE-2012-1713
CVE-2012-1716 CVE-2012-1717 CVE-2012-1718
CVE-2012-1719 CVE-2012-1721 CVE-2012-1722
CVE-2012-1725 CVE-2012-3143 CVE-2012-3159
CVE-2012-3213 CVE-2012-3216 CVE-2012-3342
CVE-2012-4820 CVE-2012-4822 CVE-2012-4823
CVE-2012-5068 CVE-2012-5069 CVE-2012-5071
CVE-2012-5072 CVE-2012-5073 CVE-2012-5075
CVE-2012-5079 CVE-2012-5081 CVE-2012-5083
CVE-2012-5084 CVE-2012-5089 CVE-2013-0169
CVE-2013-0351 CVE-2013-0401 CVE-2013-0409
CVE-2013-0419 CVE-2013-0423 CVE-2013-0424
CVE-2013-0425 CVE-2013-0426 CVE-2013-0427
CVE-2013-0428 CVE-2013-0432 CVE-2013-0433
CVE-2013-0434 CVE-2013-0435 CVE-2013-0438
CVE-2013-0440 CVE-2013-0441 CVE-2013-0442
CVE-2013-0443 CVE-2013-0445 CVE-2013-0446
CVE-2013-0450 CVE-2013-0809 CVE-2013-1473
CVE-2013-1476 CVE-2013-1478 CVE-2013-1480
CVE-2013-1481 CVE-2013-1486 CVE-2013-1487
CVE-2013-1491 CVE-2013-1493 CVE-2013-1500
CVE-2013-1537 CVE-2013-1540 CVE-2013-1557
CVE-2013-1563 CVE-2013-1569 CVE-2013-1571
CVE-2013-2383 CVE-2013-2384 CVE-2013-2394
CVE-2013-2407 CVE-2013-2412 CVE-2013-2417
CVE-2013-2418 CVE-2013-2419 CVE-2013-2420
CVE-2013-2422 CVE-2013-2424 CVE-2013-2429
CVE-2013-2430 CVE-2013-2432 CVE-2013-2433
CVE-2013-2435 CVE-2013-2437 CVE-2013-2440
CVE-2013-2442 CVE-2013-2443 CVE-2013-2444
CVE-2013-2446 CVE-2013-2447 CVE-2013-2448
CVE-2013-2450 CVE-2013-2451 CVE-2013-2452
CVE-2013-2453 CVE-2013-2454 CVE-2013-2455
CVE-2013-2456 CVE-2013-2457 CVE-2013-2459
CVE-2013-2463 CVE-2013-2464 CVE-2013-2465
CVE-2013-2466 CVE-2013-2468 CVE-2013-2469
CVE-2013-2470 CVE-2013-2471 CVE-2013-2472
CVE-2013-2473 CVE-2013-3743
=====================================================================
1. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server 5.4.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Satellite 5.4 (RHEL v.5) - i386, s390x, x86_64
Red Hat Satellite 5.4 (RHEL v.6) - s390x, x86_64
3. Description:
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite Server
5.4. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets.
Several flaws were fixed in the IBM Java 2 Runtime Environment.
