Friday, December 23, 2016

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.26 and Version 7.0.9.40 these are used by IBM SmartCloud Entry of IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in July 2016 and October 2016 and includes the vulnerability commonly referred to as “SLOTH”.

CVE(s): CVE-2016-3610, CVE-2016-3598, CVE-2016-3606, CVE-2016-3587, CVE-2016-3511, CVE-2016-3508, CVE-2016-3550, CVE-2016-3500, CVE-2016-3458, CVE-2016-3485, Not Applicable, CVE-2016-3498, CVE-2016-3552, CVE-2016-3503, CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542, Not Applicable

Affected product(s) and affected version(s):

IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5 interim fix 4
IBM Cloud Manager with OpenStack 4.2.0 through 4.2.0.3 interim fix 8
IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.6 interim fix 3

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hyCzLF
X-Force Database: http://ift.tt/2b7GBwx
X-Force Database: http://ift.tt/2aGcUP3
X-Force Database: http://ift.tt/2b7H1Te
X-Force Database: http://ift.tt/2aGbWSW
X-Force Database: http://ift.tt/2b7Gtgl
X-Force Database: http://ift.tt/2ctomSx
X-Force Database: http://ift.tt/2aGc4lp
X-Force Database: http://ift.tt/2ctom4Z
X-Force Database: http://ift.tt/2bTrNgj
X-Force Database: http://ift.tt/2b7G65u
X-Force Database:
X-Force Database: http://ift.tt/2bTqVZ8
X-Force Database: http://ift.tt/2ctoPUY
X-Force Database: http://ift.tt/2bTrbY9
X-Force Database: http://ift.tt/2fVzmWT
X-Force Database: http://ift.tt/2eDq0ND
X-Force Database: http://ift.tt/2e5p1tK
X-Force Database: http://ift.tt/2eDrVCd
X-Force Database: http://ift.tt/2e5pD2s
X-Force Database: http://ift.tt/2eDqzaq
X-Force Database: http://ift.tt/2e5s2Ku
X-Force Database:



from IBM Product Security Incident Response Team http://ift.tt/2hjJfRT

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.