Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere eXtreme Scale (CVE-2016-3427, CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details CVEID: CVE-2016-3427 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities have been identified in IBM Java SDK affecting WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud

Summary There are multiple vulnerabilities in IBM® SDK Java™ Runtime Environments JREs, Versions 6, 7, 7R1 shipped with IBM WebSphere Application Server patterns. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code usi...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect Liberty for Java for IBM Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of Liberty...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere MQ (CVE-2016-0264, CVE-2016-3426 and CVE-2016-3427)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7 that are used by IBM WebSphere MQ. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version7.0 that is used by IBM API Management. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability and Java...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates for October 2015 and in the IBM Java SDK updates in...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM Image Construction and Composition Tool. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 and 7, that is used by IBM Image Construction and Composition Tool. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack on TLS...

Security Bulletin: Multiple vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Liberty for Java for IBM Bluemix (CVE-2015-2590)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by Liberty for Java for IBM Bluemix. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2590 DESCRIPTION: ...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server July 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2015. These may affect some configurations of IBM WebSphere Application Server Full Profil...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (CVE-2015-0478, CVE-2015-0488, and CVE-2015-1916) and with Diffie-Hellman ciphers (CVE-2015-4000) may affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by IBM Integration Designer IID and WebSphere Integration Developer WID. These issues were disclosed as part of the IBM Java SDK updates in April 2015. In addition, the LogJam Attack on TLS connections usin...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE IDs: CVE-2015-0488 CVE-2015-0478 CVE-2015-0204...

openSUSE Security Update : bouncycastle (openSUSE-2018-628)

This update for bouncycastle to version 1.59 fixes the following issues : These security issues were fixed : - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite usin...

CVE-2016-1000341

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...

CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

CVE-2016-1000340

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed org.bouncycastle.math.raw.Nat???. These classes are used by our custom elliptic curve implementations...

CVE-2016-1000338

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...