Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jdk | Oracle | 1.6.0-update105 (including) | 1.6.0-update105 (including) |
| Jdk | Oracle | 1.7.0-update91 (including) | 1.7.0-update91 (including) |
| Jdk | Oracle | 1.8.0-update66 (including) | 1.8.0-update66 (including) |
| Jre | Oracle | 1.6.0-update105 (including) | 1.6.0-update105 (including) |
| Jre | Oracle | 1.7.0-update91 (including) | 1.7.0-update91 (including) |
| Jre | Oracle | 1.8.0-update66 (including) | 1.8.0-update66 (including) |
| Oracle Java for Red Hat Enterprise Linux 5 | RedHat | java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el5_11 | * |
| Oracle Java for Red Hat Enterprise Linux 5 | RedHat | java-1.6.0-sun-1:1.6.0.111-1jpp.3.el5_11 | * |
| Oracle Java for Red Hat Enterprise Linux 6 | RedHat | java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el6_7 | * |
| Oracle Java for Red Hat Enterprise Linux 6 | RedHat | java-1.7.0-oracle-1:1.7.0.95-1jpp.1.el6_7 | * |
| Oracle Java for Red Hat Enterprise Linux 6 | RedHat | java-1.6.0-sun-1:1.6.0.111-1jpp.3.el6_7 | * |
| Oracle Java for Red Hat Enterprise Linux 7 | RedHat | java-1.8.0-oracle-1:1.8.0.71-1jpp.1.el7 | * |
| Oracle Java for Red Hat Enterprise Linux 7 | RedHat | java-1.7.0-oracle-1:1.7.0.95-1jpp.2.el7 | * |
| Oracle Java for Red Hat Enterprise Linux 7 | RedHat | java-1.6.0-sun-1:1.6.0.111-1jpp.1.el7 | * |
| Red Hat Enterprise Linux 5 | RedHat | java-1.7.0-openjdk-1:1.7.0.95-2.6.4.1.el5_11 | * |
| Red Hat Enterprise Linux 5 | RedHat | java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el5_11 | * |
| Red Hat Enterprise Linux 5 Supplementary | RedHat | java-1.7.0-ibm-1:1.7.0.9.30-1jpp.1.el5 | * |
| Red Hat Enterprise Linux 5 Supplementary | RedHat | java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el5 | * |
| Red Hat Enterprise Linux 6 | RedHat | java-1.8.0-openjdk-1:1.8.0.71-1.b15.el6_7 | * |
| Red Hat Enterprise Linux 6 | RedHat | java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el6_7 | * |
| Red Hat Enterprise Linux 6 | RedHat | java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el6_7 | * |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | java-1.7.1-ibm-1:1.7.1.3.30-1jpp.2.el6_7 | * |
| Red Hat Enterprise Linux 6 Supplementary | RedHat | java-1.6.0-ibm-1:1.6.0.16.20-1jpp.1.el6_7 | * |
| Red Hat Enterprise Linux 7 | RedHat | java-1.8.0-openjdk-1:1.8.0.71-2.b15.el7_2 | * |
| Red Hat Enterprise Linux 7 | RedHat | java-1.7.0-openjdk-1:1.7.0.95-2.6.4.0.el7_2 | * |
| Red Hat Enterprise Linux 7 | RedHat | java-1.6.0-openjdk-1:1.6.0.38-1.13.10.0.el7_2 | * |
| Red Hat Enterprise Linux 7 Supplementary | RedHat | java-1.8.0-ibm-1:1.8.0.2.10-1jpp.1.el7 | * |
| Red Hat Enterprise Linux 7 Supplementary | RedHat | java-1.7.1-ibm-1:1.7.1.3.30-1jpp.1.el7 | * |
| Red Hat Satellite 5.6 | RedHat | java-1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 | * |
| Red Hat Satellite 5.6 | RedHat | java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 | * |
| Red Hat Satellite 5.6 | RedHat | spacewalk-java-0:2.0.2-109.el5sat | * |
| Red Hat Satellite 5.7 | RedHat | java-1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 | * |
| Red Hat Satellite 5.7 | RedHat | spacewalk-java-0:2.3.8-146.el6sat | * |
| Openjdk-6 | Ubuntu | precise | * |
| Openjdk-6 | Ubuntu | trusty | * |
| Openjdk-6 | Ubuntu | vivid | * |
| Openjdk-6 | Ubuntu | wily | * |
| Openjdk-7 | Ubuntu | precise | * |
| Openjdk-7 | Ubuntu | trusty | * |
| Openjdk-7 | Ubuntu | vivid | * |
| Openjdk-7 | Ubuntu | wily | * |
| Openjdk-8 | Ubuntu | upstream | * |
| Openjdk-8 | Ubuntu | vivid | * |
| Openjdk-8 | Ubuntu | wily | * |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
- http://rhn.redhat.com/errata/RHSA-2016-0049.html
- http://rhn.redhat.com/errata/RHSA-2016-0050.html
- http://rhn.redhat.com/errata/RHSA-2016-0053.html
- http://rhn.redhat.com/errata/RHSA-2016-0054.html
- http://rhn.redhat.com/errata/RHSA-2016-0055.html
- http://rhn.redhat.com/errata/RHSA-2016-0056.html
- http://rhn.redhat.com/errata/RHSA-2016-0057.html
- http://rhn.redhat.com/errata/RHSA-2016-0067.html
- http://www.debian.org/security/2016/dsa-3458
- http://www.debian.org/security/2016/dsa-3465
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securitytracker.com/id/1034715
- http://www.ubuntu.com/usn/USN-2884-1
- http://www.ubuntu.com/usn/USN-2885-1
- http://www.zerodayinitiative.com/advisories/ZDI-16-032
- https://access.redhat.com/errata/RHSA-2016:1430
- https://security.gentoo.org/glsa/201603-14
- https://security.gentoo.org/glsa/201610-08
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
- http://rhn.redhat.com/errata/RHSA-2016-0049.html
- http://rhn.redhat.com/errata/RHSA-2016-0050.html
- http://rhn.redhat.com/errata/RHSA-2016-0053.html
- http://rhn.redhat.com/errata/RHSA-2016-0054.html
- http://rhn.redhat.com/errata/RHSA-2016-0055.html
- http://rhn.redhat.com/errata/RHSA-2016-0056.html
- http://rhn.redhat.com/errata/RHSA-2016-0057.html
- http://rhn.redhat.com/errata/RHSA-2016-0067.html
- http://www.debian.org/security/2016/dsa-3458
- http://www.debian.org/security/2016/dsa-3465
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securitytracker.com/id/1034715
- http://www.ubuntu.com/usn/USN-2884-1
- http://www.ubuntu.com/usn/USN-2885-1
- http://www.zerodayinitiative.com/advisories/ZDI-16-032
- https://access.redhat.com/errata/RHSA-2016:1430
- https://security.gentoo.org/glsa/201603-14
- https://security.gentoo.org/glsa/201610-08