Bug 1567126 (CVE-2018-2794)
| Summary: | CVE-2018-2794 OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | dbhole, jvanek, security-response-team, vvasilev |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-05-24 20:52:30 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1559768, 1559769, 1559770, 1559771, 1559773, 1559774, 1559775, 1559776, 1565346, 1565347, 1565348, 1565349, 1565350, 1565351, 1565352, 1565353, 1565511, 1565512, 1565513, 1565514, 1577848, 1577849, 1577850, 1577851, 1577855, 1577856, 1577857, 1577858, 1579406, 1579410, 1724840, 1724841 | ||
| Bug Blocks: | 1559778, 1569958 | ||
|
Description
Tomas Hoger
2018-04-13 13:10:35 UTC
Public now via Oracle CPU April 2018: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixJAVA The issue was fixed in Oracle JDK 10.0.1, 8u171, 7u181, and 6u191. Relevant entry in the Oracle JDK release notes: security-libs/javax.crypto Enhanced KeyStore Mechanisms A new security property named jceks.key.serialFilter has been introduced. If this filter is configured, the JCEKS KeyStore uses it during the deserialization of the encrypted Key object stored inside a SecretKeyEntry. If it is not configured or if the filter result is UNDECIDED (for example, none of the patterns match), then the filter configured by jdk.serialFilter is consulted. If the system property jceks.key.serialFilter is also supplied, it supersedes the security property value defined here. The filter pattern uses the same format as jdk.serialFilter. The default pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, and javax.crypto.spec.SecretKeySpec but rejects all the others. Customers storing a SecretKey that does not serialize to the above types must modify the filter to make the key extractable. JDK-8189997 (not public) http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_181 http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_191 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1188 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1191 OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/6cbe2e5989a8 http://hg.openjdk.java.net/jdk8u/jdk8u/langtools/rev/5e864878da06 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1201 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1202 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1204 https://access.redhat.com/errata/RHSA-2018:1204 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1203 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:1205 https://access.redhat.com/errata/RHSA-2018:1205 This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:1206 https://access.redhat.com/errata/RHSA-2018:1206 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1270 https://access.redhat.com/errata/RHSA-2018:1270 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1278 https://access.redhat.com/errata/RHSA-2018:1278 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:1721 https://access.redhat.com/errata/RHSA-2018:1721 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:1722 https://access.redhat.com/errata/RHSA-2018:1722 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:1723 https://access.redhat.com/errata/RHSA-2018:1723 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:1724 https://access.redhat.com/errata/RHSA-2018:1724 This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2018:1974 https://access.redhat.com/errata/RHSA-2018:1974 This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:1975 https://access.redhat.com/errata/RHSA-2018:1975 |