ID

VAR-201505-0233

CVE

CVE-2015-4000

TITLE

OpenSSL CVE-2015-1793 Certificate Verification Security Bypass Vulnerability

DESCRIPTION

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. OpenSSL is prone to a security-bypass vulnerability because the application fails to properly verify SSL, TLS, and DTLS certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks and bypass certain security restrictions. This may aid in further attacks. OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n, and 1.0.1o are vulnerable. OpenSSL Security Advisory [11 Jun 2015] ======================================= DHE man-in-the-middle protection (Logjam) ==================================================================== A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000). OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release. OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team. Malformed ECParameters causes infinite loop (CVE-2015-1788) =========================================================== Severity: Moderate When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field. This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled. 1.0.0d and 0.9.8r and below are affected. OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team. Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) =============================================================== Severity: Moderate X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string. An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks. OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team. PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) ========================================================= Severity: Moderate The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing. Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected. OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team. CMS verify infinite loop with unknown hash function (CVE-2015-1792) =================================================================== Severity: Moderate When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID. This can be used to perform denial of service against any system which verifies signedData messages using the CMS code. OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team. Race condition handling NewSessionTicket (CVE-2015-1791) ======================================================== Severity: Low If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data. OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team. Invalid free in DTLS (CVE-2014-8176) ==================================== Severity: Moderate This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014. If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption. This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying. The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8). Note ==== As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html . v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI Performance for QA v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for IP Multicast QA v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for MPLS VPN v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for IP Telephony v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI for NET v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI Performance for Metrics v9.0x, v9.1x, v9.2x, v10.0x HP Network Node Manager iSPI Performance for Traffic v9.0x, v9.1x, v9.2x, v10.0x BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-0204 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following updates for HP Network Node Manager i and Smart Plugins (iSPIs) HP Network Node Manager i and Smart Plugins (iSPIs) Version Link to update for CVE-2015-4000 (LogJam) HP Network Node Manager i version v9.1x, v9.2x iSPI Performance for QA iSPI for IP Multicast iSPI for MPLS VPN iSPI for IP Telephony https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01704653 HP Network Node Manager iSPI for Metrics v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740484 HP Network Node Manager iSPI for Traffic v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740489 Note: v10.x is not affected by LogJam HP Network Node Manager i and Smart Plugins (iSPIs) Version Link to update for CVE-2015-2808 (Bar Mitzvah) HP Network Node Manager i version v9.1x, v9.2x, v10.x iSPI Performance for QA iSPI for IP Multicast iSPI for MPLS VPN iSPI for IP Telephony https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01704651 HP Network Node Manager iSPI for Metrics v9.1x, v9.2x, v10.0x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740486 HP Network Node Manager iSPI for Traffic v9.1x, v9.2x, v10.0x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740487 HP Network Node Manager i and Smart Plugins (iSPIs) Version Link to update for CVE-2015-0204 (Freak) HP Network Node Manager i version v9.x, v10.x iSPI Performance for QA iSPI for IP Multicast iSPI for MPLS VPN iSPI for IP Telephony https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01704633https://softwaresupport.hp.com/group/softwaresupport/ search-result/-/facetsearch/document/KM01704633 HP Network Node Manager iSPI for Metrics v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740481 HP Network Node Manager iSPI for Traffic v9.1x, v9.2x https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse arch/document/KM01740488 Note: v10.x is not affected by FREAK HISTORY Version:1 (rev.1) - 20 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. CVE-2016-1978 Eric Rescorla discovered a user-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1. For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1. We recommend that you upgrade your nss packages. HP Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40 Server BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2015-4000 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI d=emr_na-c01345499 RESOLUTION HPE has made the following mitigation information available to resolve the vulnerability for the impacted versions of HPE Service Manager: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetse arch/document/KM01728543 For versions 9.30, 9.31, 9.32, 9.33, 9.34 please: Upgrade to SM 9.35.P4 (recommended) or SM 9.34.P5 SM9.35 P4 package, SM 9.35 AIX Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143332 SM 9.35 HP Itanium Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143206 SM 9.35 HP Itanium Server for Oracle 12c 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143388 