CVE-2018-2579
Table of Contents
It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out.
Find out more about CVE-2018-2579 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
CVSS3 Base Score | 3.7 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity Impact | None |
Availability Impact | None |
Red Hat Security Errata
Platform | Errata | Release Date |
---|---|---|
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) | RHSA-2018:1463 | 2018-05-15 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) | RHSA-2018:0351 | 2018-02-26 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2018:0521 | 2018-03-14 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2018:0458 | 2018-03-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) | RHSA-2018:0352 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Affected Packages State
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Will not fix |