CVE-2016-0636 - Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect c

CVE-2016-0636

Summary

Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

References

Vulnerable Configurations

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea7:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:icedtea7:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update73:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update73:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update74:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update74:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update97:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update97:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update97:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update97:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update74:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update74:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update73:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update73:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-05-2022 - 14:57)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

redhat via4

advisories

bugzilla

id	1320650
title	CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el6_7
oval oval:com.redhat.rhsa:tst:20160511001
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el6_7
oval oval:com.redhat.rhsa:tst:20160511003
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el6_7
oval oval:com.redhat.rhsa:tst:20160511005
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el6_7
oval oval:com.redhat.rhsa:tst:20160511007
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el6_7
oval oval:com.redhat.rhsa:tst:20160511009
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

rhsa

id	RHSA-2016:0511
released	2016-03-24
severity	Critical
title	RHSA-2016:0511: java-1.7.0-openjdk security update (Critical)

bugzilla

id	1320650
title	CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el5_11
oval oval:com.redhat.rhsa:tst:20160512001
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165013

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el5_11
oval oval:com.redhat.rhsa:tst:20160512003
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165015

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el5_11
oval oval:com.redhat.rhsa:tst:20160512005
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165017

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el5_11
oval oval:com.redhat.rhsa:tst:20160512007
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165019

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el5_11
oval oval:com.redhat.rhsa:tst:20160512009
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20130165021

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-openjdk is earlier than 1:1.7.0.99-2.6.5.0.el7_2
oval oval:com.redhat.rhsa:tst:20160512012
comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009002

AND

comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.99-2.6.5.0.el7_2
oval oval:com.redhat.rhsa:tst:20160512014
comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675004

AND

comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.99-2.6.5.0.el7_2
oval oval:com.redhat.rhsa:tst:20160512016
comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009004

AND

comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.99-2.6.5.0.el7_2
oval oval:com.redhat.rhsa:tst:20160512018
comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009006

AND

comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.99-2.6.5.0.el7_2
oval oval:com.redhat.rhsa:tst:20160512020
comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140675010

AND

comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.99-2.6.5.0.el7_2
oval oval:com.redhat.rhsa:tst:20160512022
comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009008

AND

comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.99-2.6.5.0.el7_2
oval oval:com.redhat.rhsa:tst:20160512024
comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20121009010

rhsa

id	RHSA-2016:0512
released	2016-03-24
severity	Important
title	RHSA-2016:0512: java-1.7.0-openjdk security update (Important)

bugzilla

id	1320650
title	CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513001
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513003
comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150809016

AND

comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513005
comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20160049006

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513007
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919004

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513009
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513011
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513013
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513015
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919012

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513017
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513019
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513021
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513023
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513025
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.77-0.b03.el7_2
oval oval:com.redhat.rhsa:tst:20160513027
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

rhsa

id	RHSA-2016:0513
released	2016-03-24
severity	Critical
title	RHSA-2016:0513: java-1.8.0-openjdk security update (Critical)

bugzilla

id	1320650
title	CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-openjdk is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514001
comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636002

AND

comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514003
comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919004

AND

comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514005
comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636004

AND

comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514007
comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919008

AND

comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514009
comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636006

AND

comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514011
comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919012

AND

comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514013
comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636008

AND

comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514015
comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919016

AND

comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514017
comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636010

AND

comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514019
comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919020

AND

comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514021
comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141636012

AND

comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.77-0.b03.el6_7
oval oval:com.redhat.rhsa:tst:20160514023
comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20151919024

rhsa

id	RHSA-2016:0514
released	2016-03-24
severity	Important
title	RHSA-2016:0514: java-1.8.0-openjdk security update (Important)

bugzilla

id	1320650
title	CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.99-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20160515001
comment java-1.7.0-oracle is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413002

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.99-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20160515003
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413004

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.99-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20160515005
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413006

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.99-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20160515007
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413008

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.99-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20160515009
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413010

