Red Hat release OpenJDK 1.6.0 security update
Red Hat has released an OpenJDK 1.6.0 security update for Red Hat Enterprise Linux 5. The update comes after Oracle updated Java 6 with Update 19 and addresses many of the same vulnerabilities. These include flaws which could bypass access restrictions such as buffer overflows, input validation, incorrect handling of large values and incorrect interpretation of network addresses.
The TLS/SSL session renegotiation problem has also been temporarily addressed, in the same way as the Oracle update, by disabling renegotiation. It is expected that it will be fixed and re-enabled in a later update.
An update to IcedTea, another OpenJDK based Java system, to version 1.7.2 containing a similar set of fixes was also released, although it has already been updated to 1.7.3 with other bug fixes since then.
- Important: java-1.6.0-openjdk security update, Red Hat security advisory.