Your submission was sent successfully! Close

CVE-2016-3610

Published: 21 July 2016

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.

From the Ubuntu Security Team

A vulnerability was discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit this to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code.

Notes

AuthorNote
sbeattie
likely openjdk-8 only
Priority

Medium

CVSS 3 base score: 9.6

Status

Package Release Status
icedtea-web
Launchpad, Ubuntu, Debian
precise Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream Not vulnerable

wily Not vulnerable

xenial Not vulnerable

openjdk-6
Launchpad, Ubuntu, Debian
precise Not vulnerable
(openjdk-8 only)
trusty Does not exist
(trusty was not-affected [openjdk-8 only])
upstream Not vulnerable
(openjdk-8 only)
wily Ignored
(reached end-of-life)
xenial Does not exist

openjdk-7
Launchpad, Ubuntu, Debian
precise
Released (7u111-2.6.7-0ubuntu0.12.04.2)
trusty Does not exist
(trusty was released [7u111-2.6.7-0ubuntu0.14.04.3])
upstream Needs triage

wily Ignored
(reached end-of-life)
xenial Does not exist

openjdk-8
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Needs triage

wily
Released (8u91-b14-3ubuntu1~15.10.1)
xenial
Released (8u91-b14-3ubuntu1~16.04.1)
Patches:
upstream: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3eab3ce82c31