All applicable Java SE CVEs published by Oracle as part of their October 2019 Critical Patch Update, except for CVE-2019-2949, plus one additional vulnerability. See attached document for full details. Note that the following CVEs were incorrectly added to the list of vulnerabilities associated with this Advisory: • CVE-2019-2894 • CVE-2019-2977 • CVE-2019-2987 These issues are not applicable for all releases of the IBM JDK on all platforms. Product teams should treat these CVEs as /A in their PVRs.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| DataQuant for z/OS | 2.1 |
| DataQuant for Multiplatforms | 2.1 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/5693018
The post Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Oct 2019 – Includes Oracle Oct 2019 CPU minus CVE-2019-2949 appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2TqE3wR
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.