Bug 2015311 (CVE-2021-35603)
Summary: | CVE-2021-35603 OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | ahughes, chazlett, java-qa, jochrist, jvanek, neugens, pjindal, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-20 14:09:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2012332, 2012333, 2012334, 2012335, 2012336, 2012337, 2012338, 2012339, 2013841, 2013842, 2014299, 2014300, 2014301, 2014302, 2057129, 2057130, 2057131, 2061939, 2070472 | ||
Bug Blocks: | 2011827 |
Description
Tomas Hoger
2021-10-18 21:04:04 UTC
Public now via Oracle CPU October 2021: https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixJAVA Fixed in Oracle Java SE 17.0.1, 11.0.13, 8u311, and 7u321. This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3886 https://access.redhat.com/errata/RHSA-2021:3886 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3884 https://access.redhat.com/errata/RHSA-2021:3884 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3885 https://access.redhat.com/errata/RHSA-2021:3885 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3893 https://access.redhat.com/errata/RHSA-2021:3893 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3887 https://access.redhat.com/errata/RHSA-2021:3887 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3891 https://access.redhat.com/errata/RHSA-2021:3891 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-35603 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3889 https://access.redhat.com/errata/RHSA-2021:3889 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3892 https://access.redhat.com/errata/RHSA-2021:3892 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u312 Via RHSA-2021:3960 https://access.redhat.com/errata/RHSA-2021:3960 This issue has been addressed in the following products: Red Hat Build of OpenJDK 8u312 Via RHSA-2021:3961 https://access.redhat.com/errata/RHSA-2021:3961 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.13 Via RHSA-2021:3967 https://access.redhat.com/errata/RHSA-2021:3967 This issue has been addressed in the following products: Red Hat Build of OpenJDK 11.0.13 Via RHSA-2021:3968 https://access.redhat.com/errata/RHSA-2021:3968 OpenJDK-11 upstream commit: https://github.com/openjdk/jdk11u-dev/commit/d5d203f9c5ae0979d60aa423c2a4409dd8ddcf1a OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/54441ec952f7 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4135 https://access.redhat.com/errata/RHSA-2021:4135 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.1 Via RHSA-2021:4532 https://access.redhat.com/errata/RHSA-2021:4532 This issue has been addressed in the following products: Red Hat Build of OpenJDK 17.0.1 Via RHSA-2021:4531 https://access.redhat.com/errata/RHSA-2021:4531 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0970 https://access.redhat.com/errata/RHSA-2022:0970 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:0969 https://access.redhat.com/errata/RHSA-2022:0969 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2022:0968 https://access.redhat.com/errata/RHSA-2022:0968 |