SM 9.35 Linux Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143530 SM 9.35 Solaris Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143276 SM 9.35 Windows Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143589 SM 9.34.P5 package, AIX Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02310304 HP Itanium Server 9.34.5003 p5 <[https://softwaresupport.hpe.com/km/KM02311066> Linux Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02310566 Solaris Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02311656 Windows Server 9.34.5003 p5 https://softwaresupport.hpe.com/km/KM02310486 For versions 9.35 please: Upgrade to SM 9.35.P4 SM9.35 P4 package, SM 9.35 AIX Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143332 SM 9.35 HP Itanium Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143206 SM 9.35 HP Itanium Server for Oracle 12c 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143388 SM 9.35 Linux Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143530 SM 9.35 Solaris Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143276 SM 9.35 Windows Server 9.35.4001 p4 https://softwaresupport.hpe.com/km/KM02143589 For versions 9.40 please: Upgrade to SM 9.41.P3 SM9.41.P3 package, Service Manager 9.41.3016 p3 - Server for AIX https://softwaresupport.hpe.com/km/KM02236813 Service Manager 9.41.3016 p3 - Server for HP-UX/IA https://softwaresupport.hpe.com/km/KM02236897 Service Manager 9.41.3016 p3 - Server for Linux https://softwaresupport.hpe.com/km/KM02236827 Service Manager 9.41.3016 p3 - Server for Solaris https://softwaresupport.hpe.com/km/KM02236843 Service Manager 9.41.3016 p3 - Server for Windows https://softwaresupport.hpe.com/km/KM02236929 HISTORY Version:1 (rev.1) - 1 July 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. HP Operations Manager for Windows v8.10, v8.16, and v9.0. Release Date: 2015-08-05 Last Updated: 2015-08-05 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled. This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information. References: CVE-2015-4000: DHE man-in-the-middle protection (Logjam). BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided an updated version of OpenSSL to resolve this vulnerability. A new B.11.31 depot for OpenSSL_A.01.00.01p is available here: https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I MANUAL ACTIONS: Yes - Update PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.31 ================== openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 5 August 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.5.0-ibm security update Advisory ID: RHSA-2015:1544-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1544.html Issue date: 2015-08-04 CVE Names: CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. (CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: This update forces the TLS/SSL client implementation in IBM JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. IBM Java SDK and JRE 5.0 will not receive software updates after September 2015. This date is referred to as the End of Service (EOS) date. Customers are advised to migrate to current versions of IBM Java at this time. IBM Java SDK and JRE versions 6 and 7 are available via the Red Hat Enterprise Linux 5 and 6 Supplementary content sets and will continue to receive updates based on IBM's lifecycle policy, linked to in the References section. Customers can also consider OpenJDK, an open source implementation of the Java SE specification. OpenJDK is available by default on supported hardware architectures. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1242019 - CVE-2015-2601 OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865) 1242234 - CVE-2015-4731 OpenJDK: improper permission checks in MBeanServerInvocationHandler (JMX, 8076397) 1242240 - CVE-2015-4732 OpenJDK: insufficient context checks during object deserialization (Libraries, 8076405) 1242275 - CVE-2015-4733 OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409) 1242281 - CVE-2015-4748 OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374) 1242372 - CVE-2015-2621 OpenJDK: incorrect code permission checks in RMIConnectionImpl (JMX, 8075853) 1242379 - CVE-2015-4749 OpenJDK: DnsClient fails to release request information after error (JNDI, 8075378) 1242394 - CVE-2015-2632 ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520) 1242447 - CVE-2015-4760 ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715) 1243139 - CVE-2015-2590 OpenJDK: deserialization issue in ObjectInputStream.readSerialData() (Libraries, 8076401) 1243283 - CVE-2015-2638 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243287 - CVE-2015-2637 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D) 1243300 - CVE-2015-2664 Oracle JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment) 1244828 - CVE-2015-1931 IBM JDK: plain text data stored in memory dumps 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-plugin-1.5.0.16.13-1jpp.3.el6_7.i686.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm java-1.5.0-ibm-src-1.5.0.16.13-1jpp.3.el6_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-1931 https://access.redhat.com/security/cve/CVE-2015-2590 https://access.redhat.com/security/cve/CVE-2015-2601 https://access.redhat.com/security/cve/CVE-2015-2621 https://access.redhat.com/security/cve/CVE-2015-2632 https://access.redhat.com/security/cve/CVE-2015-2637 https://access.redhat.com/security/cve/CVE-2015-2638 https://access.redhat.com/security/cve/CVE-2015-2664 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2015-4731 https://access.redhat.com/security/cve/CVE-2015-4732 https://access.redhat.com/security/cve/CVE-2015-4733 https://access.redhat.com/security/cve/CVE-2015-4748 https://access.redhat.com/security/cve/CVE-2015-4749 https://access.redhat.com/security/cve/CVE-2015-4760 https://access.redhat.com/security/updates/classification/#important https://www.ibm.com/developerworks/java/jdk/alerts/ https://www.ibm.com/developerworks/java/jdk/lifecycle/ https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c33 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVwPPkXlSAg2UNWIIRAo58AJ0f5ydeQDOPD94MBu+9dLB4StLPgACgv9P0 jLcHugyRDfZPLmcsHXcjvoY= =lSeA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Unlike the TLS server-side version of Logjam, this vulnerability affects the client-side TLS connection on iLO, or when the iLO acts as a client in a client-server connection

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

Input Validation Error

EXTERNAL IDS

REFERENCES