977648 – (CVE-2016-0264) VUL-0: CVE-2016-0264: java-1_6_0-ibm,java-1_7_0-ibm,java-1_7_1-ibm: buffer overflow vulnerability in the IBM JVM

Bug 977648 (CVE-2016-0264) - VUL-0: CVE-2016-0264: java-1_6_0-ibm,java-1_7_0-ibm,java-1_7_1-ibm: buffer overflow vulnerability in the IBM JVM

Summary: VUL-0: CVE-2016-0264: java-1_6_0-ibm,java-1_7_0-ibm,java-1_7_1-ibm: buffer ov...

Status:	RESOLVED FIXED

Alias:	CVE-2016-0264

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2016-05-25
Assignee:	Forgotten User l5HDYKT_qR
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/168387/
Whiteboard:	CVSSv2:RedHat:CVE-2016-0264:5.1:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-04-28 13:12 UTC by Andreas Stieger
Modified:	2016-11-29 16:02 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2016-04-28 13:12:43 UTC

http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_April_2016
http://www-01.ibm.com/support/docview.wss?uid=swg21980826
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84035

CVEID: CVE-2016-0264
DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1331359
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0264

Comment 1 Swamp Workflow Management 2016-04-28 13:38:11 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-05-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62677

Comment 2 Swamp Workflow Management 2016-04-28 22:01:25 UTC

bugbot adjusting priority

Comment 8 Swamp Workflow Management 2016-05-11 17:10:24 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2016-05-25.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62717

Comment 11 Swamp Workflow Management 2016-05-13 14:08:33 UTC

SUSE-SU-2016:1299-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977646,977648,977650,979252
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    java-1_7_1-ibm-1.7.1_sr3.40-25.1
SUSE Linux Enterprise Software Development Kit 12 (src):    java-1_7_1-ibm-1.7.1_sr3.40-25.1
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_7_1-ibm-1.7.1_sr3.40-25.1
SUSE Linux Enterprise Server 12 (src):    java-1_7_1-ibm-1.7.1_sr3.40-25.1

Comment 12 Swamp Workflow Management 2016-05-13 14:09:21 UTC

SUSE-SU-2016:1300-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977646,977648,977650,979252
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    java-1_7_1-ibm-1.7.1_sr3.40-13.1
SUSE Linux Enterprise Server 11-SP4 (src):    java-1_7_1-ibm-1.7.1_sr3.40-13.1

Comment 13 Swamp Workflow Management 2016-05-13 19:08:13 UTC

SUSE-SU-2016:1303-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977646,977648,977650,979252
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    java-1_6_0-ibm-1.6.0_sr16.25-34.1

Comment 14 Forgotten User l5HDYKT_qR 2016-05-19 16:22:41 UTC

Updates released, closing.

Comment 15 Swamp Workflow Management 2016-05-21 00:08:06 UTC

SUSE-SU-2016:1378-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977646,977648,977650,979252
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE OpenStack Cloud 5 (src):    java-1_7_0-ibm-1.7.0_sr9.40-52.1
SUSE Manager Proxy 2.1 (src):    java-1_7_0-ibm-1.7.0_sr9.40-52.1
SUSE Manager 2.1 (src):    java-1_7_0-ibm-1.7.0_sr9.40-52.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    java-1_7_0-ibm-1.7.0_sr9.40-52.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    java-1_7_0-ibm-1.7.0_sr9.40-52.1

Comment 16 Swamp Workflow Management 2016-05-21 00:08:49 UTC

SUSE-SU-2016:1379-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977646,977648,977650,979252
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE OpenStack Cloud 5 (src):    java-1_6_0-ibm-1.6.0_sr16.25-69.1
SUSE Manager Proxy 2.1 (src):    java-1_6_0-ibm-1.6.0_sr16.25-69.1
SUSE Manager 2.1 (src):    java-1_6_0-ibm-1.6.0_sr16.25-69.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    java-1_6_0-ibm-1.6.0_sr16.25-69.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    java-1_6_0-ibm-1.6.0_sr16.25-69.1

Comment 19 Swamp Workflow Management 2016-05-24 12:08:20 UTC

SUSE-SU-2016:1388-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977646,977648,977650,979252
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    java-1_6_0-ibm-1.6.0_sr16.25-0.11.1

Comment 20 Swamp Workflow Management 2016-05-31 20:08:45 UTC

SUSE-SU-2016:1458-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977646,977648,977650,979252,981087
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE Linux Enterprise Module for Legacy Software 12 (src):    java-1_6_0-ibm-1.6.0_sr16.26-37.1

Comment 21 Swamp Workflow Management 2016-06-02 09:08:42 UTC

SUSE-SU-2016:1475-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 965665,977646,977648,977650,979252
CVE References: CVE-2016-0264,CVE-2016-0363,CVE-2016-0376,CVE-2016-0686,CVE-2016-0687,CVE-2016-3422,CVE-2016-3426,CVE-2016-3427,CVE-2016-3443,CVE-2016-3449
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    java-1_8_0-ibm-1.8.0_sr3.0-10.1
SUSE Linux Enterprise Server 12-SP1 (src):    java-1_8_0-ibm-1.8.0_sr3.0-10.1