Bug 767959 - latest update break rmi
latest update break rmi
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: java-1.6.0-openjdk (Show other bugs)
6.1
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: jiri vanek
BaseOS QE - Apps
: Regression, ZStream
Depends On: 751203
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-15 06:25 EST by RHEL Product and Program Management
Modified: 2012-01-09 09:15 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, a remote RMI client could execute code on the RMI server with unrestricted privileges. This security issue in the Java Remote Method Invocation (RMI) registry implementation was fixed by the RHSA-2011-1380 security advisory. However, the security restrictions applied by the advisory were too strict and caused the RMI registry to stop working correctly. This update adjusts the RMI registry so it now works as expected.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-21 07:36:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description RHEL Product and Program Management 2011-12-15 06:25:31 EST
This bug has been copied from bug #751203 and has been proposed
to be backported to 6.2 z-stream (EUS).
Comment 7 Levente Farkas 2011-12-19 06:36:54 EST
as i'm the reporter and debugger of the problem, may i access to this build?
Comment 9 Omair Majid 2011-12-19 11:49:15 EST
Hi Levente,

(In reply to comment #7)
> as i'm the reporter and debugger of the problem, may i access to this build?

I have copied the rpms from 
https://brewweb.devel.redhat.com/buildinfo?buildID=193158
to the publicly available location at:
http://omajid.fedorapeople.org/java-1.6.0-openjdk/rmi-fix-rhn/
Comment 10 Levente Farkas 2011-12-19 12:01:19 EST
wget http://omajid.fedorapeople.org/java-1.6.0-openjdk/rmi-fix-rhn/java-1.6.0-openjdk-1.6.0.0-1.42.1.10.4.el6_2.x86_64.rpm
--2011-12-19 18:00:39--  http://omajid.fedorapeople.org/java-1.6.0-openjdk/rmi-fix-rhn/java-1.6.0-openjdk-1.6.0.0-1.42.1.10.4.el6_2.x86_64.rpm
Resolving omajid.fedorapeople.org... 85.236.55.7
Connecting to omajid.fedorapeople.org|85.236.55.7|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2011-12-19 18:00:39 ERROR 403: Forbidden.
Comment 11 Omair Majid 2011-12-19 12:33:51 EST
It was a problem with permissions. It should work now. Sorry about that.
Comment 12 Miroslav Svoboda 2011-12-21 05:23:40 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Previously, a remote RMI client could execute code on the RMI server with unrestricted privileges. This security issue in the Java Remote Method Invocation (RMI) registry implementation was fixed by the RHSA-2011-1380 security advisory. However, the security restrictions applied by the advisory were too strict and caused the RMI registry to stop working correctly. This update adjusts the RMI registry so it now works as expected.
Comment 17 errata-xmlrpc 2011-12-21 07:36:12 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1847.html

Note You need to log in before you can comment on or make changes to this bug.