There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases provided with IBM InfoSphere streams. These issues were disclosed as part of the IBM Java SDK updates for April 2016. IBM InfoSphere Streams is providing an IBM Java SDK update that includes fixes for security vulnerabilities. If you run Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether these vulnerabilities are applicable to your code.
CVE(s): CVE-2016-0363, CVE-2016-0376
Affected product(s) and affected version(s):
- 1.2.1.0
- 2.0.0.4 and earlier
- 3.0.0.6 and earlier
- 3.1.0.8 and earlier
- 3.2.1.4 and earlier
- 4.0.1.1 and earlier
- 4.1.1.0 and earlier
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/20KtGP1
X-Force Database: http://ift.tt/1Tg5v67
X-Force Database: http://ift.tt/1N2N2xg
from IBM PSIRT Blog http://ift.tt/1NS2n49
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.