Back to bug 1385402
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2016-10-16 20:54:10 UTC | CC | security-response-team | |
| Tomas Hoger | 2016-10-16 20:54:15 UTC | Blocks | 1381992 | |
| Tomas Hoger | 2016-10-17 09:53:55 UTC | Whiteboard | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected |
| Tomas Hoger | 2016-10-18 11:40:29 UTC | Doc Text | It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. | |
| Tomas Hoger | 2016-10-18 20:09:36 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) | CVE-2016-5582 OpenJDK: incomplete type checks of System.arraycopy arguments (Hotspot, 8160591) | ||
| Tomas Hoger | 2016-10-18 20:59:00 UTC | Whiteboard | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
| Norman Sardella | 2016-10-19 13:33:03 UTC | CC | sardella | |
| Tomas Hoger | 2016-10-31 20:54:29 UTC | Whiteboard | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=aff:qected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
| Tomas Hoger | 2016-10-31 20:54:52 UTC | Whiteboard | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=aff:qected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
| kat | 2016-10-31 22:17:39 UTC | CC | kbost | |
| Tomas Hoger | 2017-01-13 08:12:20 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-01-13 03:12:20 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:57 UTC | Whiteboard | impact=critical,public=20161018,reported=20161014,source=oracle,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,cvss3=8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,cwe=CWE-843,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected |
Back to bug 1385402