ID CVE-2017-10388
Summary Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1503169
    title CVE-2017-10356 OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998003
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998005
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998007
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998009
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998011
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998013
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998015
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998017
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998019
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998021
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.151-1.b12.el6_9
            oval oval:com.redhat.rhsa:tst:20172998023
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998026
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998027
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998029
          • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160049006
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998031
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998032
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998033
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998034
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998035
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998036
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998037
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998038
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998039
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998040
          • comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180041
        • AND
          • comment java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998042
          • comment java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170180043
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998044
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.151-1.b12.el7_4
            oval oval:com.redhat.rhsa:tst:20172998045
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2017:2998
    released 2017-10-20
    severity Critical
    title RHSA-2017:2998: java-1.8.0-openjdk security update (Critical)
  • bugzilla
    id 1503320
    title CVE-2017-10293 Oracle JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.151-1jpp.5.el7
            oval oval:com.redhat.rhsa:tst:20172999001
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.151-1jpp.5.el7
            oval oval:com.redhat.rhsa:tst:20172999003
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.151-1jpp.5.el7
            oval oval:com.redhat.rhsa:tst:20172999005
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.151-1jpp.5.el7
            oval oval:com.redhat.rhsa:tst:20172999007
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.151-1jpp.5.el7
            oval oval:com.redhat.rhsa:tst:20172999009
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.151-1jpp.5.el7
            oval oval:com.redhat.rhsa:tst:20172999011
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20172999014
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20172999015
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20172999016
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20172999017
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20172999018
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.151-1jpp.1.el6
            oval oval:com.redhat.rhsa:tst:20172999019
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    rhsa
    id RHSA-2017:2999
    released 2017-10-23
    severity Critical
    title RHSA-2017:2999: java-1.8.0-oracle security update (Critical)
  • bugzilla
    id 1503320
    title CVE-2017-10293 Oracle JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.161-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173046001
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.161-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173046003
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.161-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173046005
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.161-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173046007
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.161-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173046009
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.161-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173046011
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.161-1jpp.3.el6
            oval oval:com.redhat.rhsa:tst:20173046014
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.161-1jpp.3.el6
            oval oval:com.redhat.rhsa:tst:20173046015
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.161-1jpp.3.el6
            oval oval:com.redhat.rhsa:tst:20173046016
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.161-1jpp.3.el6
            oval oval:com.redhat.rhsa:tst:20173046017
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.161-1jpp.3.el6
            oval oval:com.redhat.rhsa:tst:20173046018
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.161-1jpp.3.el6
            oval oval:com.redhat.rhsa:tst:20173046019
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    rhsa
    id RHSA-2017:3046
    released 2017-10-24
    severity Important
    title RHSA-2017:3046: java-1.7.0-oracle security update (Important)
  • bugzilla
    id 1503320
    title CVE-2017-10293 Oracle JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.171-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173047001
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.171-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173047003
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.171-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173047005
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.171-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173047007
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.171-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173047009
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.171-1jpp.4.el7
            oval oval:com.redhat.rhsa:tst:20173047011
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.6.0-sun is earlier than 1:1.6.0.171-1jpp.4.el6
            oval oval:com.redhat.rhsa:tst:20173047014
          • comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414015
        • AND
          • comment java-1.6.0-sun-demo is earlier than 1:1.6.0.171-1jpp.4.el6
            oval oval:com.redhat.rhsa:tst:20173047015
          • comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414017
        • AND
          • comment java-1.6.0-sun-devel is earlier than 1:1.6.0.171-1jpp.4.el6
            oval oval:com.redhat.rhsa:tst:20173047016
          • comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414019
        • AND
          • comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.171-1jpp.4.el6
            oval oval:com.redhat.rhsa:tst:20173047017
          • comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414021
        • AND
          • comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.171-1jpp.4.el6
            oval oval:com.redhat.rhsa:tst:20173047018
          • comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414023
        • AND
          • comment java-1.6.0-sun-src is earlier than 1:1.6.0.171-1jpp.4.el6
            oval oval:com.redhat.rhsa:tst:20173047019
          • comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140414025
    rhsa
    id RHSA-2017:3047
    released 2017-10-24
    severity Important
    title RHSA-2017:3047: java-1.6.0-sun security update (Important)
  • bugzilla
    id 1503169
    title CVE-2017-10356 OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.161-2.6.12.0.el6_9
            oval oval:com.redhat.rhsa:tst:20173392001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.161-2.6.12.0.el6_9
            oval oval:com.redhat.rhsa:tst:20173392003
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.161-2.6.12.0.el6_9
            oval oval:com.redhat.rhsa:tst:20173392005
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.161-2.6.12.0.el6_9
            oval oval:com.redhat.rhsa:tst:20173392007
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.161-2.6.12.0.el6_9
            oval oval:com.redhat.rhsa:tst:20173392009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.161-2.6.12.0.el7_4
            oval oval:com.redhat.rhsa:tst:20173392012
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.161-2.6.12.0.el7_4
            oval oval:com.redhat.rhsa:tst:20173392013
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675004
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.161-2.6.12.0.el7_4
            oval oval:com.redhat.rhsa:tst:20173392015
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.161-2.6.12.0.el7_4
            oval oval:com.redhat.rhsa:tst:20173392016
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.161-2.6.12.0.el7_4
            oval oval:com.redhat.rhsa:tst:20173392017
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675010
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.161-2.6.12.0.el7_4
            oval oval:com.redhat.rhsa:tst:20173392019
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.161-2.6.12.0.el7_4
            oval oval:com.redhat.rhsa:tst:20173392020
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    rhsa
    id RHSA-2017:3392
    released 2017-12-06
    severity Important
    title RHSA-2017:3392: java-1.7.0-openjdk security and bug fix update (Important)
  • rhsa
    id RHSA-2017:3264
  • rhsa
    id RHSA-2017:3267
  • rhsa
    id RHSA-2017:3268
  • rhsa
    id RHSA-2017:3453
rpms
  • java-1.8.0-openjdk-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-accessibility-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-debug-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-demo-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-demo-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-devel-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-devel-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-headless-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-headless-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-javadoc-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-javadoc-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-javadoc-zip-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-src-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-src-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-openjdk-src-debug-1:1.8.0.151-1.b12.el6_9
  • java-1.8.0-openjdk-src-debug-1:1.8.0.151-1.b12.el7_4
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6
  • java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6
  • java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7
  • java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7
  • java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6
  • java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.2.el7
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.7.1-ibm-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.2.el7
  • java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.3.el6_9
  • java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el6_9
  • java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.7.0-openjdk-accessibility-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.161-2.6.12.0.el6_9
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.7.0-openjdk-demo-1:1.7.0.161-2.6.12.0.el6_9
  • java-1.7.0-openjdk-demo-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.7.0-openjdk-devel-1:1.7.0.161-2.6.12.0.el6_9
  • java-1.7.0-openjdk-devel-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.7.0-openjdk-headless-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.7.0-openjdk-javadoc-1:1.7.0.161-2.6.12.0.el6_9
  • java-1.7.0-openjdk-javadoc-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.7.0-openjdk-src-1:1.7.0.161-2.6.12.0.el6_9
  • java-1.7.0-openjdk-src-1:1.7.0.161-2.6.12.0.el7_4
  • java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
  • java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9
refmap via4
bid 101321
confirm
debian
  • DSA-4015
  • DSA-4048
gentoo
  • GLSA-201710-31
  • GLSA-201711-14
mlist [debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update
sectrack 1039596
Last major update 13-05-2022 - 14:57
Published 19-10-2017 - 17:29
Last modified 13-05-2022 - 14:57
Back to Top