page-brochureware.php

Security Vulnerabilities


This page lists recent Security Vulnerabilities addressed in the Developer Kits currently available from our downloads page.

IBM customers requiring these fixes in a binary IBM Java SDK/JRE for use with an IBM product should contact IBM Support and engage the appropriate product service team.

Security Bulletins can also be found on the IBM Support Portal.


 



IBM Security Update May 2017

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2017-1289 8.2
N/A
N/A
8.0.4.5  
CVE-2016-9840 3.3 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5 Fix not yet available for Solaris, HP-UX and Mac OS
CVE-2016-9841 3.3 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5 Fix not yet available for Solaris, HP-UX and Mac OS
CVE-2016-9842 3.3 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5 Fix not yet available for Solaris, HP-UX and Mac OS
CVE-2016-9843 3.3 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5 Fix not yet available for Solaris, HP-UX and Mac OS

Further information on the May 2017 IBM Security Update is available here.

 



Oracle April 18 2017 CPU (1.6.0_151, 1.7.0_141, 1.8.0_131)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2017-3514 8.3 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5  
CVE-2017-3512 8.3
N/A
7.0.10.5
7.1.4.5
8.0.4.5  
CVE-2017-3511 7.7
N/A
7.0.10.5
7.1.4.5
8.0.4.5  
CVE-2017-3526 5.9
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2017-3509 4.2 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5  
CVE-2017-3544 3.7 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5  
CVE-2017-3533 3.7 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5  
CVE-2017-3539 3.1 6.0.16.45
6.1.8.45
7.0.10.5
7.1.4.5
8.0.4.5  

Further information on Oracle’s April 18 2017 Critical Patch Update is available here.

 



Oracle January 17 2017 CPU (1.6.0_141, 1.7.0_131, 1.8.0_121)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2017-3289 9.6
N/A
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3272 9.6 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3241 9 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3260 8.3 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0 Applicable to Mac OS only
CVE-2016-5546 7.5 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3253 7.5 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2016-5548 6.5 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2016-5549 6.5 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3252 5.8 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2016-5547 5.3
N/A
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2016-5552 5.3 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3261 4.3 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3231 4.3 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2017-3259 3.7 6.0.16.40
6.1.8.40
7.0.10.0
7.1.4.0
8.0.4.0  
CVE-2016-2183 3.1 6.0.16.41
6.1.8.41
7.0.10.1
7.1.4.1
8.0.4.1  

Further information on Oracle’s January 17 2017 Critical Patch Update is available here.

 



Oracle October 18 2016 CPU (1.6.0_131, 1.7.0_121, 1.8.0_111)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2016-5582 9.6 6.0.16.35
6.1.8.35
7.0.9.60
7.1.3.60
8.0.3.20 Applicable on Solaris, HP-UX and Mac OS only
CVE-2016-5568 9.6 6.0.16.35
6.1.8.35
7.0.9.60
7.1.3.60
8.0.3.20  
CVE-2016-5556 9.6 6.0.16.35
6.1.8.35
7.0.9.60
7.1.3.60
8.0.3.20  
CVE-2016-5573 8.3 6.0.16.35
6.1.8.35
7.0.9.60
7.1.3.60
8.0.3.20  
CVE-2016-5597 5.9 6.0.16.35
6.1.8.35
7.0.9.60
7.1.3.60
8.0.3.20  
CVE-2016-5554 4.3 6.0.16.35
6.1.8.35
7.0.9.60
7.1.3.60
8.0.3.20  
CVE-2016-5542 3.1 6.0.16.35
6.1.8.35
7.0.9.60
7.1.3.60
8.0.3.20  

Further information on Oracle’s October 18 2016 Critical Patch Update is available here.

