Home Unlabelled IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

By
Friday, September 01, 2017
Read
Add Comment

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0, which is used by IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2017. These vulnerabilities could affect the negotiation and use of certain sets of ciphers, based on DSA keys, where secure communications (SSL/TLS) have been enabled (off by default in Apache Spark). If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for “IBM Java SDK Security Bulletin” located in the “

CVE(s): CVE-2017-10115, CVE-2017-10116

Affected product(s) and affected version(s):

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wpicKK
X-Force Database: http://ift.tt/2xsr7ZC
X-Force Database: http://ift.tt/2wyaY8O

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark appeared first on IBM PSIRT Blog.

Affected IBM Development Package for Apache SparkAffected Versions
IBM Development Package for Apache Spark, v1.xAll versions
IBM Development Package for Apache Spark, v2.xVersion 2.0.0.0 – 2.1.1.0


from IBM Product Security Incident Response Team http://ift.tt/2vQf3QY
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us