Tuesday, May 1, 2018

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, 7.1, and 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2018.

CVE(s): CVE-2018-2639, CVE-2018-2638, CVE-2018-2633, CVE-2018-2637, CVE-2018-2634, CVE-2018-2582, CVE-2018-2641, CVE-2018-2618, CVE-2018-2657, CVE-2018-2603, CVE-2018-2599, CVE-2018-2602, CVE-2018-2678, CVE-2018-2677, CVE-2018-2663, CVE-2018-2588, CVE-2018-2579, CVE-2018-1417

Affected product(s) and affected version(s):

AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x

The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
For Java7: Less than 7.0.0.620
For Java7.1: Less than 7.1.0.420
For Java8: Less than 8.0.0.510

Note: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example:  lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=isg3T1027373
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137891
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137890
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137885
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137889
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137886
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137836
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137893
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137870
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137910
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137855
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137851
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137854
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137933
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137932
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137917
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137841
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138823

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2reIHia
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)