CVE-2017-10118 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Private key recovery
Description	A covert timing channel flaw was found in the ECDSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate ECDSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-380	jdk7-openjdk	7.u131_2.6.9-1	7.u151_2.6.11-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
12 Aug 2017	ASA-201708-8	AVG-380	jdk7-openjdk	Critical	multiple issues

References
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/996632997de8