IBM Security Bulletin: IBM InfoSphere Streams update of IBM® SDK Java™ Technology Edition (CVE-2016-0363, CVE-2016-0376)

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 Service Refresh 2 Fix Pack 11 and earlier releases, Version 7R1 Service Refresh 3 Fix Pack 31 and earlier releases, and Version 6 Service Refresh 16 Fix Pack 21 and earlier releases provided with IBM InfoSphere streams. These issues were disclosed as part of the IBM Java SDK updates for April 2016. IBM InfoSphere Streams is providing an IBM Java SDK update that includes fixes for security vulnerabilities. If you run Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether these vulnerabilities are applicable to your code.

CVE(s): CVE-2016-0363, CVE-2016-0376

Affected product(s) and affected version(s):

  • 1.2.1.0
  • 2.0.0.4 and earlier
  • 3.0.0.6 and earlier
  • 3.1.0.8 and earlier
  • 3.2.1.4 and earlier
  • 4.0.1.1 and earlier
  • 4.1.1.0 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/20KtGP1
X-Force Database: http://ift.tt/1Tg5v67
X-Force Database: http://ift.tt/1N2N2xg



from IBM PSIRT Blog http://ift.tt/1NS2n49