There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2017.
CVE(s): CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
Affected product(s) and affected version(s):
AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x
The following fileset levels (VRMF) are vulnerable, if the
respective Java version is installed:
For Java6: Less than 6.0.0.645
For Java7: Less than 7.0.0.605
For Java7.1: Less than 7.1.0.405
For Java8: Less than 8.0.0.406
Note: To find out whether the affected Java filesets are installed
on your systems, refer to the lslpp command found in AIX user's guide.
Example: lslpp -L | grep -i java
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2unvdRk
X-Force Database: http://ift.tt/2pv78pP
X-Force Database: http://ift.tt/2pYs23d
X-Force Database: http://ift.tt/2pv7JaY
X-Force Database: http://ift.tt/2pvrrn2
X-Force Database: http://ift.tt/2pYfysm
X-Force Database: http://ift.tt/2pv79tT
X-Force Database: http://ift.tt/2pYkfm0
X-Force Database: http://ift.tt/2pvwR1f
X-Force Database: http://ift.tt/2lLwOQm
X-Force Database: http://ift.tt/2mlzP6B
X-Force Database: http://ift.tt/2lLuetu
X-Force Database: http://ift.tt/2mlCjlv
The post IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2017-3514, CVE-2017-3512, CVE-2017-3511, CVE-2017-3509, CVE-2017-3544, CVE-2017-3533, CVE-2017-3539, CVE-2017-1289, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2unOeTK
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.