It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. This problem was originally addressed as part of October 2016 CPU as CVE-2016-5542 (bug 1385723). In that update, the following changes were made: - New security property jdk.jar.disabledAlgorithms was introduced, which can be used to restrict which algorithms can be used for jar verification. - MD2 hash algorithm and RSA keys with less than 1024 bits were disabled by default. At the same time, it was announced that the MD5 has algorithm was going to be disabled in the future updates. It was originally planned to get disabled as part of the January 2017 CPU, but the change was further postponed to the April 2017 CPU. Hence, MD5 is now becoming disabled by default. The further details of the planned cryptography changes are available on the "Oracle JRE and JDK Cryptographic Roadmap" page: https://www.java.com/en/jre-jdk-cryptoroadmap.html
Relevant entry in the Oracle JDK release notes: http://www.oracle.com/technetwork/java/javase/8u131-relnotes-3565278.html http://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_141 http://www.oracle.com/technetwork/java/javase/documentation/overview-156328.html#R160_151 security-libs/java.security MD5 added to jdk.jar.disabledAlgorithms Security property This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files: * Applets or Web Start Applications * Standalone or Server Applications that are run with a SecurityManager enabled and are configured with a policy file that grants permissions based on the code signer(s) of the JAR file. The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files. To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key. For example, to check a JAR file named test.jar, use the following command: jarsigner -verify test.jar If the file in this example was signed with a weak signature algorithm like MD5withRSA, the following output would be displayed: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled. Re-run jarsigner with the -verbose option for more details. More details can be displayed by using the verbose option: jarsigner -verify -verbose test.jar The following output would be displayed: - Signed by "CN=weak_signer" Digest algorithm: MD5 (weak) Signature algorithm: MD5withRSA (weak), 512-bit key (weak) Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA256withRSA, 2048-bit key To address the issue, the JAR file will need to be re-signed with a stronger algorithm or key size. Alternatively, the restrictions can be reverted by removing the applicable weak algorithms or key sizes from the jdk.jar.disabledAlgorithms security property; however, this option is not recommended. Before re-signing affected JARs, the existing signature(s) should be removed from the JAR file. This can be done with the .zip utility, as follows: zip -d test.jar 'META-INF/.SF' 'META-INF/.RSA' 'META-INF/*.DSA' Please periodically check the Oracle JRE and JDK Cryptographic Roadmap at http://java.com/cryptoroadmap for planned restrictions to signed JARs and other security components. JDK-8171121 (not public)
Public now via Oracle CPU April 20167, fixed in Oracle JDK 8u131, 7u141, and 6u151. External References: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA
OpenJDK8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1f2ff3f1882a
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1109
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1108
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1118
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1117
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2017:1119 https://access.redhat.com/errata/RHSA-2017:1119
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:1204 https://access.redhat.com/errata/RHSA-2017:1204
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:1222
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1221
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1220
This issue has been addressed in the following products: Red Hat Satellite 5.8 Red Hat Satellite 5.8 ELS Via RHSA-2017:3453 https://access.redhat.com/errata/RHSA-2017:3453