Upstream information

CVE-2016-0466 at MITRE

Description

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.96
Vector AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
SUSE Bugzilla entries: 960402, 962743 [RESOLVED / FIXED], 963937 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
  • java-1_7_0-openjdk >= 1.7.0.95-0.17.2
  • java-1_7_0-openjdk-demo >= 1.7.0.95-0.17.2
  • java-1_7_0-openjdk-devel >= 1.7.0.95-0.17.2
Patchnames:
sledsp3-java-1_7_0-openjdk-12374
SUSE Linux Enterprise Desktop 11 SP4
  • java-1_7_0-openjdk >= 1.7.0.95-0.17.2
  • java-1_7_0-openjdk-demo >= 1.7.0.95-0.17.2
  • java-1_7_0-openjdk-devel >= 1.7.0.95-0.17.2
Patchnames:
sledsp4-java-1_7_0-openjdk-12374
SUSE Linux Enterprise Desktop 12
  • java-1_7_0-openjdk >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-headless >= 1.7.0.95-24.2
Patchnames:
SUSE-SLE-DESKTOP-12-2016-169
SUSE Linux Enterprise Desktop 12 SP1
  • java-1_7_0-openjdk >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-headless >= 1.7.0.95-24.2
  • java-1_8_0-openjdk >= 1.8.0.72-3.2
  • java-1_8_0-openjdk-headless >= 1.8.0.72-3.2
Patchnames:
SUSE-SLE-DESKTOP-12-SP1-2016-160
SUSE-SLE-DESKTOP-12-SP1-2016-169
SUSE Linux Enterprise Desktop 12 SP2
  • java-1_7_0-openjdk >= 1.7.0.111-33.1
  • java-1_7_0-openjdk-headless >= 1.7.0.111-33.1
  • java-1_8_0-openjdk >= 1.8.0.101-14.3
  • java-1_8_0-openjdk-headless >= 1.8.0.101-14.3
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA java-1_7_0-openjdk
SUSE Linux Enterprise Desktop 12 SP2 GA java-1_8_0-openjdk
SUSE Linux Enterprise Module for Legacy Software 12
  • java-1_6_0-ibm >= 1.6.0_sr16.20-30.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.20-30.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.20-30.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.20-30.1
Patchnames:
SUSE-SLE-Module-Legacy-12-2016-244
SUSE Linux Enterprise Server 11 SP2-LTSS
  • java-1_6_0-ibm >= 1.6.0_sr16.20-49.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr16.20-49.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.20-49.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.20-49.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.20-49.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.20-49.1
  • java-1_7_0-ibm >= 1.7.0_sr9.30-45.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr9.30-45.1
  • java-1_7_0-ibm-devel >= 1.7.0_sr9.30-45.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr9.30-45.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr9.30-45.1
Patchnames:
slessp2-java-1_6_0-ibm-12399
slessp2-java-1_7_0-ibm-12398
SUSE Linux Enterprise Server 11 SP3-LTSS
  • java-1_6_0-ibm >= 1.6.0_sr16.20-51.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr16.20-51.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.20-51.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.20-51.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.20-51.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.20-51.1
  • java-1_7_0-ibm >= 1.7.0_sr9.30-47.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr9.30-47.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr9.30-47.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr9.30-47.1
Patchnames:
slessp3-java-1_6_0-ibm-12453
slessp3-java-1_7_0-ibm-12437
SUSE Linux Enterprise Server 11 SP4
  • java-1_7_1-ibm >= 1.7.1_sr3.30-9.1
  • java-1_7_1-ibm-alsa >= 1.7.1_sr3.30-9.1
  • java-1_7_1-ibm-jdbc >= 1.7.1_sr3.30-9.1
  • java-1_7_1-ibm-plugin >= 1.7.1_sr3.30-9.1
Patchnames:
slessp4-java-1_7_1-ibm-12394
SUSE Linux Enterprise Server 12
  • java-1_7_0-openjdk >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-demo >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-devel >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-headless >= 1.7.0.95-24.2
  • java-1_7_1-ibm >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-alsa >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-jdbc >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-plugin >= 1.7.1_sr3.30-21.1
Patchnames:
SUSE-SLE-SERVER-12-2016-169
SUSE-SLE-SERVER-12-2016-237
SUSE Linux Enterprise Server 12 SP1
  • java-1_7_0-openjdk >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-demo >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-devel >= 1.7.0.95-24.2
  • java-1_7_0-openjdk-headless >= 1.7.0.95-24.2
  • java-1_7_1-ibm >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-alsa >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-jdbc >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-plugin >= 1.7.1_sr3.30-21.1
  • java-1_8_0-ibm >= 1.8.0_sr2.10-7.1
  • java-1_8_0-ibm-alsa >= 1.8.0_sr2.10-7.1
  • java-1_8_0-ibm-plugin >= 1.8.0_sr2.10-7.1
  • java-1_8_0-openjdk >= 1.8.0.72-3.2
