CVE-2016-0494

Impact:
Critical
Public Date:
2016-01-19
CWE:
CWE-681
Bugzilla:
1298906: CVE-2016-0494 ICU: integer signedness issue in IndicRearrangementProcessor (OpenJDK 2D, 8140543)

The MITRE CVE dictionary describes this issue as:

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Find out more about CVE-2016-0494 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (java-1.6.0-openjdk) RHSA-2016:0067 2016-01-26
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) RHSA-2016:0049 2016-01-20
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) RHSA-2016:0054 2016-01-21
Red Hat Satellite 5.7 (RHEL v.6) (java-1.7.1-ibm) RHSA-2016:1430 2016-07-18
Oracle Java for Red Hat Enterprise Linux 7 (java-1.8.0-oracle) RHSA-2016:0055 2016-01-21
Oracle Java for Red Hat Enterprise Linux 7 (java-1.6.0-sun) RHSA-2016:0057 2016-01-21
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) RHSA-2016:0099 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2016:0101 2016-02-02
Red Hat Enterprise Linux 6 (java-1.6.0-openjdk) RHSA-2016:0067 2016-01-26
Oracle Java for Red Hat Enterprise Linux 5 (java-1.6.0-sun) RHSA-2016:0057 2016-01-21
Oracle Java for Red Hat Enterprise Linux 5 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Oracle Java for Red Hat Enterprise Linux 7 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Red Hat Satellite 5.6 (RHEL v.5) (java-1.7.0-ibm) RHSA-2016:1430 2016-07-18
Red Hat Enterprise Linux Supplementary 5 (java-1.6.0-ibm) RHSA-2016:0101 2016-02-02
Red Hat Enterprise Linux Supplementary 5 (java-1.7.0-ibm) RHSA-2016:0100 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) RHSA-2016:0099 2016-02-02
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) RHSA-2016:0098 2016-02-02
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk) RHSA-2016:0054 2016-01-21
Red Hat Enterprise Linux 5 (java-1.6.0-openjdk) RHSA-2016:0067 2016-01-26
Oracle Java for Red Hat Enterprise Linux 6 (java-1.7.0-oracle) RHSA-2016:0056 2016-01-21
Oracle Java for Red Hat Enterprise Linux 6 (java-1.6.0-sun) RHSA-2016:0057 2016-01-21
Oracle Java for Red Hat Enterprise Linux 6 (java-1.8.0-oracle) RHSA-2016:0055 2016-01-21
Red Hat Satellite 5.6 (RHEL v.6) (java-1.7.1-ibm) RHSA-2016:1430 2016-07-18
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) RHSA-2016:0050 2016-01-20
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk) RHSA-2016:0053 2016-01-21

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 icu Not affected
Red Hat Enterprise Linux 6 icu Not affected
Red Hat Enterprise Linux 5 icu Not affected

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.