IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

CVE(s):
If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for “IBM Java SDK Bulletin” located in the “References” section for more information.
The only CVEs that affect IBM SDK, Java Technology Edition, Version 8.0 are: CVE-2016-3598, CVE-2016-3511, and CVE-2016-3485.

Affected product(s) and affected version(s):

Principal Product and Version(s)Affected IBM Java SDK Version
IBM Development Package for Apache Spark 1.6.2.0 and earlier releasesIBM SDK, Java Technology Edition, Version 8.0 Service Refresh 3 and earlier releases

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2c9gSmz
IBM Java SDK Bulletin: http://ift.tt/2c0db0s



from IBM Product Security Incident Response Team http://ift.tt/2c9hqcb