ID CVE-2016-3610
Summary Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:jdk:1.8.0:update_91:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update_91:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdk:1.8.0:update_92:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdk:1.8.0:update_92:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_91:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*
    cpe:2.3:a:oracle:jre:1.8.0:update_92:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 10-11-2017 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 1357506
    title CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458011
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-accessibility is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458017
          • comment java-1.8.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20150809023
        • AND
          • comment java-1.8.0-openjdk-accessibility-debug is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458025
          • comment java-1.8.0-openjdk-accessibility-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20160049016
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458013
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458021
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458007
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919018
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458019
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636016
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458015
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458027
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458005
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919006
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458031
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636014
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458029
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919028
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458023
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.101-3.b13.el7_2
            oval oval:com.redhat.rhsa:tst:20161458009
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919022
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment java-1.8.0-openjdk is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458043
          • comment java-1.8.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636006
        • AND
          • comment java-1.8.0-openjdk-debug is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458044
          • comment java-1.8.0-openjdk-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919012
        • AND
          • comment java-1.8.0-openjdk-demo is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458041
          • comment java-1.8.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636012
        • AND
          • comment java-1.8.0-openjdk-demo-debug is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458042
          • comment java-1.8.0-openjdk-demo-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919018
        • AND
          • comment java-1.8.0-openjdk-devel is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458038
          • comment java-1.8.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636016
        • AND
          • comment java-1.8.0-openjdk-devel-debug is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458040
          • comment java-1.8.0-openjdk-devel-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919016
        • AND
          • comment java-1.8.0-openjdk-headless is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458046
          • comment java-1.8.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636008
        • AND
          • comment java-1.8.0-openjdk-headless-debug is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458039
          • comment java-1.8.0-openjdk-headless-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919006
        • AND
          • comment java-1.8.0-openjdk-javadoc is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458047
          • comment java-1.8.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636014
        • AND
          • comment java-1.8.0-openjdk-javadoc-debug is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458048
          • comment java-1.8.0-openjdk-javadoc-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919028
        • AND
          • comment java-1.8.0-openjdk-src is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458045
          • comment java-1.8.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141636010
        • AND
          • comment java-1.8.0-openjdk-src-debug is earlier than 1:1.8.0.101-3.b13.el6_8
            oval oval:com.redhat.rhsa:tst:20161458037
          • comment java-1.8.0-openjdk-src-debug is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20151919022
    rhsa
    id RHSA-2016:1458
    released 2016-07-20
    severity Critical
    title RHSA-2016:1458: java-1.8.0-openjdk security update (Critical)
  • bugzilla
    id 1357506
    title CVE-2016-3550 OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.111-2.6.7.1.el5_11
            oval oval:com.redhat.rhsa:tst:20161504010
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165017
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.111-2.6.7.1.el5_11
            oval oval:com.redhat.rhsa:tst:20161504002
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165025
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.111-2.6.7.1.el5_11
            oval oval:com.redhat.rhsa:tst:20161504004
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165023
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.111-2.6.7.1.el5_11
            oval oval:com.redhat.rhsa:tst:20161504006
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165021
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.111-2.6.7.1.el5_11
