It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret.
Find out more about CVE-2018-2618 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 5.9 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | None |
Availability Impact | None |
Platform | Errata | Release Date |
---|---|---|
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) | RHSA-2018:1463 | 2018-05-15 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) | RHSA-2018:0351 | 2018-02-26 |
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) | RHSA-2018:0521 | 2018-03-14 |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) | RHSA-2018:0458 | 2018-03-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) | RHSA-2018:0352 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) | RHSA-2018:0115 | 2018-01-22 |
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) | RHSA-2018:1812 | 2018-06-07 |
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) | RHSA-2018:0100 | 2018-01-18 |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) | RHSA-2018:0095 | 2018-01-17 |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) | RHSA-2018:0349 | 2018-02-26 |
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) | RHSA-2018:0099 | 2018-01-18 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 6 | java-1.6.0-ibm | Will not fix |