CVE-2016-0494
Published: 20 January 2016
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Notes
Author | Note |
---|---|
mdeslaur | introduced as part of the CVE-2015-4844 fix |
Priority
Status
Package | Release | Status |
---|---|---|
icu Launchpad, Ubuntu, Debian |
precise |
Released
(4.8.1.1-3ubuntu0.7)
|
trusty |
Released
(52.1-3ubuntu0.5)
|
|
upstream |
Released
(57.1-4)
|
|
vivid |
Ignored
(end of life, was needed)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(55.1-7ubuntu0.1)
|
|
yakkety |
Not vulnerable
(57.1-4)
|
|
zesty |
Not vulnerable
(57.1-4)
|
|
Patches: upstream: http://bugs.icu-project.org/trac/changeset/38141 (possibly incomplete) |
||
openjdk-6 Launchpad, Ubuntu, Debian |
precise |
Released
(6b38-1.13.10-0ubuntu0.12.04.1)
|
trusty |
Released
(6b38-1.13.10-0ubuntu0.14.04.1)
|
|
upstream |
Needs triage
|
|
vivid |
Released
(6b38-1.13.10-0ubuntu0.15.04.1)
|
|
wily |
Released
(6b38-1.13.10-0ubuntu0.15.10.1)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
openjdk-7 Launchpad, Ubuntu, Debian |
precise |
Released
(7u95-2.6.4-0ubuntu0.12.04.1)
|
trusty |
Released
(7u95-2.6.4-0ubuntu0.14.04.1)
|
|
upstream |
Needs triage
|
|
vivid |
Released
(7u95-2.6.4-0ubuntu0.15.04.1)
|
|
wily |
Released
(7u95-2.6.4-0ubuntu0.15.10.1)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
openjdk-8 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(8u72-b15-1)
|
|
wily |
Released
(8u91-b14-0ubuntu4~15.10.1)
|
|
xenial |
Not vulnerable
(8u72-b15-1)
|
|
yakkety |
Not vulnerable
(8u72-b15-1)
|
|
zesty |
Not vulnerable
(8u72-b15-1)
|
|
vivid |
Ignored
(end of life)
|
|
Patches: upstream: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- https://ubuntu.com/security/notices/USN-2884-1
- https://ubuntu.com/security/notices/USN-2885-1
- https://ubuntu.com/security/notices/USN-3227-1
- NVD
- Launchpad
- Debian