CVE-2016-3610
First published: Fri Jul 15 2016(Updated: )
It was discovered that the filterReturnValue() method of the MethodHandles in the Libraries component of OpenJDK did not properly check filter MethodHandle parameter count. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle OpenJDK 1.8.0 | =1.8.0-update91 | |
| Oracle OpenJDK 1.8.0 | =1.8.0-update92 | |
| Oracle JRE | =1.8.0-update91 | |
| Oracle JRE | =1.8.0-update92 | |
| Oracle Linux | =5.0 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
- http://rhn.redhat.com/errata/RHSA-2016-1504.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91930
- http://www.securitytracker.com/id/1036365
- http://www.ubuntu.com/usn/USN-3043-1
- http://www.ubuntu.com/usn/USN-3062-1
- https://access.redhat.com/errata/RHSA-2016:1458
- https://access.redhat.com/errata/RHSA-2016:1475
- https://security.gentoo.org/glsa/201610-08
- https://security.gentoo.org/glsa/201701-43
- https://security.netapp.com/advisory/ntap-20160721-0001/
Frequently Asked Questions
What is the severity of CVE-2016-3610?
CVE-2016-3610 is categorized as a medium severity vulnerability.
How do I fix CVE-2016-3610?
To fix CVE-2016-3610, update to the latest version of the affected JDK or JRE as provided by Oracle.
Which software is affected by CVE-2016-3610?
CVE-2016-3610 affects Oracle JDK versions 1.8.0-update91 and 1.8.0-update92, and Oracle JRE versions 1.8.0-update91 and 1.8.0-update92.
What type of vulnerability is CVE-2016-3610?
CVE-2016-3610 is a security vulnerability that allows untrusted Java applications to bypass sandbox restrictions.
What could be the consequences of CVE-2016-3610?
If exploited, CVE-2016-3610 could allow an untrusted application to execute arbitrary code on the host system.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-3610
- agent/first-publish-date
- agent/references
- agent/author
- agent/remedy
- agent/severity
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle openjdk 1.8.0
- version/oracle openjdk 1.8.0/1.8.0-update91
- version/oracle openjdk 1.8.0/1.8.0-update92
- canonical/oracle jre
- version/oracle jre/1.8.0-update91
- version/oracle jre/1.8.0-update92
- canonical/oracle linux
- version/oracle linux/5.0
- version/oracle linux/6
- version/oracle linux/7