CVE-2017-10388 - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)

CVE-2017-10388

Summary

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

References

Vulnerable Configurations

cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

redhat via4

advisories

bugzilla

id	1503169
title	CVE-2017-10356 OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998001
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998003
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919004

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998005
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998007
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998009
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998011
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919012

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998013
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998015
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998017
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998019
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998021
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.151-1.b12.el6_9
oval oval:com.redhat.rhsa:tst:20172998023
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998026
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998027
comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150809016

AND

comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998029
comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20160049006

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998031
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919004

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998032
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998033
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998034
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998035
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919012

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998036
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998037
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998038
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998039
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-javadoc-zip is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998040
comment java-1.8.0-openjdk-javadoc-zip is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170180041

AND

comment java-1.8.0-openjdk-javadoc-zip-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998042
comment java-1.8.0-openjdk-javadoc-zip-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20170180043

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998044
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.151-1.b12.el7_4
oval oval:com.redhat.rhsa:tst:20172998045
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

rhsa

id	RHSA-2017:2998
released	2017-10-20
severity	Critical
title	RHSA-2017:2998: java-1.8.0-openjdk security update (Critical)

bugzilla

id	1503320
title	CVE-2017-10293 Oracle JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.151-1jpp.5.el7
oval oval:com.redhat.rhsa:tst:20172999001
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.151-1jpp.5.el7
oval oval:com.redhat.rhsa:tst:20172999003
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.151-1jpp.5.el7
oval oval:com.redhat.rhsa:tst:20172999005
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.151-1jpp.5.el7
oval oval:com.redhat.rhsa:tst:20172999007
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.151-1jpp.5.el7
oval oval:com.redhat.rhsa:tst:20172999009
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.151-1jpp.5.el7
oval oval:com.redhat.rhsa:tst:20172999011
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.151-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20172999014
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.151-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20172999015
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.151-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20172999016
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.151-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20172999017
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.151-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20172999018
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.151-1jpp.1.el6
oval oval:com.redhat.rhsa:tst:20172999019
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

rhsa

id	RHSA-2017:2999
released	2017-10-23
severity	Critical
title	RHSA-2017:2999: java-1.8.0-oracle security update (Critical)

bugzilla

id	1503320
title	CVE-2017-10293 Oracle JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.161-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173046001
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.161-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173046003
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.161-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173046005
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.161-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173046007
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.161-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173046009
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.161-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173046011
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.161-1jpp.3.el6
oval oval:com.redhat.rhsa:tst:20173046014
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.161-1jpp.3.el6
oval oval:com.redhat.rhsa:tst:20173046015
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.161-1jpp.3.el6
oval oval:com.redhat.rhsa:tst:20173046016
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.161-1jpp.3.el6
oval oval:com.redhat.rhsa:tst:20173046017
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.161-1jpp.3.el6
oval oval:com.redhat.rhsa:tst:20173046018
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.161-1jpp.3.el6
oval oval:com.redhat.rhsa:tst:20173046019
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

rhsa

id	RHSA-2017:3046
released	2017-10-24
severity	Important
title	RHSA-2017:3046: java-1.7.0-oracle security update (Important)

bugzilla

id	1503320
title	CVE-2017-10293 Oracle JDK: unspecified vulnerability fixed in 6u171, 7u161, 8u151, and 9.0.1 (Javadoc)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.6.0-sun is earlier than 1:1.6.0.171-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173047001
comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414015

AND

comment java-1.6.0-sun-demo is earlier than 1:1.6.0.171-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173047003
comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414017

AND

comment java-1.6.0-sun-devel is earlier than 1:1.6.0.171-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173047005
comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414019

AND

comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.171-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173047007
comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414021

AND

comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.171-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173047009
comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414023

AND

comment java-1.6.0-sun-src is earlier than 1:1.6.0.171-1jpp.4.el7
oval oval:com.redhat.rhsa:tst:20173047011
comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414025

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.6.0-sun is earlier than 1:1.6.0.171-1jpp.4.el6
oval oval:com.redhat.rhsa:tst:20173047014
comment java-1.6.0-sun is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414015

AND

comment java-1.6.0-sun-demo is earlier than 1:1.6.0.171-1jpp.4.el6
oval oval:com.redhat.rhsa:tst:20173047015
comment java-1.6.0-sun-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414017

AND

comment java-1.6.0-sun-devel is earlier than 1:1.6.0.171-1jpp.4.el6
oval oval:com.redhat.rhsa:tst:20173047016
comment java-1.6.0-sun-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414019

