Koozali.org: home of the SME Server

Red Hat Security Advisory - java-1.7.0 and java-1.8 packages - Koozali SME8 & 9

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Although not present in Koozali SME core packages, it is well worth noting to those with any contribs, addins etc etc that use java-1.#.#-oracle packages on Koozali SME8 and 9
====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.7.0-oracle security update
Advisory ID:       RHSA-2015:0079-01
Product:           Oracle Java for Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0079.html
Issue date:        2015-01-22
CVE Names:         CVE-2014-3566 CVE-2014-6585 CVE-2014-6587
                   CVE-2014-6591 CVE-2014-6593 CVE-2014-6601
                   CVE-2015-0383 CVE-2015-0395 CVE-2015-0403
                   CVE-2015-0406 CVE-2015-0407 CVE-2015-0408
                   CVE-2015-0410 CVE-2015-0412 CVE-2015-0413
=====================================================================

1. Summary:

Updated java-1.7.0-oracle packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Client (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Client 5 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Compute Node (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 5 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux HPC Node 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Server (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593,
CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406,
CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413)

The CVE-2015-0383 issue was discovered by Red Hat.

Note: With this update, the Oracle Java SE now disables the SSL 3.0
protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer
to the Red Hat Bugzilla bug linked to in the References section for
instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 75 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: java-1.8.0-oracle security update
Advisory ID:       RHSA-2015:0080-01
Product:           Oracle Java for Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2015-0080.html
Issue date:        2015-01-22
CVE Names:         CVE-2014-3566 CVE-2014-6549 CVE-2014-6585
                   CVE-2014-6587 CVE-2014-6591 CVE-2014-6593
                   CVE-2014-6601 CVE-2015-0383 CVE-2015-0395
                   CVE-2015-0403 CVE-2015-0406 CVE-2015-0407
                   CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
                   CVE-2015-0413 CVE-2015-0421 CVE-2015-0437
=====================================================================

1. Summary:

Updated java-1.8.0-oracle packages that fix several security issues are now
available for Oracle Java for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Oracle Java for Red Hat Enterprise Linux Desktop 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux HPC Node 6 - x86_64
Oracle Java for Red Hat Enterprise Linux Server 6 - i386, x86_64
Oracle Java for Red Hat Enterprise Linux Workstation 6 - i386, x86_64

3. Description:

Oracle Java SE version 8 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,
CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403,
CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412,
CVE-2015-0413, CVE-2015-0421, CVE-2015-0437)

The CVE-2015-0383 issue was discovered by Red Hat.

Note: With this update, the Oracle Java SE now disables the SSL 3.0
protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer
to the Red Hat Bugzilla bug linked to in the References section for
instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.8.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 8 Update 31 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.
--
qui scribit bis legit