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.99-1jpp.1.el5_11
oval oval:com.redhat.rhsa:tst:20160515011
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20140413012

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.99-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160515014
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.99-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160515016
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.99-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160515018
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.99-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160515020
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.99-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160515022
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.99-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160515024
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.7.0-oracle is earlier than 1:1.7.0.99-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160515027
comment java-1.7.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413015

AND

comment java-1.7.0-oracle-devel is earlier than 1:1.7.0.99-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160515028
comment java-1.7.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413017

AND

comment java-1.7.0-oracle-javafx is earlier than 1:1.7.0.99-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160515029
comment java-1.7.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413019

AND

comment java-1.7.0-oracle-jdbc is earlier than 1:1.7.0.99-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160515030
comment java-1.7.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413021

AND

comment java-1.7.0-oracle-plugin is earlier than 1:1.7.0.99-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160515031
comment java-1.7.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413023

AND

comment java-1.7.0-oracle-src is earlier than 1:1.7.0.99-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160515032
comment java-1.7.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140413025

rhsa

id	RHSA-2016:0515
released	2016-03-24
severity	Critical
title	RHSA-2016:0515: java-1.7.0-oracle security update (Critical)

bugzilla

id	1320650
title	CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666)

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.77-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160516001
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.77-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160516003
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.77-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160516005
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.77-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160516007
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.77-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160516009
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.77-1jpp.1.el6_7
oval oval:com.redhat.rhsa:tst:20160516011
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment java-1.8.0-oracle is earlier than 1:1.8.0.77-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160516014
comment java-1.8.0-oracle is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080002

AND

comment java-1.8.0-oracle-devel is earlier than 1:1.8.0.77-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160516015
comment java-1.8.0-oracle-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080004

AND

comment java-1.8.0-oracle-javafx is earlier than 1:1.8.0.77-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160516016
comment java-1.8.0-oracle-javafx is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080006

AND

comment java-1.8.0-oracle-jdbc is earlier than 1:1.8.0.77-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160516017
comment java-1.8.0-oracle-jdbc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080008

AND

comment java-1.8.0-oracle-plugin is earlier than 1:1.8.0.77-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160516018
comment java-1.8.0-oracle-plugin is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080010

AND

comment java-1.8.0-oracle-src is earlier than 1:1.8.0.77-1jpp.1.el7
oval oval:com.redhat.rhsa:tst:20160516019
comment java-1.8.0-oracle-src is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20150080012

rhsa

id	RHSA-2016:0516
released	2016-03-24
severity	Critical
title	RHSA-2016:0516: java-1.8.0-oracle security update (Critical)

