IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version Java 1.8.0 SR4 FP1 used by DB2 Recovery Expert for Linux, Unix and Windows. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017.

CVE(s): CVE-2017-10115, CVE-2017-10116

Affected product(s) and affected version(s):

DB2 Recovery Expert for LUW  5.1
DB2 Recovery Expert for LUW  5.1 Interim Fix 1 (IF1)
DB2 Recovery Expert for LUW  5.1 Interim Fix 2 (IF2)
DB2 Recovery Expert for LUW  5.1 Interim Fix 3 (IF3)
DB2 Recovery Expert for LUW  5.1.0.1 (also called 5.1 Fix Pack 1)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iPCGIv
X-Force Database: http://ift.tt/2xsr7ZC
X-Force Database: http://ift.tt/2wyaY8O

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2zkGA3b