PublicDateAtUSN: 2016-12-31
Candidate: CVE-2016-5547
PublicDate: 2017-01-27 22:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
 http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml
 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
 http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/683c9263a5b1
 https://ubuntu.com/security/notices/USN-3179-1
 https://ubuntu.com/security/notices/USN-3194-1
Description:
 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
 Java SE (subcomponent: Libraries). Supported versions that are affected are
 Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12.
 Easily exploitable vulnerability allows unauthenticated attacker with
 network access via multiple protocols to compromise Java SE, Java SE
 Embedded, JRockit. Successful attacks of this vulnerability can result in
 unauthorized ability to cause a partial denial of service (partial DOS) of
 Java SE, Java SE Embedded, JRockit. Note: Applies to client and server
 deployment of Java. This vulnerability can be exploited through sandboxed
 Java Web Start applications and sandboxed Java applets. It can also be
 exploited by supplying data to APIs in the specified Component without
 using sandboxed Java Web Start applications or sandboxed Java applets, such
 as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).
Ubuntu-Description:
Notes:
 sbeattie> openjdk 7 and 8 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM]

Patches_openjdk-7:
upstream_openjdk-7: needs-triage
precise_openjdk-7: released (7u121-2.6.8-1ubuntu0.12.04.3)
trusty_openjdk-7: released (7u121-2.6.8-1ubuntu0.14.04.3)
trusty/esm_openjdk-7: DNE (trusty was released [7u121-2.6.8-1ubuntu0.14.04.3])
vivid/stable-phone-overlay_openjdk-7: DNE
vivid/ubuntu-core_openjdk-7: DNE
xenial_openjdk-7: DNE
yakkety_openjdk-7: DNE
devel_openjdk-7: DNE

Patches_openjdk-8:
upstream_openjdk-8: needs-triage
precise_openjdk-8: DNE
trusty_openjdk-8: DNE
trusty/esm_openjdk-8: DNE
vivid/stable-phone-overlay_openjdk-8: DNE
vivid/ubuntu-core_openjdk-8: DNE
xenial_openjdk-8: released (8u121-b13-0ubuntu1.16.04.2)
esm-infra/xenial_openjdk-8: released (8u121-b13-0ubuntu1.16.04.2)
yakkety_openjdk-8: released (8u121-b13-0ubuntu1.16.10.2)
devel_openjdk-8: not-affected (8u121-b13-3)