CVE-2016-3426

Published: 21 April 2016

Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.

From the Ubuntu security team

A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network.

Priority

Low

CVSS 3 base score: 3.1

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(openjdk-8 only)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [openjdk-8 only])
openjdk-7
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(openjdk-8 only)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [openjdk-8 only])
openjdk-8
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (8u91-b14-0ubuntu4~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist