Insecure digital certificates In java-1.6.0-openjdk
Description
A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel5 | 1:1.6.0.36-1.13.8.1.el5_11 | ||
rpm rhel6 | 1:1.8.0.51-0.b16.el6_6 | ||
rpm rhel7 | 1:1.6.0.36-1.13.8.1.el7_1 | ||
rpm rhel6 | 1:1.7.0.85-2.6.1.3.el6_6 | ||
rpm rhel7 | 1:1.7.0.85-2.6.1.2.el7_1 | ||
rpm rhel6 | 1:1.6.0.36-1.13.8.1.el6_7 | ||
rpm rhel5 | 1:1.7.0.85-2.6.1.3.el5_11 | ||
rpm rhel7 | 1:1.8.0.51-1.b16.el7_1 |
Aliases
1. 2. 3.