Описание
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | java-1.6.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 5 | java-1.7.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 6 | java-1.6.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 6 | java-1.7.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 7 | java-1.6.0-openjdk | Not affected | ||
| Red Hat Enterprise Linux 7 | java-1.7.0-openjdk | Not affected | ||
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.8.0-oracle | Fixed | RHSA-2016:0055 | 21.01.2016 |
| Oracle Java for Red Hat Enterprise Linux 7 | java-1.8.0-oracle | Fixed | RHSA-2016:0055 | 21.01.2016 |
| Red Hat Enterprise Linux 6 | java-1.8.0-openjdk | Fixed | RHSA-2016:0050 | 20.01.2016 |
| Red Hat Enterprise Linux 7 | java-1.8.0-openjdk | Fixed | RHSA-2016:0049 | 20.01.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRocki ...
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Уязвимость программных платформ Jrockit и Java Platform, позволяющая нарушителю получить доступ на чтение данных или модифицировать данные
EPSS
5.8 Medium
CVSS2