Back to bug 1385723
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-10-17 15:04:51 UTC | CC | security-response-team | |
| Tomas Hoger | 2016-10-17 15:04:56 UTC | Blocks | 1381992 | |
| Tomas Hoger | 2016-10-18 07:18:12 UTC | Whiteboard | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N,cwe=CWE-327,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected |
| Tomas Hoger | 2016-10-18 11:41:41 UTC | Doc Text | It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. | |
| Tomas Hoger | 2016-10-18 20:10:30 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) | CVE-2016-5542 OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973) | ||
| Tomas Hoger | 2016-10-18 20:59:30 UTC | Whiteboard | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N,cwe=CWE-327,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N,cwe=CWE-327,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
| Norman Sardella | 2016-10-19 13:31:54 UTC | CC | sardella | |
| Eric Christensen | 2016-10-20 17:20:53 UTC | Doc Text | It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. | It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm. |
| Tomas Hoger | 2016-10-31 20:57:44 UTC | Whiteboard | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N,cwe=CWE-327,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N,cwe=CWE-327,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-5/java-1.7.0-ibm=affected,rhel-6/java-1.7.1-ibm=affected,rhel-7/java-1.7.1-ibm=affected,rhel-6/java-1.8.0-ibm=affected,rhel-7/java-1.8.0-ibm=affected |
| kat | 2016-10-31 22:19:46 UTC | CC | kbost | |
| Tomas Hoger | 2017-01-13 08:12:30 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-13 03:12:30 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:58:49 UTC | Whiteboard | impact=moderate,public=20161018,reported=20161014,source=oracle,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cvss3=3.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N,cwe=CWE-327,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-5/java-1.7.0-ibm=affected,rhel-6/java-1.7.1-ibm=affected,rhel-7/java-1.7.1-ibm=affected,rhel-6/java-1.8.0-ibm=affected,rhel-7/java-1.8.0-ibm=affected |
Back to bug 1385723