A vulnerability was found in the Java Certificate Management System (CMS) keystore provider that could potentially allow an attacker to recover the private key from CMS keystores via a brute-force attack. External References: http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July_2014 http://www-01.ibm.com/support/docview.wss?uid=swg21680334 http://xforce.iss.net/xforce/xfdb/93756
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1041 https://rhn.redhat.com/errata/RHSA-2014-1041.html Supplementary for Red Hat Enterprise Linux 7 Via RHSA-2014:1042 https://rhn.redhat.com/errata/RHSA-2014-1042.html Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1036 https://rhn.redhat.com/errata/RHSA-2014-1036.html Supplementary for Red Hat Enterprise Linux 5 Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1033 https://rhn.redhat.com/errata/RHSA-2014-1033.html
This issue has been addressed in the following products: Red Hat Satellite Server v 5.6 Via RHSA-2015:0264 https://rhn.redhat.com/errata/RHSA-2015-0264.html