(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865,
CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873,
CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,
CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550,
CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556,
CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035,
CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,
CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507,
CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,
CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,
CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,
CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,
CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,
CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,
CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,
CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,
CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,
CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,
CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,
CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,
CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,
CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,
CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,
CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,
CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,
CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)
Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to
these updated packages, which contain the IBM Java SE 6 SR14 release. For
this update to take effect, Red Hat Network Satellite Server must be
restarted ("/usr/sbin/rhn-satellite restart"), as well as all running
instances of IBM Java.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
711675 - CVE-2011-0873 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (2D)
711676 - CVE-2011-0863 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (Deployment)
711677 - CVE-2011-0802 CVE-2011-0814 Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 (Sound)
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)
745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)
745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)
745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)
745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)
745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)
745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)
745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)
745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)
745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)
745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)
747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)
747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)
747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)
788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)
829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)
829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)
831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution
876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution
876389 - CVE-2012-4823 IBM JDK: java.lang.ClassLoder defineClass() code execution
906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)
906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)
907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)
907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066)
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)
917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675)
920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)
953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)
975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243)
975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)
975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)
975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)
975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438)
975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597)
975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601)
975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071)
975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328)
975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)
975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038)
975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642)
975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120)
975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124)
975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330)
975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033)
975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812)
975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)
975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)
975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)
975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703)
