Back to bug 1328059
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-04-18 10:35:32 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-18 10:35:32 UTC | Doc Type | --- | Bug Fix |
| Tomas Hoger | 2016-04-18 10:35:37 UTC | Blocks | 1324915 | |
| Tomas Hoger | 2016-04-19 20:35:14 UTC | Doc Text | It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. | |
| Tomas Hoger | 2016-04-19 20:54:35 UTC | Whiteboard | impact=low,public=20160419,reported=20160415,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=notaffected,rhel-6/java-1.6.0-openjdk=notaffected,rhel-7/java-1.6.0-openjdk=notaffected,rhel-5/java-1.7.0-openjdk=notaffected,rhel-6/java-1.7.0-openjdk=notaffected,rhel-7/java-1.7.0-openjdk=notaffected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=low,public=20160419,reported=20160415,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=notaffected,rhel-6/java-1.6.0-openjdk=notaffected,rhel-7/java-1.6.0-openjdk=notaffected,rhel-5/java-1.7.0-openjdk=notaffected,rhel-6/java-1.7.0-openjdk=notaffected,rhel-7/java-1.7.0-openjdk=notaffected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
| Tomas Hoger | 2016-04-19 21:00:00 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) | CVE-2016-3426 OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945) | ||
| Tomas Hoger | 2016-04-20 19:49:50 UTC | Doc Text | It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. | It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. |
| Tomas Hoger | 2016-04-27 11:09:44 UTC | Whiteboard | impact=low,public=20160419,reported=20160415,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=notaffected,rhel-6/java-1.6.0-openjdk=notaffected,rhel-7/java-1.6.0-openjdk=notaffected,rhel-5/java-1.7.0-openjdk=notaffected,rhel-6/java-1.7.0-openjdk=notaffected,rhel-7/java-1.7.0-openjdk=notaffected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected | impact=low,public=20160419,reported=20160415,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=notaffected,rhel-6/java-1.6.0-openjdk=notaffected,rhel-7/java-1.6.0-openjdk=notaffected,rhel-5/java-1.7.0-openjdk=notaffected,rhel-6/java-1.7.0-openjdk=notaffected,rhel-7/java-1.7.0-openjdk=notaffected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-5/java-1.7.0-ibm=affected,rhel-6/java-1.7.1-ibm=affected,rhel-7/java-1.7.1-ibm=affected,rhel-6/java-1.8.0-ibm=affected,rhel-7/java-1.8.0-ibm=affected |
| John Skeoch | 2016-05-05 04:42:01 UTC | CC | sbaiduzh | oskutka |
| Ondrej Skutka | 2016-05-09 14:35:22 UTC | CC | oskutka | |
| Tomas Hoger | 2016-05-11 15:53:13 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-11 11:53:13 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:47:33 UTC | Whiteboard | impact=low,public=20160419,reported=20160415,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=notaffected,rhel-6/java-1.6.0-openjdk=notaffected,rhel-7/java-1.6.0-openjdk=notaffected,rhel-5/java-1.7.0-openjdk=notaffected,rhel-6/java-1.7.0-openjdk=notaffected,rhel-7/java-1.7.0-openjdk=notaffected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-5/java-1.7.0-ibm=affected,rhel-6/java-1.7.1-ibm=affected,rhel-7/java-1.7.1-ibm=affected,rhel-6/java-1.8.0-ibm=affected,rhel-7/java-1.8.0-ibm=affected |
Back to bug 1328059