rpms

java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el6_7
java-1.7.0-openjdk-debuginfo-1:1.7.0.99-2.6.5.0.el6_7
java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el6_7
java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el6_7
java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el6_7
java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el6_7
java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el5_11
java-1.7.0-openjdk-1:1.7.0.99-2.6.5.0.el7_2
java-1.7.0-openjdk-accessibility-1:1.7.0.99-2.6.5.0.el7_2
java-1.7.0-openjdk-debuginfo-1:1.7.0.99-2.6.5.0.el5_11
java-1.7.0-openjdk-debuginfo-1:1.7.0.99-2.6.5.0.el7_2
java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el5_11
java-1.7.0-openjdk-demo-1:1.7.0.99-2.6.5.0.el7_2
java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el5_11
java-1.7.0-openjdk-devel-1:1.7.0.99-2.6.5.0.el7_2
java-1.7.0-openjdk-headless-1:1.7.0.99-2.6.5.0.el7_2
java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el5_11
java-1.7.0-openjdk-javadoc-1:1.7.0.99-2.6.5.0.el7_2
java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el5_11
java-1.7.0-openjdk-src-1:1.7.0.99-2.6.5.0.el7_2
java-1.8.0-openjdk-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-accessibility-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-accessibility-debug-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-debug-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-debuginfo-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-demo-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-demo-debug-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-devel-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-devel-debug-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-headless-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-headless-debug-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-javadoc-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-src-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-src-debug-1:1.8.0.77-0.b03.el7_2
java-1.8.0-openjdk-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-debug-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-debuginfo-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-demo-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-demo-debug-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-devel-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-devel-debug-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-headless-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-headless-debug-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-javadoc-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-javadoc-debug-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-src-1:1.8.0.77-0.b03.el6_7
java-1.8.0-openjdk-src-debug-1:1.8.0.77-0.b03.el6_7
java-1.7.0-oracle-1:1.7.0.99-1jpp.1.el5_11
java-1.7.0-oracle-1:1.7.0.99-1jpp.1.el6_7
java-1.7.0-oracle-1:1.7.0.99-1jpp.1.el7
java-1.7.0-oracle-devel-1:1.7.0.99-1jpp.1.el5_11
java-1.7.0-oracle-devel-1:1.7.0.99-1jpp.1.el6_7
java-1.7.0-oracle-devel-1:1.7.0.99-1jpp.1.el7
java-1.7.0-oracle-javafx-1:1.7.0.99-1jpp.1.el5_11
java-1.7.0-oracle-javafx-1:1.7.0.99-1jpp.1.el6_7
java-1.7.0-oracle-javafx-1:1.7.0.99-1jpp.1.el7
java-1.7.0-oracle-jdbc-1:1.7.0.99-1jpp.1.el5_11
java-1.7.0-oracle-jdbc-1:1.7.0.99-1jpp.1.el6_7
java-1.7.0-oracle-jdbc-1:1.7.0.99-1jpp.1.el7
java-1.7.0-oracle-plugin-1:1.7.0.99-1jpp.1.el5_11
java-1.7.0-oracle-plugin-1:1.7.0.99-1jpp.1.el6_7
java-1.7.0-oracle-plugin-1:1.7.0.99-1jpp.1.el7
java-1.7.0-oracle-src-1:1.7.0.99-1jpp.1.el5_11
java-1.7.0-oracle-src-1:1.7.0.99-1jpp.1.el6_7
java-1.7.0-oracle-src-1:1.7.0.99-1jpp.1.el7
java-1.8.0-oracle-1:1.8.0.77-1jpp.1.el6_7
java-1.8.0-oracle-1:1.8.0.77-1jpp.1.el7
java-1.8.0-oracle-devel-1:1.8.0.77-1jpp.1.el6_7
java-1.8.0-oracle-devel-1:1.8.0.77-1jpp.1.el7
java-1.8.0-oracle-javafx-1:1.8.0.77-1jpp.1.el6_7
java-1.8.0-oracle-javafx-1:1.8.0.77-1jpp.1.el7
java-1.8.0-oracle-jdbc-1:1.8.0.77-1jpp.1.el6_7
java-1.8.0-oracle-jdbc-1:1.8.0.77-1jpp.1.el7
java-1.8.0-oracle-plugin-1:1.8.0.77-1jpp.1.el6_7
java-1.8.0-oracle-plugin-1:1.8.0.77-1jpp.1.el7
java-1.8.0-oracle-src-1:1.8.0.77-1jpp.1.el6_7
java-1.8.0-oracle-src-1:1.8.0.77-1jpp.1.el7

refmap via4

bid	85376
confirm	http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html https://security.netapp.com/advisory/ntap-20160328-0001/
debian	DSA-3558
gentoo	GLSA-201606-18 GLSA-201610-08
sectrack	1035401
suse	SUSE-SU-2016:0956 SUSE-SU-2016:0957 SUSE-SU-2016:0959 openSUSE-SU-2016:0971 openSUSE-SU-2016:0983 openSUSE-SU-2016:1004 openSUSE-SU-2016:1005 openSUSE-SU-2016:1042
ubuntu	USN-2942-1

Last major update

13-05-2022 - 14:57

Published

24-03-2016 - 18:59

Last modified

13-05-2022 - 14:57