975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730)
975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)
975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D)
975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)
975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
6. Package List:
Red Hat Satellite 5.4 (RHEL v.5):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.src.rpm
i386:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm
s390x:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
Red Hat Satellite 5.4 (RHEL v.6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.src.rpm
s390x:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-0802.html
https://www.redhat.com/security/data/cve/CVE-2011-0814.html
https://www.redhat.com/security/data/cve/CVE-2011-0862.html
https://www.redhat.com/security/data/cve/CVE-2011-0863.html
https://www.redhat.com/security/data/cve/CVE-2011-0865.html
https://www.redhat.com/security/data/cve/CVE-2011-0867.html
https://www.redhat.com/security/data/cve/CVE-2011-0868.html
https://www.redhat.com/security/data/cve/CVE-2011-0869.html
https://www.redhat.com/security/data/cve/CVE-2011-0871.html
https://www.redhat.com/security/data/cve/CVE-2011-0873.html
https://www.redhat.com/security/data/cve/CVE-2011-3389.html
https://www.redhat.com/security/data/cve/CVE-2011-3516.html
https://www.redhat.com/security/data/cve/CVE-2011-3521.html
https://www.redhat.com/security/data/cve/CVE-2011-3544.html
https://www.redhat.com/security/data/cve/CVE-2011-3545.html
https://www.redhat.com/security/data/cve/CVE-2011-3546.html
https://www.redhat.com/security/data/cve/CVE-2011-3547.html
https://www.redhat.com/security/data/cve/CVE-2011-3548.html
https://www.redhat.com/security/data/cve/CVE-2011-3549.html
https://www.redhat.com/security/data/cve/CVE-2011-3550.html
https://www.redhat.com/security/data/cve/CVE-2011-3551.html
https://www.redhat.com/security/data/cve/CVE-2011-3552.html
https://www.redhat.com/security/data/cve/CVE-2011-3553.html
https://www.redhat.com/security/data/cve/CVE-2011-3554.html
https://www.redhat.com/security/data/cve/CVE-2011-3556.html
https://www.redhat.com/security/data/cve/CVE-2011-3557.html
https://www.redhat.com/security/data/cve/CVE-2011-3560.html
https://www.redhat.com/security/data/cve/CVE-2011-3561.html
https://www.redhat.com/security/data/cve/CVE-2011-3563.html
https://www.redhat.com/security/data/cve/CVE-2011-5035.html
https://www.redhat.com/security/data/cve/CVE-2012-0497.html
https://www.redhat.com/security/data/cve/CVE-2012-0498.html
https://www.redhat.com/security/data/cve/CVE-2012-0499.html
https://www.redhat.com/security/data/cve/CVE-2012-0500.html
https://www.redhat.com/security/data/cve/CVE-2012-0501.html
https://www.redhat.com/security/data/cve/CVE-2012-0502.html
https://www.redhat.com/security/data/cve/CVE-2012-0503.html
https://www.redhat.com/security/data/cve/CVE-2012-0505.html
https://www.redhat.com/security/data/cve/CVE-2012-0506.html
https://www.redhat.com/security/data/cve/CVE-2012-0507.html
https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-0551.html
https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-1541.html
https://www.redhat.com/security/data/cve/CVE-2012-1682.html
https://www.redhat.com/security/data/cve/CVE-2012-1713.html
https://www.redhat.com/security/data/cve/CVE-2012-1716.html
https://www.redhat.com/security/data/cve/CVE-2012-1717.html
https://www.redhat.com/security/data/cve/CVE-2012-1718.html
https://www.redhat.com/security/data/cve/CVE-2012-1719.html
https://www.redhat.com/security/data/cve/CVE-2012-1721.html
https://www.redhat.com/security/data/cve/CVE-2012-1722.html
https://www.redhat.com/security/data/cve/CVE-2012-1725.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3213.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-3342.html
https://www.redhat.com/security/data/cve/CVE-2012-4820.html
https://www.redhat.com/security/data/cve/CVE-2012-4822.html
https://www.redhat.com/security/data/cve/CVE-2012-4823.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-0351.html
https://www.redhat.com/security/data/cve/CVE-2013-0401.html
https://www.redhat.com/security/data/cve/CVE-2013-0409.html
https://www.redhat.com/security/data/cve/CVE-2013-0419.html
https://www.redhat.com/security/data/cve/CVE-2013-0423.html
https://www.redhat.com/security/data/cve/CVE-2013-0424.html
https://www.redhat.com/security/data/cve/CVE-2013-0425.html
https://www.redhat.com/security/data/cve/CVE-2013-0426.html
https://www.redhat.com/security/data/cve/CVE-2013-0427.html
https://www.redhat.com/security/data/cve/CVE-2013-0428.html
https://www.redhat.com/security/data/cve/CVE-2013-0432.html
https://www.redhat.com/security/data/cve/CVE-2013-0433.html
https://www.redhat.com/security/data/cve/CVE-2013-0434.html
https://www.redhat.com/security/data/cve/CVE-2013-0435.html
https://www.redhat.com/security/data/cve/CVE-2013-0438.html
https://www.redhat.com/security/data/cve/CVE-2013-0440.html
