CVE-2016-0494
First published: Fri Jan 15 2016(Updated: )
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Ubuntu | =15.10 | |
| Oracle JDK 6 | =1.6.0-update105 | |
| Oracle JDK 6 | =1.7.0-update91 | |
| Oracle JDK 6 | =1.8.0-update66 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update105 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update91 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update66 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html
- http://rhn.redhat.com/errata/RHSA-2016-0049.html
- http://rhn.redhat.com/errata/RHSA-2016-0050.html
- http://rhn.redhat.com/errata/RHSA-2016-0053.html
- http://rhn.redhat.com/errata/RHSA-2016-0054.html
- http://rhn.redhat.com/errata/RHSA-2016-0055.html
- http://rhn.redhat.com/errata/RHSA-2016-0056.html
- http://rhn.redhat.com/errata/RHSA-2016-0057.html
- http://rhn.redhat.com/errata/RHSA-2016-0067.html
- http://www.debian.org/security/2016/dsa-3458
- http://www.debian.org/security/2016/dsa-3465
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securitytracker.com/id/1034715
- http://www.ubuntu.com/usn/USN-2884-1
- http://www.ubuntu.com/usn/USN-2885-1
- https://access.redhat.com/errata/RHSA-2016:1430
- https://security.gentoo.org/glsa/201603-14
- https://security.gentoo.org/glsa/201610-08
- https://access.redhat.com/security/cve/CVE-2015-4844
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1273318
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e#l2.15
- http://bugs.icu-project.org/trac/ticket/12020
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1
- https://rhn.redhat.com/errata/RHSA-2016-0050.html
- https://rhn.redhat.com/errata/RHSA-2016-0049.html
- https://rhn.redhat.com/errata/RHSA-2016-0057.html
- https://rhn.redhat.com/errata/RHSA-2016-0056.html
- https://rhn.redhat.com/errata/RHSA-2016-0055.html
- https://rhn.redhat.com/errata/RHSA-2016-0053.html
- https://rhn.redhat.com/errata/RHSA-2016-0054.html
- https://rhn.redhat.com/errata/RHSA-2016-0067.html
- https://rhn.redhat.com/errata/RHSA-2016-0101.html
- https://rhn.redhat.com/errata/RHSA-2016-0100.html
- https://rhn.redhat.com/errata/RHSA-2016-0098.html
- https://rhn.redhat.com/errata/RHSA-2016-0099.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1298906
Frequently Asked Questions
What is the severity of CVE-2016-0494?
CVE-2016-0494 is rated as a critical vulnerability affecting confidentiality, integrity, and availability in certain Oracle Java SE versions.
How do I fix CVE-2016-0494?
To fix CVE-2016-0494, you should update your Oracle Java SE or JRE to the latest version available, which contains the necessary patches.
Which software versions are affected by CVE-2016-0494?
CVE-2016-0494 affects Oracle Java SE versions 6u105, 7u91, 8u66, and specific Ubuntu Linux distributions such as 12.04, 14.04, 15.04, and 15.10.
Can CVE-2016-0494 be exploited remotely?
Yes, CVE-2016-0494 can be exploited remotely by attackers leveraging unknown vectors in the 2D component of Oracle Java.
What types of systems are impacted by CVE-2016-0494?
CVE-2016-0494 impacts systems running Oracle Java SE or JRE, particularly those in certain versions of Ubuntu Linux.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0494
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04
- version/ubuntu/15.10
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.6.0-update105
- version/oracle jdk 6/1.7.0-update91
- version/oracle jdk 6/1.8.0-update66
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.6.0-update105
- version/oracle java runtime environment (jre)/1.7.0-update91
- version/oracle java runtime environment (jre)/1.8.0-update66