PublicDateAtUSN: 2017-01-19
Candidate: CVE-2017-3253
PublicDate: 2017-01-27 22:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
 http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/3432537.xml
 http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
 http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/b59238f0e161
 https://ubuntu.com/security/notices/USN-3179-1
 https://ubuntu.com/security/notices/USN-3194-1
 https://ubuntu.com/security/notices/USN-3198-1
Description:
 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle
 Java SE (subcomponent: 2D). Supported versions that are affected are Java
 SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12.
 Easily exploitable vulnerability allows unauthenticated attacker with
 network access via multiple protocols to compromise Java SE, Java SE
 Embedded, JRockit. Successful attacks of this vulnerability can result in
 unauthorized ability to cause a hang or frequently repeatable crash
 (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to
 client and server deployment of Java. This vulnerability can be exploited
 through sandboxed Java Web Start applications and sandboxed Java applets.
 It can also be exploited by supplying data to APIs in the specified
 Component without using sandboxed Java Web Start applications or sandboxed
 Java applets, such as through a web service. CVSS v3.0 Base Score 7.5
 (Availability impacts).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_openjdk-7:
upstream_openjdk-7: needs-triage
precise_openjdk-7: released (7u121-2.6.8-1ubuntu0.12.04.3)
trusty_openjdk-7: released (7u121-2.6.8-1ubuntu0.14.04.3)
trusty/esm_openjdk-7: DNE (trusty was released [7u121-2.6.8-1ubuntu0.14.04.3])
vivid/stable-phone-overlay_openjdk-7: DNE
vivid/ubuntu-core_openjdk-7: DNE
xenial_openjdk-7: DNE
yakkety_openjdk-7: DNE
devel_openjdk-7: DNE

Patches_openjdk-6:
upstream_openjdk-6: needs-triage
precise_openjdk-6: released (6b41-1.13.13-0ubuntu0.12.04.1)
trusty_openjdk-6: released (6b41-1.13.13-0ubuntu0.14.04.1)
trusty/esm_openjdk-6: DNE (trusty was released [6b41-1.13.13-0ubuntu0.14.04.1])
vivid/stable-phone-overlay_openjdk-6: DNE
vivid/ubuntu-core_openjdk-6: DNE
xenial_openjdk-6: DNE
yakkety_openjdk-6: DNE
devel_openjdk-6: DNE

Patches_openjdk-8:
upstream_openjdk-8: needs-triage
precise_openjdk-8: DNE
trusty_openjdk-8: DNE
trusty/esm_openjdk-8: DNE
vivid/stable-phone-overlay_openjdk-8: DNE
vivid/ubuntu-core_openjdk-8: DNE
xenial_openjdk-8: released (8u121-b13-0ubuntu1.16.04.2)
esm-infra/xenial_openjdk-8: released (8u121-b13-0ubuntu1.16.04.2)
yakkety_openjdk-8: released (8u121-b13-0ubuntu1.16.10.2)
devel_openjdk-8: not-affected (8u121-b13-3)