The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment andthe Sun Java 6 Software Development Kit.This update fixes several vulnerabilities in the Sun Java 6 RuntimeEnvironment and the Sun Java 6 Software Development Kit. Furtherinformation about these flaws can be found on the "Oracle Java SE and Javafor Business Critical Patch Update Advisory" page, listed in the Referencessection. (CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549,CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554,CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559,CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565,CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570,CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574)The RHSA-2010:0337 update mitigated a man-in-the-middle attack in the waythe TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocolshandle session renegotiation by disabling renegotiation. This updateimplements the TLS Renegotiation Indication Extension as defined in RFC5746, allowing secure renegotiation between updated clients and servers.(CVE-2009-3555)Users of java-1.6.0-sun should upgrade to these updated packages, whichcorrect these issues. All running instances of Sun Java must be restartedfor the update to take effect.