java security update

CentOS Errata and Security Advisory CESA-2016:1776

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment
and the OpenJDK 6 Java Software Development Kit.

Security Fix(es):

• An insufficient bytecode verification flaw was discovered in the Hotspot
  component in OpenJDK. An untrusted Java application or applet could use this
  flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606)

• Multiple denial of service flaws were found in the JAXP component in OpenJDK.
  A specially crafted XML file could cause a Java application using JAXP to
  consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500,
  CVE-2016-3508)

• Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An
  untrusted Java application or applet could use these flaws to bypass certain
  Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-August/084216.html
https://lists.centos.org/pipermail/centos-announce/2016-August/084217.html
https://lists.centos.org/pipermail/centos-announce/2016-August/084218.html

Affected packages:
java-1.6.0-openjdk
java-1.6.0-openjdk-demo
java-1.6.0-openjdk-devel
java-1.6.0-openjdk-javadoc
java-1.6.0-openjdk-src

Upstream details at:
https://access.redhat.com/errata/RHSA-2016:1776