Hide Forgot
It was discovered that the Elliptic Curve (EC) cryptography implementation in the Security component of OpenJDK did not perform computations for certain points correctly. An attacker able to interact with a Java application using EC cryptography could possibly use this flaw to obtain information about the used key.
Public now via Oracle CPU July 2017: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA The issue was fixed in Oracle JDK 8u141 and 7u151.
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d99101781d7e
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1791 https://access.redhat.com/errata/RHSA-2017:1791
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1790 https://access.redhat.com/errata/RHSA-2017:1790