CVE-2014-4244
First published: Mon Jul 14 2014(Updated: )
It was discovered that the RSA algorithm in the OpenJDK Security component did not sufficiently preform "blinding" while performing operations using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the keys used.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK | =1.5.0-update65 | |
| Oracle JDK | =1.6.0-update75 | |
| Oracle JDK | =1.7.0-update60 | |
| Oracle JDK | =1.8.0-update5 | |
| Oracle JRE | =1.5.0-update65 | |
| Oracle JRE | =1.6.0-update75 | |
| Oracle JRE | =1.7.0-update60 | |
| Oracle JRE | =1.8.0-update5 | |
| Oracle JRockit | =r27.8.2 | |
| Oracle JRockit | =r28.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html
- http://marc.info/?l=bugtraq&m=140852886808946&w=2
- http://marc.info/?l=bugtraq&m=140852974709252&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0264.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/58830
- http://secunia.com/advisories/59404
- http://secunia.com/advisories/59503
- http://secunia.com/advisories/59680
- http://secunia.com/advisories/59924
- http://secunia.com/advisories/59985
- http://secunia.com/advisories/59986
- http://secunia.com/advisories/59987
- http://secunia.com/advisories/60002
- http://secunia.com/advisories/60031
- http://secunia.com/advisories/60032
- http://secunia.com/advisories/60081
- http://secunia.com/advisories/60129
- http://secunia.com/advisories/60245
- http://secunia.com/advisories/60317
- http://secunia.com/advisories/60326
- http://secunia.com/advisories/60335
- http://secunia.com/advisories/60485
- http://secunia.com/advisories/60497
- http://secunia.com/advisories/60622
- http://secunia.com/advisories/60812
- http://secunia.com/advisories/60817
- http://secunia.com/advisories/60831
- http://secunia.com/advisories/60846
- http://secunia.com/advisories/60890
- http://secunia.com/advisories/61050
- http://secunia.com/advisories/61215
- http://secunia.com/advisories/61254
- http://secunia.com/advisories/61264
- http://secunia.com/advisories/61278
- http://secunia.com/advisories/61293
- http://secunia.com/advisories/61294
- http://secunia.com/advisories/61417
- http://secunia.com/advisories/61469
- http://secunia.com/advisories/61577
- http://secunia.com/advisories/61640
- http://secunia.com/advisories/61846
- http://secunia.com/advisories/62314
- http://security.gentoo.org/glsa/glsa-201502-12.xml
- http://www-01.ibm.com/support/docview.wss?uid=swg21680334
- http://www-01.ibm.com/support/docview.wss?uid=swg21681379
- http://www-01.ibm.com/support/docview.wss?uid=swg21681966
- http://www-01.ibm.com/support/docview.wss?uid=swg21683338
- http://www-01.ibm.com/support/docview.wss?uid=swg21683429
- http://www-01.ibm.com/support/docview.wss?uid=swg21683438
- http://www-01.ibm.com/support/docview.wss?uid=swg21683484
- http://www-01.ibm.com/support/docview.wss?uid=swg21685121
- http://www-01.ibm.com/support/docview.wss?uid=swg21685122
- http://www-01.ibm.com/support/docview.wss?uid=swg21685178
- http://www-01.ibm.com/support/docview.wss?uid=swg21685242
- http://www-01.ibm.com/support/docview.wss?uid=swg21686142
- http://www-01.ibm.com/support/docview.wss?uid=swg21686383
- http://www-01.ibm.com/support/docview.wss?uid=swg21686824
- http://www-01.ibm.com/support/docview.wss?uid=swg21688893
- http://www-01.ibm.com/support/docview.wss?uid=swg21689593
- http://www.debian.org/security/2014/dsa-2980
- http://www.debian.org/security/2014/dsa-2987
- http://www.ibm.com/support/docview.wss?uid=swg21683518
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/68624
- http://www.securitytracker.com/id/1030577
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://access.redhat.com/errata/RHSA-2014:0902
- https://access.redhat.com/errata/RHSA-2014:0908
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94605
- https://kc.mcafee.com/corporate/index?page=content&id=SB10083
- https://www.ibm.com/support/docview.wss?uid=swg21680418
- https://rhn.redhat.com/errata/RHSA-2014-0890.html
- https://rhn.redhat.com/errata/RHSA-2014-0889.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028550.html
- http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-July/028584.html
- http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/aa2b20532c67
- http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/3a2c7340f7de
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2014-0902.html
- https://rhn.redhat.com/errata/RHSA-2014-0908.html
- https://rhn.redhat.com/errata/RHSA-2014-0907.html
- https://rhn.redhat.com/errata/RHSA-2014-1033.html
- https://rhn.redhat.com/errata/RHSA-2014-1036.html
- https://rhn.redhat.com/errata/RHSA-2014-1042.html
- https://rhn.redhat.com/errata/RHSA-2014-1041.html
- https://rhn.redhat.com/errata/RHSA-2015-0264.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1119475
- collector/nvd-index
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-4244
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.5.0-update65
- version/oracle jdk/1.6.0-update75
- version/oracle jdk/1.7.0-update60
- version/oracle jdk/1.8.0-update5
- canonical/oracle jre
- version/oracle jre/1.5.0-update65
- version/oracle jre/1.6.0-update75
- version/oracle jre/1.7.0-update60
- version/oracle jre/1.8.0-update5
- canonical/oracle jrockit
- version/oracle jrockit/r27.8.2
- version/oracle jrockit/r28.3.2