IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX Security Bulletin

Dec 15, 2018 9:01 am EST

Categorized: High Severity

Share this post:

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in October 2018.

CVE(s): CVE-2018-3139, CVE-2018-3136, CVE-2018-13785, CVE-2018-3214, CVE-2018-3180, CVE-2018-3149, CVE-2018-3169, CVE-2018-3183

Affected product(s) and affected version(s):

AIX 6.1, 7.1, 7.2
VIOS 2.2.x

The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
For Java7: Less than 7.0.0.635
For Java7.1: Less than 7.1.0.435
For Java8: Less than 8.0.0.525

Note: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example: lslpp -L | grep -i java

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ibm10787833
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151452
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/146015
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151530
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151497
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151465
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151486
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/151500

from IBM Product Security Incident Response Team https://ift.tt/2LiXPou