The Diffie-Hellman (DH) key exchange algorithm implementation in the OpenJDK Security component failed to validate public Diffie-Hellman parameters properly. This could allow OpenJDK implementation to accept and use weak parameters, making it possible for attackers to recover the negotiated key.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0890 https://rhn.redhat.com/errata/RHSA-2014-0890.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:0889 https://rhn.redhat.com/errata/RHSA-2014-0889.html
Fixed now in Oracle Java SE 5u71, 6.0u81, 7.0u65, and 8.0u11 via Critical Patch Update July 2014. Fixed in IcedTea 1.13.4 for OpenJDK 6: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028550.html Fixed in IcedTea 2.5.1 for OpenJDK 7: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html OpenJDK 6 Patch(es): http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/784690a0e7cd OpenJDK 7 Patch(es): http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/de5bbcf48c88 External reference: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
This issue has been addressed in following products: Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 5 Via RHSA-2014:0902 https://rhn.redhat.com/errata/RHSA-2014-0902.html
This issue has been addressed in following products: Oracle Java for Red Hat Enterprise Linux 5 Oracle Java for Red Hat Enterprise Linux 6 Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2014:0908 https://rhn.redhat.com/errata/RHSA-2014-0908.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2014:0907 https://rhn.redhat.com/errata/RHSA-2014-0907.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1033 https://rhn.redhat.com/errata/RHSA-2014-1033.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1036 https://rhn.redhat.com/errata/RHSA-2014-1036.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 7 Via RHSA-2014:1042 https://rhn.redhat.com/errata/RHSA-2014-1042.html
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1041 https://rhn.redhat.com/errata/RHSA-2014-1041.html
This issue has been addressed in the following products: Red Hat Satellite Server v 5.6 Via RHSA-2015:0264 https://rhn.redhat.com/errata/RHSA-2015-0264.html