IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
CVE(s):
If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for “IBM Java SDK Bulletin” located in the “References” section for more information.
The only CVEs that affect IBM SDK, Java Technology Edition, Version 8.0 are: CVE-2016-3598, CVE-2016-3511, and CVE-2016-3485.
Affected product(s) and affected version(s):
Principal Product and Version(s) | Affected IBM Java SDK Version |
IBM Development Package for Apache Spark 1.6.2.0 and earlier releases | IBM SDK, Java Technology Edition, Version 8.0 Service Refresh 3 and earlier releases |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2c9gSmz
IBM Java SDK Bulletin: http://ift.tt/2c0db0s
from IBM Product Security Incident Response Team http://ift.tt/2c9hqcb