‘Important’ Security Updates for Red Hat’s Java-1.6.0-openjdk Packages.
Red Hat have released a security update for their Java-1.6.0-openjdk packages.
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
This update patches a security vulnerability in the way Transport Layer Security/Secure
Sockets Layer protocols handle session renegotiation, which might allow a hacker to prefix arbitrary plain text to a client’s session. This update also disables renegotiation in the Java Secure Socket Extension component. Other updates solve a flaw that could be exploited to allow an unsigned applet or application to bypass intended access restrictions.
The Red Hat Security Response Team has rated this update as having an important security impact. A full list of the security fixes is available at the Red Hat website.
Please see the webpage on applying for package updates from the Red Hat Network for more information.