Veracode Vulnerability DatabaseVERACODE:16824Information Disclosure
EPSS
Percentile
75.8%
Java is vulnerable to information disclosure. When generating DSA signatures, the security component in OpenJDK fails to check the digest algorithm strength. The use of a digest weaker than the key strength could lead to the generation of signatures that are weaker than expected and attackers may use this vulnerability to obtain potentially confidential information.
References
lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html
rhn.redhat.com/errata/RHSA-2016-0650.html
rhn.redhat.com/errata/RHSA-2016-0651.html
rhn.redhat.com/errata/RHSA-2016-0675.html
rhn.redhat.com/errata/RHSA-2016-0676.html
rhn.redhat.com/errata/RHSA-2016-0677.html
rhn.redhat.com/errata/RHSA-2016-0678.html
rhn.redhat.com/errata/RHSA-2016-0679.html
rhn.redhat.com/errata/RHSA-2016-0723.html
www.debian.org/security/2016/dsa-3558
www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
www.securityfocus.com/bid/86438
www.securitytracker.com/id/1035596
www.ubuntu.com/usn/USN-2963-1
www.ubuntu.com/usn/USN-2964-1
www.ubuntu.com/usn/USN-2972-1
access.redhat.com/security/updates/classification/#critical
kc.mcafee.com/corporate/index?page=content&id=SB10159
rhn.redhat.com/errata/RHSA-2016-0651.html
security.gentoo.org/glsa/201606-18
security.netapp.com/advisory/ntap-20160420-0001/
Related
