There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in April 2018.
CVE(s): CVE-2018-2800, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2783, CVE-2018-2794, CVE-2018-2790
Affected product(s) and affected version(s):
AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x
The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
For Java7: Less than 7.0.0.625
For Java7.1: Less than 7.1.0.425
For Java8: Less than 8.0.0.515
Note: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.
Example: lslpp -L | grep -i java
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=isg3T1027807
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141956
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141952
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141953
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141954
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141955
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141939
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141950
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141946
The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2LM1Elj
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.