            oval oval:com.redhat.rhsa:tst:20161504008
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20130165019
    • AND
      • OR
        • comment Red Hat Enterprise Linux 7 Client is installed
          oval oval:com.redhat.rhba:tst:20150364001
        • comment Red Hat Enterprise Linux 7 Server is installed
          oval oval:com.redhat.rhba:tst:20150364002
        • comment Red Hat Enterprise Linux 7 Workstation is installed
          oval oval:com.redhat.rhba:tst:20150364003
        • comment Red Hat Enterprise Linux 7 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20150364004
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.111-2.6.7.2.el7_2
            oval oval:com.redhat.rhsa:tst:20161504018
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-accessibility is earlier than 1:1.7.0.111-2.6.7.2.el7_2
            oval oval:com.redhat.rhsa:tst:20161504024
          • comment java-1.7.0-openjdk-accessibility is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675018
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.111-2.6.7.2.el7_2
            oval oval:com.redhat.rhsa:tst:20161504022
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.111-2.6.7.2.el7_2
            oval oval:com.redhat.rhsa:tst:20161504016
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-headless is earlier than 1:1.7.0.111-2.6.7.2.el7_2
            oval oval:com.redhat.rhsa:tst:20161504020
          • comment java-1.7.0-openjdk-headless is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20140675012
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.111-2.6.7.2.el7_2
            oval oval:com.redhat.rhsa:tst:20161504028
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009012
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.111-2.6.7.2.el7_2
            oval oval:com.redhat.rhsa:tst:20161504026
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009014
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment java-1.7.0-openjdk is earlier than 1:1.7.0.111-2.6.7.2.el6_8
            oval oval:com.redhat.rhsa:tst:20161504036
          • comment java-1.7.0-openjdk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009006
        • AND
          • comment java-1.7.0-openjdk-demo is earlier than 1:1.7.0.111-2.6.7.2.el6_8
            oval oval:com.redhat.rhsa:tst:20161504037
          • comment java-1.7.0-openjdk-demo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009010
        • AND
          • comment java-1.7.0-openjdk-devel is earlier than 1:1.7.0.111-2.6.7.2.el6_8
            oval oval:com.redhat.rhsa:tst:20161504035
          • comment java-1.7.0-openjdk-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009008
        • AND
          • comment java-1.7.0-openjdk-javadoc is earlier than 1:1.7.0.111-2.6.7.2.el6_8
            oval oval:com.redhat.rhsa:tst:20161504038
          • comment java-1.7.0-openjdk-javadoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009012
        • AND
          • comment java-1.7.0-openjdk-src is earlier than 1:1.7.0.111-2.6.7.2.el6_8
            oval oval:com.redhat.rhsa:tst:20161504034
          • comment java-1.7.0-openjdk-src is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20121009014
    rhsa
    id RHSA-2016:1504
    released 2016-07-27
    severity Important
    title RHSA-2016:1504: java-1.7.0-openjdk security update (Important)
  • rhsa
    id RHSA-2016:1475
rpms
  • java-1.8.0-openjdk-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-accessibility-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-accessibility-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-demo-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-devel-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-headless-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-javadoc-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-src-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-src-debug-1:1.8.0.101-3.b13.el7_2
  • java-1.8.0-openjdk-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-demo-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-demo-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-devel-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-devel-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-headless-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-headless-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-javadoc-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-javadoc-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-src-1:1.8.0.101-3.b13.el6_8
  • java-1.8.0-openjdk-src-debug-1:1.8.0.101-3.b13.el6_8
  • java-1.7.0-openjdk-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-demo-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-devel-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-javadoc-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-src-1:1.7.0.111-2.6.7.1.el5_11
  • java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-accessibility-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-demo-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-devel-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-headless-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-javadoc-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-src-1:1.7.0.111-2.6.7.2.el7_2
  • java-1.7.0-openjdk-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-demo-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-devel-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-javadoc-1:1.7.0.111-2.6.7.2.el6_8
  • java-1.7.0-openjdk-src-1:1.7.0.111-2.6.7.2.el6_8
refmap via4
bid
  • 91787
  • 91930
confirm
gentoo
  • GLSA-201610-08
  • GLSA-201701-43
sectrack 1036365
suse
  • SUSE-SU-2016:1997
  • SUSE-SU-2016:2012
  • openSUSE-SU-2016:1979
  • openSUSE-SU-2016:2050
  • openSUSE-SU-2016:2051
  • openSUSE-SU-2016:2052
  • openSUSE-SU-2016:2058
ubuntu
  • USN-3043-1
  • USN-3062-1
Last major update 10-11-2017 - 02:29
Published 21-07-2016 - 10:14
Back to Top