Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2018 CPU

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in October 2018. These may affect some configurations of IBM WebSphere Application Server...

Moderate: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

java security update

CentOS Errata and Security Advisory CESA-2019:0416 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-3139, CVE-2018-3180)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ that is used by IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center and IBM Spectrum Protect formerly Tivoli Storage Manager Client Management Service. These issues were disclosed as part of the IBM Ja...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ versions 8 used by IBM Spectrum Conductor with Spark 2.2.0, 2.2.1 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the...

Oracle Java Runtime Environment - Heap Out-of-Bounds AlternateSubstitutionSubtable

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process ----------------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read ExtractBitMap_blocClass

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMapblocClass --------------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 lates...

Oracle Java Runtime Environment - Heap Out-of-Bounds OpenTypeLayoutEngine

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions ----------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMapblocClass A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Detail...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered...

TAU Threat Intelligence Notification: Java Embedded MSI Files

Summary Application whitelisting provides environments with access controls to stop unauthorized software from executing. This is accomplished by utilizing file and folder attributes including but not limited to file path, filename, digital signature, publisher, cryptographic hash and product nam...

Security Bulletin: IBM i2 Enterprise Insight Analysis. CVE-2018-12539

Summary IBM i2 Enterprise Insight Analysis is delivered with the IBM Java Runtime. A vulnerability was discovered in the IBM Java Runtime that can leave the product vulnerable to attacks allowing arbitrary code to be injected. Vulnerability Details CVEID: CVE-2018-12539 DESCRIPTION: Eclipse OpenJ...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1656, CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ that is used by IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center and IBM Spectrum Protect formerly Tivoli Storage Manager Client Management Service. These issues were disclosed as part of the IBM Ja...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.6 and 1.7 that is used by IBM Flex System Manager FSM. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 and 7 that is used by IBM Flex System Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details Summary There are multiple vulnerabilities...