Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2314 Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014 8 December 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Integrated Information Core Publisher: IBM Operating System: Windows Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-6558 CVE-2014-6512 CVE-2014-6457 CVE-2014-3566 Reference: ASB-2014.0134 ASB-2014.0131 ASB-2014.0122 ASB-2014.0121 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM Integrated Information Core and WebSphere Application Server - Oracle CPU October 2014 Document information More support for: IBM Integrated Information Core Software version: 1.5, 1.5.0.1 Operating system(s): Windows 2003 server, Windows 2008 server, Windows XP Reference #: 1692152 Modified date: 2014-12-05 Flash (Alert) Abstract Oracle released the October 2014 critical patch updates which contain multiple fixes for security vulnerabilities in the IBM Java Development Kit that is included with the IBM WebSphere Application Server. Content New IBM WebSphere Application Server updates are available that include an updated IBM Java Virtual Machine to solve several security vulnerabilities. IBM Java Virtual Machine has been updated to incorporate those updates. For information about how to download and install the IBM WebSphere Application Server October 2014 critical patch updates, click on the following IBM WebSphere Application Server Security Bulletin link: Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server October 2014 CPU Affected Products and Versions Principal Product and Version(s) Affected Supporting Product and Version IBM Integrated Information Core V1.5 IBM WebSphere Application and 1.5.0.1 Server IBM Chemical and Petroleum Integrated IBM WebSphere Application Information Frameworks v1.3. Server Cross reference information Segment Business Integration Product IBM Chemical and Petroleum Integrated Information Framework Platform Windows 2003 server, Windows 2008 server, Windows XP Version 1.3 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVIT7nxLndAQH1ShLAQLjGA//Y9t69fa9c61dJXw1FJwKxmhZ95BJuXqm S9QTvC4vj5D6LlhuGdWtAj6oywsOfrHb4DFnrzahqEApl8dov80e/s8VOZGefyYm S4e4IPB6lZ9e3R/1O51D3+DR0kcp45mKzAz6+f4jPwv45ozP2G4ZxwNVN/C2cAFr eCSvP3ET6oi8EBad0p5yMtztEerl2ymj/KfBMkmbvH792M0dSgjS3raKsxTgREN0 Vz5XTguLFQWzA5DpY318jQ2xBHLUXx87BJwBitT83o61zfvHCkpiEI2i41AdqF9j jf7EIJcZThQzWmghK3NdFxOwIhA+yndqFwq4yOg8UBgRtajEtF+rHyX9FUZFvJfZ pqf0+4xwLt2GXnHfHgnufAOKHiKNwvagqQ55oebP3MOBUfYMiEEi3rBzKTGHTfcP Qz/ve+I15D5A6Q/WKXsFjehooJFMTgnf9p8Kczm3xut2869inEo0TV8Gj17H7yS2 mwJDDVL55jJPNh0ZdgABYNVmX5XklFU0VR+qZ+zEMfkSe2A3h9Wxdfr9F7uYL/wb R2YKBImH0oHSiSf0Ikkwret5V7ziFgKUaYsj/WOzq1IC1B0JL7anNyc7puywnLj7 WoijPADRfSyME9LRWCaA2zdixl8KFqIsIDcd7bCIZArztx9PGo4vAPe/zDnzZHSc XX9LkjGx0Xo= =sEf3 -----END PGP SIGNATURE-----