Wednesday, June 13, 2018

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in April 2018.

CVE(s): CVE-2018-2800, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2783, CVE-2018-2794, CVE-2018-2790

Affected product(s) and affected version(s):

AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x

The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:

For Java7:    Less than 7.0.0.625
For Java7.1:  Less than 7.1.0.425
For Java8:    Less than 8.0.0.515

Note: To find out whether the affected Java filesets are installed  on your systems, refer to the lslpp command found in AIX user’s guide.

Example:  lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=isg3T1027807
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141956
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141952
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141953
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141954
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141955
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141939
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141950
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141946

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2LM1Elj

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.