Red Hat Security Advisory: java-1.6.0-openjdk security update

CVE-2015-2590 — OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) CVE-2015-2601 — OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) CVE-2015-2621 — OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) CVE-2015-2625 — OpenJDK: name for reverse DNS lookup used in certificate identity check (JSSE, 8067694) CVE-2015-2628 — OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376) CVE-2015-2632 — ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) CVE-2015-2808 — SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher CVE-2015-4000 — LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks CVE-2015-4731 — OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) CVE-2015-4732 — OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) CVE-2015-4733 — OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) CVE-2015-4748 — OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) CVE-2015-4749 — OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) CVE-2015-4760 — ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)