Insufficient data authenticity validation In java-1.6.0-openjdk
Description
It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel5 | 1:1.6.0.39-1.13.11.0.el5_11 | ||
rpm rhel5 | 1:1.7.0.101-2.6.6.1.el5_11 | ||
rpm rhel7 | 1:1.6.0.39-1.13.11.0.el7_2 | ||
rpm rhel6 | 1:1.6.0.39-1.13.11.0.el6_7 | ||
rpm rhel7 | 1:1.7.0.101-2.6.6.1.el7_2 | ||
rpm rhel6 | 1:1.8.0.91-0.b14.el6_7 | ||
rpm rhel7 | 1:1.8.0.91-0.b14.el7_2 | ||
rpm rhel6 | 1:1.7.0.101-2.6.6.1.el6_7 |
Aliases
1. 2. 3.