(RHSA-2014:1882) Critical: java-1.7.0-ibm security update

IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.

This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-3065, CVE-2014-3566,
CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,
CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6506,
CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6527, CVE-2014-6531,
CVE-2014-6532, CVE-2014-6558)

The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.

Note: With this update, the IBM SDK now disables the SSL 3.0 protocol to
address the CVE-2014-3566 issue (also known as POODLE). Refer to the IBM
article linked to in the References section for additional details about
this change and instructions on how to re-enable SSL 3.0 support if needed.

Note: This is the last update for the java-1.7.0-ibm packages distributed
via the Red Hat Enterprise Linux 6 Supplementary channels. The
RHEA-2014:1619 advisory, released as a part of Red Hat Enterprise Linux
6.6, introduced the new java-1.7.1-ibm packages. These packages contain IBM
Java SE version 7 Release 1, which adds multiple enhancements over the IBM
Java SE version 7 in the java-1.7.0-ibm packages. All java-1.7.0-ibm users
must migrate to java-1.7.1-ibm packages to continue receiving updates for
the IBM Java SE version 7 via the Red Hat Enterprise Linux 6 Supplementary
channel.

All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR8 release. All running instances
of IBM Java must be restarted for the update to take effect.