Bug 1330986 (CVE-2016-0376)
Summary: | CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | dbhole, jvanek |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-11 15:54:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1324048, 1324915 |
Description
Tomas Hoger
2016-04-27 12:03:14 UTC
This issue is listed as fixed in IBM JDK 6 SR16-FP25, 7 SR9-FP40, 7R1 SR3-FP40, and 8 SR3: http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016 IBM flaw description: CVEID: CVE-2016-0376 DESCRIPTION: A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager. This vulnerability was originally reported as CVE-2013-5456. CVSS Base Score: 8.1 CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) http://www-01.ibm.com/support/docview.wss?uid=swg21980826 External Reference: http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Red Hat Enterprise Linux 6 Supplementary Via RHSA-2016:0701 https://rhn.redhat.com/errata/RHSA-2016-0701.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Supplementary Via RHSA-2016:0702 https://rhn.redhat.com/errata/RHSA-2016-0702.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Red Hat Enterprise Linux 5 Supplementary Via RHSA-2016:0708 https://rhn.redhat.com/errata/RHSA-2016-0708.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2016:0716 https://rhn.redhat.com/errata/RHSA-2016-0716.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2016:1039 https://rhn.redhat.com/errata/RHSA-2016-1039.html This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430 This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 |