https://www.redhat.com/security/data/cve/CVE-2013-0441.html
https://www.redhat.com/security/data/cve/CVE-2013-0442.html
https://www.redhat.com/security/data/cve/CVE-2013-0443.html
https://www.redhat.com/security/data/cve/CVE-2013-0445.html
https://www.redhat.com/security/data/cve/CVE-2013-0446.html
https://www.redhat.com/security/data/cve/CVE-2013-0450.html
https://www.redhat.com/security/data/cve/CVE-2013-0809.html
https://www.redhat.com/security/data/cve/CVE-2013-1473.html
https://www.redhat.com/security/data/cve/CVE-2013-1476.html
https://www.redhat.com/security/data/cve/CVE-2013-1478.html
https://www.redhat.com/security/data/cve/CVE-2013-1480.html
https://www.redhat.com/security/data/cve/CVE-2013-1481.html
https://www.redhat.com/security/data/cve/CVE-2013-1486.html
https://www.redhat.com/security/data/cve/CVE-2013-1487.html
https://www.redhat.com/security/data/cve/CVE-2013-1491.html
https://www.redhat.com/security/data/cve/CVE-2013-1493.html
https://www.redhat.com/security/data/cve/CVE-2013-1500.html
https://www.redhat.com/security/data/cve/CVE-2013-1537.html
https://www.redhat.com/security/data/cve/CVE-2013-1540.html
https://www.redhat.com/security/data/cve/CVE-2013-1557.html
https://www.redhat.com/security/data/cve/CVE-2013-1563.html
https://www.redhat.com/security/data/cve/CVE-2013-1569.html
https://www.redhat.com/security/data/cve/CVE-2013-1571.html
https://www.redhat.com/security/data/cve/CVE-2013-2383.html
https://www.redhat.com/security/data/cve/CVE-2013-2384.html
https://www.redhat.com/security/data/cve/CVE-2013-2394.html
https://www.redhat.com/security/data/cve/CVE-2013-2407.html
https://www.redhat.com/security/data/cve/CVE-2013-2412.html
https://www.redhat.com/security/data/cve/CVE-2013-2417.html
https://www.redhat.com/security/data/cve/CVE-2013-2418.html
https://www.redhat.com/security/data/cve/CVE-2013-2419.html
https://www.redhat.com/security/data/cve/CVE-2013-2420.html
https://www.redhat.com/security/data/cve/CVE-2013-2422.html
https://www.redhat.com/security/data/cve/CVE-2013-2424.html
https://www.redhat.com/security/data/cve/CVE-2013-2429.html
https://www.redhat.com/security/data/cve/CVE-2013-2430.html
https://www.redhat.com/security/data/cve/CVE-2013-2432.html
https://www.redhat.com/security/data/cve/CVE-2013-2433.html
https://www.redhat.com/security/data/cve/CVE-2013-2435.html
https://www.redhat.com/security/data/cve/CVE-2013-2437.html
https://www.redhat.com/security/data/cve/CVE-2013-2440.html
https://www.redhat.com/security/data/cve/CVE-2013-2442.html
https://www.redhat.com/security/data/cve/CVE-2013-2443.html
https://www.redhat.com/security/data/cve/CVE-2013-2444.html
https://www.redhat.com/security/data/cve/CVE-2013-2446.html
https://www.redhat.com/security/data/cve/CVE-2013-2447.html
https://www.redhat.com/security/data/cve/CVE-2013-2448.html
https://www.redhat.com/security/data/cve/CVE-2013-2450.html
https://www.redhat.com/security/data/cve/CVE-2013-2451.html
https://www.redhat.com/security/data/cve/CVE-2013-2452.html
https://www.redhat.com/security/data/cve/CVE-2013-2453.html
https://www.redhat.com/security/data/cve/CVE-2013-2454.html
https://www.redhat.com/security/data/cve/CVE-2013-2455.html
https://www.redhat.com/security/data/cve/CVE-2013-2456.html
https://www.redhat.com/security/data/cve/CVE-2013-2457.html
https://www.redhat.com/security/data/cve/CVE-2013-2459.html
https://www.redhat.com/security/data/cve/CVE-2013-2463.html
https://www.redhat.com/security/data/cve/CVE-2013-2464.html
https://www.redhat.com/security/data/cve/CVE-2013-2465.html
https://www.redhat.com/security/data/cve/CVE-2013-2466.html
https://www.redhat.com/security/data/cve/CVE-2013-2468.html
https://www.redhat.com/security/data/cve/CVE-2013-2469.html
https://www.redhat.com/security/data/cve/CVE-2013-2470.html
https://www.redhat.com/security/data/cve/CVE-2013-2471.html
https://www.redhat.com/security/data/cve/CVE-2013-2472.html
https://www.redhat.com/security/data/cve/CVE-2013-2473.html
https://www.redhat.com/security/data/cve/CVE-2013-3743.html
https://access.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSZ/v5XlSAg2UNWIIRAsEBAKCkmjlhUy0YBafaRQhQiomriK+mYACfVSqy
yJ2NIMe3T4TlQKxpvQoCAIA=
=i9I6
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUmhxThLndAQH1ShLAQKuNRAAqPd1mduYVBYE8zF5rwu1kHJNr/JoqE1G
IOFtHrniDRIgXoj0sZnWAv3zVdff0jLM2bP99YoRvrApWCIPtgJDGfnd9LQu7T1h
c55MgjNmasubMtl0t9a5azaztOoaRsRd2+EVtgqL/yPzo1e9cSJvJLKBXOWPszd+
saSAptzDifc31GPMfk8D2ynBs9l5b9KhN1UjsjgcBF10h9BWX9xckJohnHNSbOC9
nGy9CcV7RzsorAa5Gb6RSTbo+cUC0iOPwXMiSSJjbUEJ5gpwvUeIxJQTMCHOFfeA
CQIqAktWSeXIzgSITRDE2DVqexD9Xjd4wPLrQ4n68SKmEGhzgMuu2zrNFOCoPTX7
QEmv381Ua8faIVR8pjad5m3fD2FTQfXNCkfx6H9jLdEZZnzy3uY80P+qKB5/InUS
54+EkcMprz5n5fIvx8GuhMO/wbF+rKvHWC+vS1VEmU9pZvu1A/d5AP5S7OHWRqrK
ojcheAqFspQ3HOBQ/o1bucYUbdg94ODHnM77F9QCx/GILnByX+B/f/BVRZrveWep
+t6uDrl5jJbDsemldgONifbqOkWXky2eOGBFuB2X5Kgzt4BJgr6Rcu4Rbt06PwQv
Hg0cA8msHA34Ls2O9Mln5opUavFCsVOrkUpo1Oo7/wbeFxdfvZsuuJqwXWsMbv8Q
nKaUqJvussI=
=IDAg
-----END PGP SIGNATURE-----