IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX (CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542)

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed As part of the IBM Java SDK updates in October 2016.

CVE(s):CVE-2016-5582, CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542

Affected product(s) and affected version(s):


AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x
The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
For Java6: Less than 6.0.0.635 For Java7: Less than 7.0.0.560
For Java7.1: Less than 7.1.0.360
For Java8: Less than 8.0.0.321
Note: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.
Example: lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hZJrmE
X-Force Database: http://ift.tt/2hfYcTD
X-Force Database: http://ift.tt/2gMB0ME
X-Force Database: http://ift.tt/2hcxxUQ
X-Force Database: http://ift.tt/2gMKvvB
X-Force Database: http://ift.tt/2hclFSv
X-Force Database: http://ift.tt/2gMEDCj
X-Force Database: http://ift.tt/2hcofbo



from IBM Product Security Incident Response Team http://ift.tt/2hZKzGC