CVE-2016-3598
Publication date 21 July 2016
Last updated 24 July 2024
Ubuntu priority
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
From the Ubuntu Security Team
A vulnerability was discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit this to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| icedtea-web | 16.04 LTS xenial |
Not affected
|
| 14.04 LTS trusty | Not in release | |
| openjdk-6 | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty | Not in release | |
| openjdk-7 | 16.04 LTS xenial | Not in release |
| 14.04 LTS trusty |
Fixed 7u111-2.6.7-0ubuntu0.14.04.3
|
|
| openjdk-8 | 16.04 LTS xenial |
Fixed 8u91-b14-3ubuntu1~16.04.1
|
| 14.04 LTS trusty | Not in release | |
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
9.6 · Critical
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3043-1
- OpenJDK 8 vulnerabilities
- 27 July 2016
- USN-3062-1
- OpenJDK 7 vulnerabilities
- 16 August 2016