CVE-2016-3500

Published: 21 July 2016

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.

From the Ubuntu security team

A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
openjdk-6
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [6b40-1.13.12-0ubuntu0.14.04.2])
openjdk-7
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7u111-2.6.7-0ubuntu0.14.04.3])
openjdk-8
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (8u91-b14-3ubuntu1~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp/rev/b03b69adc909