CVE-2016-0264: Buffer Overflow
First published: Wed Apr 27 2016(Updated: )
A buffer overflow flaw was fixed in IBM JDK 6 SR16-FP25, 7 SR9-FP40, 7R1 SR3-FP40, and 8 SR3: CVEID: <a href="https://access.redhat.com/security/cve/CVE-2016-0264">CVE-2016-0264</a> DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances. CVSS Base Score: 5.6 CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21980826">http://www-01.ibm.com/support/docview.wss?uid=swg21980826</a> External Reference: <a href="http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016</a>
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/java | <1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 | 1.7.0-ibm-1:1.7.0.9.40-1jpp.1.el5 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.25-1jpp.1.el5 | 1.6.0-ibm-1:1.6.0.16.25-1jpp.1.el5 |
| redhat/java | <1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 | 1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el6_7 |
| redhat/java | <1.6.0-ibm-1:1.6.0.16.25-1jpp.1.el6_7 | 1.6.0-ibm-1:1.6.0.16.25-1jpp.1.el6_7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.3.0-1jpp.1.el6 | 1.8.0-ibm-1:1.8.0.3.0-1jpp.1.el6 |
| redhat/java | <1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.3.40-1jpp.1.el7 |
| redhat/java | <1.8.0-ibm-1:1.8.0.3.0-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.3.0-1jpp.1.el7 |
| redhat/spacewalk-java | <0:2.0.2-109.el6 | 0:2.0.2-109.el6 |
| redhat/java | <1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8 | 1.7.1-ibm-1:1.7.1.4.1-1jpp.1.el6_8 |
| redhat/spacewalk-java | <0:2.3.8-146.el6 | 0:2.3.8-146.el6 |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp4 | |
| IBM SDK | >=6.0.0.0<6.0.16.25 | |
| IBM SDK | >=6.1.0.0<6.1.8.25 | |
| IBM SDK | >=7.0.0.0<7.0.9.40 | |
| IBM SDK | >=7.1.0.0<7.1.3.40 | |
| IBM SDK | >=8.0.0.0<8.0.3.0 | |
| Red Hat Satellite | =5.6 | |
| Red Hat Satellite | =5.7 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux HPC Node Supplementary | =6.0 | |
| Red Hat Enterprise Linux HPC Node Supplementary | =7.0 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =6.7 | |
| Red Hat Enterprise Linux Server | =7.2 | |
| Red Hat Enterprise Linux Server | =7.3 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Workstation | =5.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| SUSE Linux Enterprise Server | =11-sp3 | |
| SUSE Linux Enterprise Server | =12-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp1 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE Manager Server | =2.1 | |
| SUSE Manager Proxy | =2.1 | |
| openSUSE OpenStack Cloud | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2016-0701.html
- http://rhn.redhat.com/errata/RHSA-2016-0702.html
- http://rhn.redhat.com/errata/RHSA-2016-0708.html
- http://rhn.redhat.com/errata/RHSA-2016-0716.html
- http://rhn.redhat.com/errata/RHSA-2016-1039.html
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035
- http://www-01.ibm.com/support/docview.wss?uid=swg21980826
- http://www.securitytracker.com/id/1035953
- https://access.redhat.com/errata/RHSA-2016:1430
- https://access.redhat.com/errata/RHSA-2017:1216
- https://access.redhat.com/security/cve/CVE-2016-0264
- http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016
- https://rhn.redhat.com/errata/RHSA-2016-0701.html
- https://rhn.redhat.com/errata/RHSA-2016-0702.html
- https://rhn.redhat.com/errata/RHSA-2016-0708.html
- https://rhn.redhat.com/errata/RHSA-2016-0716.html
- https://rhn.redhat.com/errata/RHSA-2016-1039.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1331359
- https://www.cve.org/CVERecord?id=CVE-2016-0264 https://nvd.nist.gov/vuln/detail/CVE-2016-0264 http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016
- https://access.redhat.com/errata/RHSA-2016:0702
- https://access.redhat.com/errata/RHSA-2016:0708
- https://access.redhat.com/errata/RHSA-2016:0701
- https://access.redhat.com/errata/RHSA-2016:1039
- https://access.redhat.com/errata/RHSA-2016:0716
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2016-0264?
CVE-2016-0264 has been classified as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2016-0264?
To fix CVE-2016-0264, update to the patched versions for IBM JDK and related products as specified in the official advisory.
What types of systems are affected by CVE-2016-0264?
CVE-2016-0264 affects various versions of IBM JDK running on Linux distributions like Red Hat and SUSE.
Can CVE-2016-0264 be exploited remotely?
Yes, CVE-2016-0264 can be exploited remotely if the vulnerable application is exposed to untrusted inputs.
What happens if CVE-2016-0264 is exploited successfully?
If exploited successfully, CVE-2016-0264 allows attackers to execute arbitrary code on the affected system.
- collector/redhat-cve
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0264
- agent/first-publish-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp4
- vendor/ibm
- canonical/ibm sdk
- version/ibm sdk/6.0.0.0
- version/ibm sdk/6.1.0.0
- version/ibm sdk/7.0.0.0
- version/ibm sdk/7.1.0.0
- version/ibm sdk/8.0.0.0
- vendor/redhat
- canonical/red hat satellite
- version/red hat satellite/5.6
- version/red hat satellite/5.7
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- version/red hat enterprise linux desktop/6.0
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux hpc node supplementary
- version/red hat enterprise linux hpc node supplementary/6.0
- version/red hat enterprise linux hpc node supplementary/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/6.7
- version/red hat enterprise linux server/7.2
- version/red hat enterprise linux server/7.3
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0
- version/red hat enterprise linux workstation/6.0
- version/red hat enterprise linux workstation/7.0
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp2
- version/suse linux enterprise server/11-sp3
- version/suse linux enterprise server/12-sp1
- version/suse linux enterprise software development kit/12
- version/suse linux enterprise software development kit/12-sp1
- version/suse linux enterprise server/12
- canonical/suse manager server
- version/suse manager server/2.1
- canonical/suse manager proxy
- version/suse manager proxy/2.1
- canonical/opensuse openstack cloud
- version/opensuse openstack cloud/5