CVE-2016-0687
First published: Fri Apr 15 2016(Updated: )
It was discovered that the Hotspot component of OpenJDK did not properly handle byte types. An untrusted Java application or applet could use this flaw to corrupt Java virtual machine memory and possibly execute arbitrary code, bypassing Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle JDK 6 | =1.6.0-update113 | |
| Oracle JDK 6 | =1.7.0-update99 | |
| Oracle JDK 6 | =1.8.0-update77 | |
| Oracle Java Runtime Environment (JRE) | =1.6.0-update113 | |
| Oracle Java Runtime Environment (JRE) | =1.7.0-update99 | |
| Oracle Java Runtime Environment (JRE) | =1.8.0-update77 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA
- https://rhn.redhat.com/errata/RHSA-2016-0651.html
- https://rhn.redhat.com/errata/RHSA-2016-0650.html
- https://rhn.redhat.com/errata/RHSA-2016-0676.html
- https://rhn.redhat.com/errata/RHSA-2016-0677.html
- https://rhn.redhat.com/errata/RHSA-2016-0675.html
- https://rhn.redhat.com/errata/RHSA-2016-0679.html
- https://rhn.redhat.com/errata/RHSA-2016-0678.html
- http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/rev/32b682649973
- https://rhn.redhat.com/errata/RHSA-2016-0701.html
- https://rhn.redhat.com/errata/RHSA-2016-0702.html
- https://rhn.redhat.com/errata/RHSA-2016-0708.html
- https://rhn.redhat.com/errata/RHSA-2016-0716.html
- https://rhn.redhat.com/errata/RHSA-2016-0723.html
- https://rhn.redhat.com/errata/RHSA-2016-1039.html
- https://access.redhat.com/errata/RHSA-2016:1430
- https://access.redhat.com/errata/RHSA-2017:1216
- https://bugzilla.redhat.com/show_bug.cgi?id=1327749
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2016-0650.html
- http://rhn.redhat.com/errata/RHSA-2016-0651.html
- http://rhn.redhat.com/errata/RHSA-2016-0675.html
- http://rhn.redhat.com/errata/RHSA-2016-0676.html
- http://rhn.redhat.com/errata/RHSA-2016-0677.html
- http://rhn.redhat.com/errata/RHSA-2016-0678.html
- http://rhn.redhat.com/errata/RHSA-2016-0679.html
- http://rhn.redhat.com/errata/RHSA-2016-0701.html
- http://rhn.redhat.com/errata/RHSA-2016-0702.html
- http://rhn.redhat.com/errata/RHSA-2016-0708.html
- http://rhn.redhat.com/errata/RHSA-2016-0716.html
- http://rhn.redhat.com/errata/RHSA-2016-0723.html
- http://rhn.redhat.com/errata/RHSA-2016-1039.html
- http://www.debian.org/security/2016/dsa-3558
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/86459
- http://www.securitytracker.com/id/1035596
- http://www.ubuntu.com/usn/USN-2963-1
- http://www.ubuntu.com/usn/USN-2964-1
- http://www.ubuntu.com/usn/USN-2972-1
- https://security.gentoo.org/glsa/201606-18
- https://security.netapp.com/advisory/ntap-20160420-0001/
Frequently Asked Questions
What is the severity of CVE-2016-0687?
CVE-2016-0687 is classified as a critical vulnerability that could allow an attacker to execute arbitrary code.
How do I fix CVE-2016-0687?
To fix CVE-2016-0687, update your Oracle JDK or JRE to the latest version available from Oracle.
Which products are affected by CVE-2016-0687?
CVE-2016-0687 affects Oracle JDK versions 1.6.0-update113, 1.7.0-update99, and 1.8.0-update77, as well as corresponding JRE versions.
What vulnerabilities does CVE-2016-0687 exploit?
CVE-2016-0687 exploits a flaw in the Hotspot component of OpenJDK that mishandles byte types.
Are there any workarounds for CVE-2016-0687?
There are no effective workarounds for CVE-2016-0687 other than applying the official patches provided by Oracle.
- agent/references
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0687
- agent/author
- agent/severity
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle jdk 6
- version/oracle jdk 6/1.6.0-update113
- version/oracle jdk 6/1.7.0-update99
- version/oracle jdk 6/1.8.0-update77
- canonical/oracle java runtime environment (jre)
- version/oracle java runtime environment (jre)/1.6.0-update113
- version/oracle java runtime environment (jre)/1.7.0-update99
- version/oracle java runtime environment (jre)/1.8.0-update77