AND

comment java-1.6.0-sun-jdbc is earlier than 1:1.6.0.171-1jpp.4.el6
oval oval:com.redhat.rhsa:tst:20173047017
comment java-1.6.0-sun-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414021

AND

comment java-1.6.0-sun-plugin is earlier than 1:1.6.0.171-1jpp.4.el6
oval oval:com.redhat.rhsa:tst:20173047018
comment java-1.6.0-sun-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414023

AND

comment java-1.6.0-sun-src is earlier than 1:1.6.0.171-1jpp.4.el6
oval oval:com.redhat.rhsa:tst:20173047019
comment java-1.6.0-sun-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140414025

rhsa

id	RHSA-2017:3047
released	2017-10-24
severity	Important
title	RHSA-2017:3047: java-1.6.0-sun security update (Important)

bugzilla

id	1503169
title	CVE-2017-10356 OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.161-2.6.12.0.el6_9
oval oval:com.redhat.rhsa:tst:20173392001
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.161-2.6.12.0.el6_9
oval oval:com.redhat.rhsa:tst:20173392003
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.161-2.6.12.0.el6_9
oval oval:com.redhat.rhsa:tst:20173392005
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.161-2.6.12.0.el6_9
oval oval:com.redhat.rhsa:tst:20173392007
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.161-2.6.12.0.el6_9
oval oval:com.redhat.rhsa:tst:20173392009
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.161-2.6.12.0.el7_4
oval oval:com.redhat.rhsa:tst:20173392012
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.161-2.6.12.0.el7_4
oval oval:com.redhat.rhsa:tst:20173392013
comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675004

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.161-2.6.12.0.el7_4
oval oval:com.redhat.rhsa:tst:20173392015
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.161-2.6.12.0.el7_4
oval oval:com.redhat.rhsa:tst:20173392016
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.161-2.6.12.0.el7_4
oval oval:com.redhat.rhsa:tst:20173392017
comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675010

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.161-2.6.12.0.el7_4
oval oval:com.redhat.rhsa:tst:20173392019
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.161-2.6.12.0.el7_4
oval oval:com.redhat.rhsa:tst:20173392020
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

rhsa

id	RHSA-2017:3392
released	2017-12-06
severity	Important
title	RHSA-2017:3392: java-1.7.0-openjdk security and bug fix update (Important)

rhsa
id RHSA-2017:3264
rhsa
id RHSA-2017:3267
rhsa
id RHSA-2017:3268
rhsa
id RHSA-2017:3453

rpms

java-1.8.0-openjdk-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-accessibility-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-accessibility-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-debuginfo-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-debuginfo-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-demo-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-demo-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-demo-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-demo-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-devel-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-devel-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-devel-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-devel-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-headless-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-headless-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-headless-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-headless-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-javadoc-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-zip-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-javadoc-zip-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-src-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-src-1:1.8.0.151-1.b12.el7_4
java-1.8.0-openjdk-src-debug-1:1.8.0.151-1.b12.el6_9
java-1.8.0-openjdk-src-debug-1:1.8.0.151-1.b12.el7_4
java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7
java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7
java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7
java-1.8.0-ibm-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.2.el7
java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-demo-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-jdbc-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-plugin-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-src-1:1.8.0.5.5-1jpp.1.el6_9
java-1.7.1-ibm-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-demo-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-devel-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-jdbc-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-plugin-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.2.el7
java-1.7.1-ibm-src-1:1.7.1.4.15-1jpp.3.el6_9
java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-accessibility-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-debuginfo-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-debuginfo-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-demo-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-demo-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-devel-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-devel-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-headless-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-javadoc-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-javadoc-1:1.7.0.161-2.6.12.0.el7_4
java-1.7.0-openjdk-src-1:1.7.0.161-2.6.12.0.el6_9
java-1.7.0-openjdk-src-1:1.7.0.161-2.6.12.0.el7_4
java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9

refmap via4

bid	101321
confirm	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://security.netapp.com/advisory/ntap-20171019-0001/ https://www.synology.com/support/security/Synology_SA_17_66_OpenJDK
debian	DSA-4015 DSA-4048
gentoo	GLSA-201710-31 GLSA-201711-14
mlist	[debian-lts-announce] 20171123 [SECURITY] [DLA 1187-1] openjdk-7 security update
sectrack	1039596

Last major update

13-05-2022 - 14:57

Published

19-10-2017 - 17:29

Last modified

13-05-2022 - 14:57