Back to bug 1328040
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-04-18 09:46:23 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-04-18 09:46:23 UTC | Doc Type | --- | Bug Fix |
| Tomas Hoger | 2016-04-18 09:46:29 UTC | Blocks | 1324915 | |
| Tomas Hoger | 2016-04-19 20:34:33 UTC | Doc Text | It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. | |
| Tomas Hoger | 2016-04-19 20:54:30 UTC | Whiteboard | impact=moderate,public=20160419,reported=20160415,source=oracle,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=moderate,public=20160419,reported=20160415,source=oracle,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
| Tomas Hoger | 2016-04-19 20:59:48 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) | CVE-2016-3425 OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167) | ||
| John Skeoch | 2016-05-05 04:41:45 UTC | CC | sbaiduzh | oskutka |
| Ondrej Skutka | 2016-05-09 14:35:39 UTC | CC | oskutka | |
| Tomas Hoger | 2016-05-09 14:41:15 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-09 10:41:15 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:47:33 UTC | Whiteboard | impact=moderate,public=20160419,reported=20160415,source=oracle,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
Back to bug 1328040