ID CVE-2016-0636
Summary Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:icedtea7:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:icedtea7:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update73:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update73:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update74:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update74:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.7.0:update97:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.7.0:update97:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.7.0:update97:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.7.0:update97:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update74:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update74:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update73:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update73:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el6_7
            oval oval:com.redhat.rhsa:tst:20160511001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el6_7
            oval oval:com.redhat.rhsa:tst:20160511003
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el6_7
            oval oval:com.redhat.rhsa:tst:20160511005
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el6_7
            oval oval:com.redhat.rhsa:tst:20160511007
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el6_7
            oval oval:com.redhat.rhsa:tst:20160511009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    rhsa
    id RHSA-2016:0511
    released 2016-03-24
    severity Critical
    title RHSA-2016:0511: java-1.7.0-openjdk security update (Critical)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512001
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165013
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512003
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165015
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512005
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165017
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512007
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165019
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el5_11
            oval oval:com.redhat.rhsa:tst:20160512009
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165021
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512012
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009002
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512014
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675004
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512016
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009004
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512018
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512020
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675010
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512022
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el7_2
            oval oval:com.redhat.rhsa:tst:20160512024
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
    rhsa
    id RHSA-2016:0512
    released 2016-03-24
    severity Important
    title RHSA-2016:0512: java-1.7.0-openjdk security update (Important)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513003
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809016
        • AND
          • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513005
          • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160049006
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513007
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513009
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513011
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513013
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513015
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513017
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513019
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513021
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513023
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513025
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.77-0.b03.el7_2
            oval oval:com.redhat.rhsa:tst:20160513027
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2016:0513
    released 2016-03-24
    severity Critical
    title RHSA-2016:0513: java-1.8.0-openjdk security update (Critical)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514001
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636002
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514003
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919004
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514005
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636004
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514007
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919008
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514009
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514011
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514013
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514015
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514017
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514019
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919020
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514021
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.77-0.b03.el6_7
            oval oval:com.redhat.rhsa:tst:20160514023
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919024
    rhsa
    id RHSA-2016:0514
    released 2016-03-24
    severity Important
    title RHSA-2016:0514: java-1.8.0-openjdk security update (Important)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.99-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20160515001
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413002
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.99-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20160515003
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413004
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.99-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20160515005
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413006
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.99-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20160515007
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413008
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.99-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20160515009
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413010
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.99-1jpp.1.el5_11
            oval oval:com.redhat.rhsa:tst:20160515011
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20140413012
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.99-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160515014
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.99-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160515016
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.99-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160515018
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.99-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160515020
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.99-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160515022
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.99-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160515024
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.7.0-oracle is earlier than 1:1.7.0.99-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160515027
          • comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413015
        • AND
          • comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.99-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160515028
          • comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413017
        • AND
          • comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.99-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160515029
          • comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413019
        • AND
          • comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.99-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160515030
          • comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413021
        • AND
          • comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.99-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160515031
          • comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413023
        • AND
          • comment java-1.7.0-oracle-src is earlier than 1:1.7.0.99-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160515032
          • comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140413025
    rhsa
    id RHSA-2016:0515
    released 2016-03-24
    severity Critical
    title RHSA-2016:0515: java-1.7.0-oracle security update (Critical)
  • bugzilla
    id 1320650
    title CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.77-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160516001
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.77-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160516003
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.77-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160516005
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.77-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160516007
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.77-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160516009
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.77-1jpp.1.el6_7
            oval oval:com.redhat.rhsa:tst:20160516011
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment java-1.8.0-oracle is earlier than 1:1.8.0.77-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160516014
          • comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080002
        • AND
          • comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.77-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160516015
          • comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080004
        • AND
          • comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.77-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160516016
          • comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080006
        • AND
          • comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.77-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160516017
          • comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080008
        • AND
          • comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.77-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160516018
          • comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080010
        • AND
          • comment java-1.8.0-oracle-src is earlier than 1:1.8.0.77-1jpp.1.el7
            oval oval:com.redhat.rhsa:tst:20160516019
          • comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150080012
    rhsa
    id RHSA-2016:0516
    released 2016-03-24
    severity Critical
    title RHSA-2016:0516: java-1.8.0-oracle security update (Critical)
rpms
  • java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el6_7
  • java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-accessibility-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-debuginfo-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-headless-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el7_2
  • java-1.8.0-openjdk-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-demo-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-devel-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-headless-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-src-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-src-debug-1:1.8.0.77-0.b03.el7_2
  • java-1.8.0-openjdk-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-debuginfo-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-demo-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-devel-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-headless-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-javadoc-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-src-1:1.8.0.77-0.b03.el6_7
  • java-1.8.0-openjdk-src-debug-1:1.8.0.77-0.b03.el6_7
  • java-1.7.0-oracle-1:1.7.0.99-1jpp.1.el5_11
  • java-1.7.0-oracle-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-1:1.7.0.99-1jpp.1.el7
  • java-1.7.0-oracle-devel-1:1.7.0.99-1jpp.1.el5_11
  • java-1.7.0-oracle-devel-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-devel-1:1.7.0.99-1jpp.1.el7
  • java-1.7.0-oracle-javafx-1:1.7.0.99-1jpp.1.el5_11
  • java-1.7.0-oracle-javafx-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-javafx-1:1.7.0.99-1jpp.1.el7
  • java-1.7.0-oracle-jdbc-1:1.7.0.99-1jpp.1.el5_11
  • java-1.7.0-oracle-jdbc-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-jdbc-1:1.7.0.99-1jpp.1.el7
  • java-1.7.0-oracle-plugin-1:1.7.0.99-1jpp.1.el5_11
  • java-1.7.0-oracle-plugin-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-plugin-1:1.7.0.99-1jpp.1.el7
  • java-1.7.0-oracle-src-1:1.7.0.99-1jpp.1.el5_11
  • java-1.7.0-oracle-src-1:1.7.0.99-1jpp.1.el6_7
  • java-1.7.0-oracle-src-1:1.7.0.99-1jpp.1.el7
  • java-1.8.0-oracle-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-1:1.8.0.77-1jpp.1.el7
  • java-1.8.0-oracle-devel-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-devel-1:1.8.0.77-1jpp.1.el7
  • java-1.8.0-oracle-javafx-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-javafx-1:1.8.0.77-1jpp.1.el7
  • java-1.8.0-oracle-jdbc-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-jdbc-1:1.8.0.77-1jpp.1.el7
  • java-1.8.0-oracle-plugin-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-plugin-1:1.8.0.77-1jpp.1.el7
  • java-1.8.0-oracle-src-1:1.8.0.77-1jpp.1.el6_7
  • java-1.8.0-oracle-src-1:1.8.0.77-1jpp.1.el7
refmap via4
bid 85376
confirm
debian DSA-3558
gentoo
  • GLSA-201606-18
  • GLSA-201610-08
sectrack 1035401
suse
  • SUSE-SU-2016:0956
  • SUSE-SU-2016:0957
  • SUSE-SU-2016:0959
  • openSUSE-SU-2016:0971
  • openSUSE-SU-2016:0983
  • openSUSE-SU-2016:1004
  • openSUSE-SU-2016:1005
  • openSUSE-SU-2016:1042
ubuntu USN-2942-1
Last major update 13-05-2022 - 14:57
Published 24-03-2016 - 18:59
Last modified 13-05-2022 - 14:57
Back to Top