  • java-1_8_0-openjdk-demo >= 1.8.0.72-3.2
  • java-1_8_0-openjdk-devel >= 1.8.0.72-3.2
  • java-1_8_0-openjdk-headless >= 1.8.0.72-3.2
Patchnames:
SUSE-SLE-SERVER-12-SP1-2016-160
SUSE-SLE-SERVER-12-SP1-2016-169
SUSE-SLE-SERVER-12-SP1-2016-227
SUSE-SLE-SERVER-12-SP1-2016-237
SUSE Linux Enterprise Server 12 SP2
  • java-1_7_0-openjdk >= 1.7.0.111-33.1
  • java-1_7_0-openjdk-demo >= 1.7.0.111-33.1
  • java-1_7_0-openjdk-devel >= 1.7.0.111-33.1
  • java-1_7_0-openjdk-headless >= 1.7.0.111-33.1
  • java-1_7_1-ibm >= 1.7.1_sr3.50-28.2
  • java-1_7_1-ibm-alsa >= 1.7.1_sr3.50-28.2
  • java-1_7_1-ibm-jdbc >= 1.7.1_sr3.50-28.2
  • java-1_7_1-ibm-plugin >= 1.7.1_sr3.50-28.2
  • java-1_8_0-ibm >= 1.8.0_sr3.0-10.1
  • java-1_8_0-ibm-alsa >= 1.8.0_sr3.0-10.1
  • java-1_8_0-ibm-plugin >= 1.8.0_sr3.0-10.1
  • java-1_8_0-openjdk >= 1.8.0.101-14.3
  • java-1_8_0-openjdk-demo >= 1.8.0.101-14.3
  • java-1_8_0-openjdk-devel >= 1.8.0.101-14.3
  • java-1_8_0-openjdk-headless >= 1.8.0.101-14.3
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA java-1_7_0-openjdk
SUSE Linux Enterprise Server 12 SP2 GA java-1_7_1-ibm
SUSE Linux Enterprise Server 12 SP2 GA java-1_8_0-ibm
SUSE Linux Enterprise Server 12 SP2 GA java-1_8_0-openjdk
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • java-1_7_0-openjdk >= 1.7.0.111-33.1
  • java-1_7_0-openjdk-demo >= 1.7.0.111-33.1
  • java-1_7_0-openjdk-devel >= 1.7.0.111-33.1
  • java-1_7_0-openjdk-headless >= 1.7.0.111-33.1
  • java-1_8_0-openjdk >= 1.8.0.101-14.3
  • java-1_8_0-openjdk-demo >= 1.8.0.101-14.3
  • java-1_8_0-openjdk-devel >= 1.8.0.101-14.3
  • java-1_8_0-openjdk-headless >= 1.8.0.101-14.3
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA java-1_7_0-openjdk
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA java-1_8_0-openjdk
SUSE Linux Enterprise Software Development Kit 11 SP4
  • java-1_7_1-ibm >= 1.7.1_sr3.30-9.1
  • java-1_7_1-ibm-devel >= 1.7.1_sr3.30-9.1
Patchnames:
sdksp4-java-1_7_1-ibm-12394
SUSE Linux Enterprise Software Development Kit 12
  • java-1_7_1-ibm >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-devel >= 1.7.1_sr3.30-21.1
Patchnames:
SUSE-SLE-SDK-12-2016-237
SUSE Linux Enterprise Software Development Kit 12 SP1
  • java-1_7_1-ibm >= 1.7.1_sr3.30-21.1
  • java-1_7_1-ibm-devel >= 1.7.1_sr3.30-21.1
  • java-1_8_0-ibm >= 1.8.0_sr2.10-7.1
  • java-1_8_0-ibm-devel >= 1.8.0_sr2.10-7.1
Patchnames:
SUSE-SLE-SDK-12-SP1-2016-227
SUSE-SLE-SDK-12-SP1-2016-237
SUSE Linux Enterprise Software Development Kit 12 SP2
  • java-1_7_1-ibm-devel >= 1.7.1_sr3.50-28.2
  • java-1_8_0-ibm-devel >= 1.8.0_sr3.0-10.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA java-1_7_1-ibm-devel
SUSE Linux Enterprise Software Development Kit 12 SP2 GA java-1_8_0-ibm-devel
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • java-1_6_0-ibm >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.20-0.8.1
Builds
ZYPP Patch Nr: 9240
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • java-1_6_0-ibm >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.20-0.8.1
Builds
ZYPP Patch Nr: 9240
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
  • java-1_6_0-ibm >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.20-0.8.1
  • java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr16.20-0.8.1
Builds
ZYPP Patch Nr: 9240
openSUSE 13.1
  • java-1_7_0-openjdk >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-accessibility >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-debuginfo >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-debugsource >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-demo >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-demo-debuginfo >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-devel >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-devel-debuginfo >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-headless >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-headless-debuginfo >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-javadoc >= 1.7.0.95-24.27.1
  • java-1_7_0-openjdk-src >= 1.7.0.95-24.27.1
Patchnames:
2016-110
openSUSE 13.2
