Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale (CVE-2016-0475, CVE-2015-7575, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2016-0448, CVE-2016-0475)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 1 that is used by IBM MQ Light. These issues were disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2016-0448...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM MQ Light (CVE-2015-7575)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 1 and earlier releases that is used by IBM MQ Light. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016...

Security Bulletin: A security vulnerability exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance

Summary There is a vulnerability in IBM Java Runtime Version 7 that is used by WebSphere DataPower XC10 Appliance Versions 2.1 and 2.5. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified...

Security Bulletin: A vulnerability in IBM Java Runtime affects WebSphere eXtreme Scale

Summary There is a vulnerability in IBM Java Runtime Versions 6 and 7 that is used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability in Oracle Java SE an...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, CVE-2015-2625)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 1 and earlier releases that is used by IBM MQ Light. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 10 and earlier releases that is used by IBM MQ Light. These issues were disclosed as part of the IBM Java SDK updates for October 2015. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance

Summary There are multiple vulnerabilities in IBM Java Runtime Version 7 that is used by WebSphere DataPower XC10 Appliance Versions 2.1 and 2.5. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM Java Runtime Versions 6 and 7 that is used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability and Java SE...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Liberty for Java for IBM Bluemix (CVE-2015-2590)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by Liberty for Java for IBM Bluemix. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2590 DESCRIPTION: ...

Security Bulletin: A vulnerability in IBM Java Runtime affects WebSphere eXtreme Scale (CVE-2015-0488 )

Summary There is a vulnerability in IBM Java Runtime , Versions 6 and 7 that is used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION: An unspecified vulnerability related to the JSSE...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Business Compass (CVE-2015-0138, CVE-2015-0395, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0 that is used by WebSphere Business Compass. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on...

Security Bulletin: Vulnerability in IBM Java runtime affects IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability may affect some configurations of WebSphere Application Server used by WebSphere Service Registry and Repository. Vulnerability Details CVEID : CVE-2015-0138 DESCRIPTION : A vulnerability in various I...

Security Bulletin: Vulnerability in IBM Java runtime affects IBM SOA Policy Gateway Pattern for AIX Server (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability may affect some configurations of WebSphere Application Server used by WebSphere Service Registry and Repository. Vulnerability Details CVEID : CVE-2015-0138 DESCRIPTION : A vulnerability in various I...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale: CVE-2015-0138, CVE-2014-6593, CVE-2015-0410, CVE-2015-0383

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition. These vulnerabilities affect WebSphere eXtreme Scale version 7.1.0, 7.1.1, 8.5, and 8.6. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses t...

Security Bulletin: Vulnerability in IBM Java runtime affects WebSphere Service Registry and Repository (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability may affect some configurations of WebSphere Application Server used by WebSphere Service Registry and Repository. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7R1 Service Refresh 2 and earlier releases that is used by IBM MQLight. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-3065, CVE-2014-3566, CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM MQ Light. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IB...

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Summary This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...

CentOS 7 : java-1.8.0-openjdk (CESA-2018:1191)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...