CVE-2017-10135 log
Source |
|
Severity | Low |
Remote | Yes |
Type | Private key recovery |
Description | A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-380 | jdk7-openjdk | 7.u131_2.6.9-1 | 7.u151_2.6.11-1 | Critical | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
12 Aug 2017 | ASA-201708-8 | AVG-380 | jdk7-openjdk | Critical | multiple issues |
References |
---|
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27 |