  • java-1_7_0-openjdk >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-accessibility >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-bootstrap >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-bootstrap-debuginfo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-bootstrap-debugsource >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-bootstrap-devel >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-bootstrap-devel-debuginfo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-bootstrap-headless >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-bootstrap-headless-debuginfo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-debuginfo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-debugsource >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-demo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-demo-debuginfo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-devel >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-devel-debuginfo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-headless >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-headless-debuginfo >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-javadoc >= 1.7.0.95-16.1
  • java-1_7_0-openjdk-src >= 1.7.0.95-16.1
  • java-1_8_0-openjdk >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-accessibility >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-debuginfo >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-debugsource >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-demo >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-demo-debuginfo >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-devel >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-headless >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-headless-debuginfo >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-javadoc >= 1.8.0.72-21.1
  • java-1_8_0-openjdk-src >= 1.8.0.72-21.1
Patchnames:
openSUSE-2016-105
openSUSE-2016-107
openSUSE Leap 42.1
  • java-1_7_0-openjdk >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-accessibility >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-bootstrap >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-bootstrap-debuginfo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-bootstrap-debugsource >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-bootstrap-devel >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-bootstrap-devel-debuginfo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-bootstrap-headless >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-bootstrap-headless-debuginfo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-debuginfo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-debugsource >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-demo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-demo-debuginfo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-devel >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-devel-debuginfo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-headless >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-headless-debuginfo >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-javadoc >= 1.7.0.95-25.1
  • java-1_7_0-openjdk-src >= 1.7.0.95-25.1
  • java-1_8_0-openjdk >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-accessibility >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-debuginfo >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-debugsource >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-demo >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-demo-debuginfo >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-devel >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-headless >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-headless-debuginfo >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-javadoc >= 1.8.0.72-6.1
  • java-1_8_0-openjdk-src >= 1.8.0.72-6.1
Patchnames:
openSUSE-2016-106
openSUSE-2016-115
openSUSE Leap 42.2
  • java-1_8_0-openjdk >= 1.8.0.101-1.1
  • java-1_8_0-openjdk-devel >= 1.8.0.101-1.1
  • java-1_8_0-openjdk-headless >= 1.8.0.101-1.1
Patchnames:
openSUSE Leap 42.2 GA java-1_8_0-openjdk
openSUSE Tumbleweed
  • java-1_7_0-openjdk >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-accessibility >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-bootstrap >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-bootstrap-devel >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-bootstrap-headless >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-demo >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-devel >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-headless >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-javadoc >= 1.7.0.121-1.1
  • java-1_7_0-openjdk-src >= 1.7.0.121-1.1
  • java-1_8_0-openjdk >= 1.8.0.111-1.1
  • java-1_8_0-openjdk-accessibility >= 1.8.0.111-1.1
  • java-1_8_0-openjdk-demo >= 1.8.0.111-1.1
  • java-1_8_0-openjdk-devel >= 1.8.0.111-1.1
  • java-1_8_0-openjdk-headless >= 1.8.0.111-1.1
  • java-1_8_0-openjdk-javadoc >= 1.8.0.111-1.1
  • java-1_8_0-openjdk-src >= 1.8.0.111-1.1
Patchnames:
openSUSE Tumbleweed GA java-1_7_0-openjdk
openSUSE Tumbleweed GA java-1_8_0-openjdk