Your submission was sent successfully! Close

CVE-2016-3508

Published: 21 July 2016

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.

From the Ubuntu Security Team

A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit this to cause a denial of service.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

wily Not vulnerable

xenial Not vulnerable

openjdk-6
Launchpad, Ubuntu, Debian
precise
Released (6b40-1.13.12-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [6b40-1.13.12-0ubuntu0.14.04.2])
upstream Needs triage

wily Ignored
(reached end-of-life)
xenial Does not exist

openjdk-7
Launchpad, Ubuntu, Debian
precise
Released (7u111-2.6.7-0ubuntu0.12.04.2)
trusty Does not exist
(trusty was released [7u111-2.6.7-0ubuntu0.14.04.3])
upstream Needs triage

wily Ignored
(reached end-of-life)
xenial Does not exist

openjdk-8
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Needs triage

wily
Released (8u91-b14-3ubuntu1~15.10.1)
xenial
Released (8u91-b14-3ubuntu1~16.04.1)
Patches:
upstream: http://hg.openjdk.java.net/jdk8u/jdk8u/jaxp/rev/c678c1a31a55