{
  "threat_severity" : "Low",
  "public_date" : "2016-04-19T00:00:00Z",
  "bugzilla" : {
    "description" : "OpenJDK: insufficient DSA key parameters checks (Security, 8138593)",
    "id" : "1328022",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1328022"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.", "It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected." ],
  "affected_release" : [ {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0678",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.7.0-oracle-1:1.7.0.101-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 5",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0679",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:5",
    "package" : "java-1.6.0-sun-1:1.6.0.115-1jpp.1.el5_11"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0677",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.8.0-oracle-1:1.8.0.91-1jpp.1.el6_7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0678",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.7.0-oracle-1:1.7.0.101-1jpp.1.el6_7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 6",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0679",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:6",
    "package" : "java-1.6.0-sun-1:1.6.0.115-1jpp.1.el6_7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0677",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.8.0-oracle-1:1.8.0.91-1jpp.1.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0678",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.7.0-oracle-1:1.7.0.101-1jpp.1.el7"
  }, {
    "product_name" : "Oracle Java for Red Hat Enterprise Linux 7",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0679",
    "cpe" : "cpe:/a:redhat:rhel_extras_oracle_java:7",
    "package" : "java-1.6.0-sun-1:1.6.0.115-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0676",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.7.0-openjdk-1:1.7.0.101-2.6.6.1.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2016-05-09T00:00:00Z",
    "advisory" : "RHSA-2016:0723",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "java-1.6.0-openjdk-1:1.6.0.39-1.13.11.0.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-04-20T00:00:00Z",
    "advisory" : "RHSA-2016:0651",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.8.0-openjdk-1:1.8.0.91-0.b14.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0675",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.7.0-openjdk-1:1.7.0.101-2.6.6.1.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-05-09T00:00:00Z",
    "advisory" : "RHSA-2016:0723",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "java-1.6.0-openjdk-1:1.6.0.39-1.13.11.0.el6_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-04-20T00:00:00Z",
    "advisory" : "RHSA-2016:0650",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.8.0-openjdk-1:1.8.0.91-0.b14.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-04-21T00:00:00Z",
    "advisory" : "RHSA-2016:0676",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.7.0-openjdk-1:1.7.0.101-2.6.6.1.el7_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-05-09T00:00:00Z",
    "advisory" : "RHSA-2016:0723",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "java-1.6.0-openjdk-1:1.6.0.39-1.13.11.0.el7_2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-0695\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0695\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ],
  "name" : "CVE-2016-0695",
  "csaw" : false
}