 



Oracle July 19 2016 CPU (6u121, 7u111, 8u101)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2016-3610 9.6
N/A
N/A
8.0.3.10 Applicable on Solaris, HP-UX and Mac OS only
CVE-2016-3598 9.6
N/A
7.0.9.50
7.1.3.50
8.0.3.10  
CVE-2016-3606 9.6
N/A
7.0.9.50 8.0.3.10 Applicable on Solaris, HP-UX and Mac OS only
CVE-2016-3587 9.6
N/A
N/A
8.0.3.10 Applicable on Solaris, HP-UX and Mac OS only
CVE-2016-3552 8.1
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3503 7.7
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3511 7.7
N/A
7.0.9.50
7.1.3.50
8.0.3.10  
CVE-2016-3498 5.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3508 5.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3550 4.3 6.0.16.30
6.1.8.30
7.0.9.50 8.0.3.10 Applicable on Solaris, HP-UX and Mac OS only
CVE-2016-3500 4.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3458 4.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3485 2.9 6.0.16.30
6.1.8.30
7.0.9.50
7.1.3.50
8.0.3.10  

Further information on Oracle’s July 19 2016 Critical Patch Update is available here.

 



IBM Security Update April 2016

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2016-0376 8.1 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-0363 8.1 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-0264 5.6 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0 Not applicable on Solaris, HP-UX and Mac OS

Further information on the April 2016 IBM Security Update is available here.

 



Oracle April 19 2016 CPU (6u115, 7u101, 8u91)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2016-3443 9.6 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-0687 9.6 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-0686 9.6 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-3427 9 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-3449 8.3 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-3425 5.3
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3422 4.3 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  
CVE-2016-0695 3.7
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2016-3426 3.1 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0  

Further information on Oracle’s April 19 2016 Critical Patch Update is available here.

 



Oracle Security Alert for CVE-2016-0636 (7u99, 8u77)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2016-0636 9.3 6.0.16.25
6.1.8.25
7.0.9.40
7.1.3.40
8.0.3.0 Applicable on Solaris, HP-UX and Mac OS only

Further information on the Oracle Security Alert for CVE-2016-0636 is available here and here.

Oracle Security Alert for CVE-2016-0603 (6u113, 7u97, 8u73)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2016-0603 7.6 6.0.16.21
6.1.8.21
7.0.9.31
7.1.3.31
8.0.2.11 This issue is applicable to the Windows platform only

Further information on the Oracle Security Alert for CVE-2016-0603 is available here.

 



IBM Security Update January 2016

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2015-8540 9.8 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
N/A
 
CVE-2015-7981 5.3 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
N/A
 
CVE-2015-5041 4.8 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  

Further information on the January 2016 IBM Security Update is available here.

 



Oracle January 19 2016 CPU (6u111, 7u95, 8u71)

CVE CVSS IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2016-0494 10 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  
CVE-2016-0483 10 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  
CVE-2015-8126 7.8 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  
CVE-2015-8472 6.3 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  
CVE-2016-0475 5.8
N/A
N/A
8.0.2.10  
CVE-2016-0466 5 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  
CVE-2016-0402 5 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  
CVE-2015-7575 4 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10 SLOTH
CVE-2016-0448 4 6.0.16.20
6.1.8.20
7.0.9.30
7.1.3.30
8.0.2.10  

Further information on Oracle’s January 19 2016 Critical Patch Update is available here.

 



IBM Security Update November 2015

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2015-5006 4.6 Will not fix 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  

Further information on the November 2015 IBM Security Update is available here.

 



Oracle October 20 2015 CPU (6u105, 7u91, 8u65)

CVE CVSS IBM 5.0 Fix IBM 6 Fix IBM 7 Fix IBM 8 Fix Notes
CVE-2015-4844 10 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4843 10 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4805 10 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4860 10 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4883 10 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4881 10
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2015-4835 10 Will not fix 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4868 7.6
N/A
N/A
N/A
N/A
Not applicable to IBM JRE/SDK
CVE-2015-4810 6.9
N/A
N/A
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4806 6.4 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4871 5.8
N/A
N/A
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4902 5 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4872 5 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4911 5
N/A
See note See note See note This issue was addressed by IBM in June
2008. As a reminder, users of Java 6 and
above should refer to the IBM XL XP-J
documentation
for the
javax.xml.stream.supportDTD property
for information to help avoid this
vulnerability.
CVE-2015-4893 5 Will not fix 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4840 5
N/A
N/A
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4842 5 Will not fix 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4882 5 Will not fix 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4903 5 5.0.16.14 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4803 5 Will not fix 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  
CVE-2015-4734 5 Will not fix 6.0.16.15
6.1.8.15
7.0.9.20
7.1.3.20
8.0.2.0  

Further information on Oracle’s October 20 2015 Critical Patch Update is available here.