Launchpad.net

CVE 2014-0411

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake.

Related bugs and status

CVE-2014-0411 (Candidate) is related to these bugs:

Bug #1283828: "Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4

		In	Importance	Status
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Quantal)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Saucy)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Trusty)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Lucid)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-6 (Ubuntu Precise)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Precise)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Quantal)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Saucy)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	openjdk-7 (Ubuntu Trusty)	Undecided	Fix Released
1283828	"Cannot find any provider supporting RSA/ECB/OAEPPadding" error after upgrading to openjdk-6 6b27-1.12.6-1ubuntu0.12.04.4	Iced Tea	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.oracle.com/...
BID: 64758
CONFIRM: http://hg.openjdk.java...
CONFIRM: https://bugzilla.redha...
BID: 64918
OSVDB: 102028
SECTRACK: 1029608
SECUNIA: 56432
SECUNIA: 56485
SECUNIA: 56486
SECUNIA: 56487
SECUNIA: 56535
REDHAT: RHSA-2014:0026
REDHAT: RHSA-2014:0027
REDHAT: RHSA-2014:0097
REDHAT: RHSA-2014:0136
REDHAT: RHSA-2014:0030
REDHAT: RHSA-2014:0134
REDHAT: RHSA-2014:0135
SUSE: openSUSE-SU-2014:0174
SUSE: SUSE-SU-2014:0246
SUSE: SUSE-SU-2014:0266
SUSE: openSUSE-SU-2014:0177
SUSE: openSUSE-SU-2014:0180
UBUNTU: USN-2089-1
UBUNTU: USN-2124-1
SUSE: SUSE-SU-2014:0451
CONFIRM: http://www.ibm.com/sup...
CONFIRM: https://www.ibm.com/su...
SECUNIA: 59071
SECUNIA: 59082
SECUNIA: 59254
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 59251
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 59704
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www.ibm.com/sup...
CONFIRM: https://www.ibm.com/su...
SECUNIA: 57809
SECUNIA: 59037
SECUNIA: 59665
SECUNIA: 59872
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-947.ibm.com...
SECUNIA: 60005
SECUNIA: 60498
CONFIRM: http://www-01.ibm.com/...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 60833
SECUNIA: 60835
SECUNIA: 60836
SECUNIA: 59194
SECUNIA: 59235
SECUNIA: 59283
SECUNIA: 59324
SECUNIA: 59339
SECUNIA: 59705
HP: HPSBUX02972
HP: HPSBUX02973
HP: SSRT101454
HP: SSRT101455
XF: oracle-cpujan2014-cve2...
REDHAT: RHSA-2014:0414