Bug 1534762 (CVE-2018-2618)
Summary: | CVE-2018-2618 OpenJDK: insufficient strength of key agreement (JCE, 8185292) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | dbhole, jvanek, security-response-team, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2018-03-14 15:38:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1528238, 1528239, 1528240, 1528241, 1528243, 1528244, 1528245, 1528246, 1535085, 1535086, 1535087, 1535088, 1535089, 1535090, 1535091, 1535092, 1535104, 1535105, 1535106, 1535107, 1546135, 1546136, 1546137, 1546138, 1546140, 1546141, 1546142, 1546143, 1549401, 1549402 | ||
Bug Blocks: | 1528235 |
Description
Tomas Hoger
2018-01-15 21:59:42 UTC
The following note related to this change can be found in the release notes for Oracle Java SE 8u161, 7u171, and 6u181: security-libs/javax.crypto Stricter key generation The generateSecret(String) method has been mostly disabled in the javax.crypto.KeyAgreement services of the SUN and SunPKCS11 providers. Invoking this method for these providers will result in a NoSuchAlgorithmException for most algorithm string arguments. The previous behavior of this method can be re-enabled by setting the value of the jdk.crypto.KeyAgreement.legacyKDF system property to true (case insensitive). Re-enabling this method by setting this system property is not recommended. JDK-8185292 (not public) http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_171 http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_181 Public now via Oracle CPU January 2018: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA The issue was fixed in Oracle JDK 9.0.4, 8u161, 7u171, and 6u181. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2018:0095 https://access.redhat.com/errata/RHSA-2018:0095 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:0099 https://access.redhat.com/errata/RHSA-2018:0099 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:0100 https://access.redhat.com/errata/RHSA-2018:0100 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:0115 https://access.redhat.com/errata/RHSA-2018:0115 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/9b819798e7b0 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:0351 https://access.redhat.com/errata/RHSA-2018:0351 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:0352 https://access.redhat.com/errata/RHSA-2018:0352 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2018:0349 https://access.redhat.com/errata/RHSA-2018:0349 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:0458 https://access.redhat.com/errata/RHSA-2018:0458 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:0521 https://access.redhat.com/errata/RHSA-2018:0521 This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:1463 https://access.redhat.com/errata/RHSA-2018:1463 This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2018:1812 https://access.redhat.com/errata/RHSA-2018:1812 |