There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0, which is used by IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2017. These vulnerabilities could affect the negotiation and use of certain sets of ciphers, based on DSA keys, where secure communications (SSL/TLS) have been enabled (off by default in Apache Spark). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for “IBM Java SDK Security Bulletin” located in the “
CVE(s): CVE-2017-10115, CVE-2017-10116
Affected product(s) and affected version(s):
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wpicKK
X-Force Database: http://ift.tt/2xsr7ZC
X-Force Database: http://ift.tt/2wyaY8O
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark appeared first on IBM PSIRT Blog.
Affected IBM Development Package for Apache Spark | Affected Versions |
IBM Development Package for Apache Spark, v1.x | All versions |
IBM Development Package for Apache Spark, v2.x | Version 2.0.0.0 – 2.1.1.0 |
from IBM Product Security Incident Response Team http://ift.tt/2vQf3QY
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.