CVE-2016-3426
First published: Mon Apr 18 2016(Updated: )
It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component of OpenJDK used non-constant time comparison when comparing GCM authentication tag. A remote attacker could possibly use this flaw to determine correct value of the authentication tag and bypass authentication protections of GCM.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK | =1.8.0-update77 | |
| Oracle JRE | =1.8.0-update77 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2016-0650.html
- http://rhn.redhat.com/errata/RHSA-2016-0651.html
- http://rhn.redhat.com/errata/RHSA-2016-0677.html
- http://rhn.redhat.com/errata/RHSA-2016-0701.html
- http://rhn.redhat.com/errata/RHSA-2016-0702.html
- http://rhn.redhat.com/errata/RHSA-2016-0708.html
- http://rhn.redhat.com/errata/RHSA-2016-0716.html
- http://rhn.redhat.com/errata/RHSA-2016-1039.html
- http://www.debian.org/security/2016/dsa-3558
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/86449
- http://www.securitytracker.com/id/1035596
- http://www.ubuntu.com/usn/USN-2963-1
- https://access.redhat.com/errata/RHSA-2016:1430
- https://access.redhat.com/errata/RHSA-2017:1216
- https://security.gentoo.org/glsa/201610-08
- https://security.netapp.com/advisory/ntap-20160420-0001/
- http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2016-0651.html
- https://rhn.redhat.com/errata/RHSA-2016-0650.html
- https://rhn.redhat.com/errata/RHSA-2016-0677.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/4c53be81bc7a
- https://rhn.redhat.com/errata/RHSA-2016-0701.html
- https://rhn.redhat.com/errata/RHSA-2016-0702.html
- https://rhn.redhat.com/errata/RHSA-2016-0708.html
- https://rhn.redhat.com/errata/RHSA-2016-0716.html
- https://rhn.redhat.com/errata/RHSA-2016-1039.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1328059
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3426
- agent/tags
- agent/severity
- agent/description
- agent/references
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle jdk
- version/oracle jdk/1.8.0-update77
- canonical/oracle jre
- version/oracle jre/1.8.0-update77