REDHAT-BUG-2257874
First published: Thu Jan 11 2024(Updated: )
It was discovered that the DOMRSAPSSSignatureMethod and DOMSignatureMethod classes in the Security component of OpenJDK could log private keys used for digital signature in debug logs, possibly leading the exposure of sensitive information to unstrusted parties.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK 17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:0249
- https://access.redhat.com/errata/RHSA-2024:0225
- https://access.redhat.com/errata/RHSA-2024:0234
- https://access.redhat.com/errata/RHSA-2024:0241
- https://access.redhat.com/errata/RHSA-2024:0222
- https://access.redhat.com/errata/RHSA-2024:0230
- https://access.redhat.com/errata/RHSA-2024:0231
- https://access.redhat.com/errata/RHSA-2024:0239
- https://access.redhat.com/errata/RHSA-2024:0246
- https://access.redhat.com/errata/RHSA-2024:0240
- https://access.redhat.com/errata/RHSA-2024:0247
- https://access.redhat.com/errata/RHSA-2024:0250
- https://access.redhat.com/errata/RHSA-2024:0224
- https://access.redhat.com/errata/RHSA-2024:0223
- https://access.redhat.com/errata/RHSA-2024:0232
- https://access.redhat.com/errata/RHSA-2024:0226
- https://access.redhat.com/errata/RHSA-2024:0233
- https://access.redhat.com/errata/RHSA-2024:0235
- https://access.redhat.com/errata/RHSA-2024:0265
- https://access.redhat.com/errata/RHSA-2024:0267
- https://access.redhat.com/errata/RHSA-2024:0228
- https://access.redhat.com/errata/RHSA-2024:0242
- https://access.redhat.com/errata/RHSA-2024:0237
- https://access.redhat.com/errata/RHSA-2024:0244
- https://access.redhat.com/errata/RHSA-2024:0248
- https://access.redhat.com/errata/RHSA-2024:0266
- https://github.com/openjdk/jdk8u/commit/7c693ce955410dddca5c21d1c748440a977b6278
- https://github.com/openjdk/jdk11u/commit/4ec94b1aa7a8833c33f97f37a434d2ae4b54b500
- https://github.com/openjdk/jdk17u/commit/020abea4f3cfd15fa25c95db7a49f1d09d4f0ecb
- https://github.com/openjdk/jdk21u/commit/f281d5a444a48882f15d9095a26f69751ff2c524
- https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u401-relnotes.html
- https://www.oracle.com/java/technologies/javase/8u401-perf-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-22-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-10-relnotes.html
- https://www.oracle.com/java/technologies/javase/21-0-2-relnotes.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2257874
Frequently Asked Questions
What is the severity of REDHAT-BUG-2257874?
The severity of REDHAT-BUG-2257874 is high due to the potential exposure of private keys in debug logs.
How do I fix REDHAT-BUG-2257874?
To fix REDHAT-BUG-2257874, ensure you update to the latest patched version of OpenJDK as recommended by your vendor.
What are the risks associated with REDHAT-BUG-2257874?
The risks associated with REDHAT-BUG-2257874 include unauthorized access to private keys, leading to compromised digital signatures and sensitive data exposure.
Which OpenJDK versions are affected by REDHAT-BUG-2257874?
REDHAT-BUG-2257874 affects Oracle OpenJDK, particularly version 17.
Is there a way to mitigate the impact of REDHAT-BUG-2257874 if I cannot update immediately?
You can mitigate the impact of REDHAT-BUG-2257874 by disabling debug logging in your OpenJDK configuration until you are able to apply the necessary updates.
- agent/severity
- agent/description
- agent/first-publish-date
- agent/type
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-20945
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/openjdk 17