CVE-2017-10118 log

Severity Medium
Remote Yes
Type Private key recovery
A covert timing channel flaw was found in the ECDSA implementation in the JCE component of OpenJDK.  A remote attacker able to make a Java application generate ECDSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel.
Group Package Affected Fixed Severity Status Ticket
AVG-380 jdk7-openjdk 7.u131_2.6.9-1 7.u151_2.6.11-1 Critical Fixed
Date Advisory Group Package Severity Type
12 Aug 2017 ASA-201708-8 AVG-380 jdk7-openjdk Critical multiple issues