-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.2314
          Security Bulletin: IBM Integrated Information Core and
          WebSphere Application Server - Oracle CPU October 2014
                              8 December 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          IBM Integrated Information Core
Publisher:        IBM
Operating System: Windows
Impact/Access:    Modify Arbitrary Files   -- Remote/Unauthenticated      
                  Delete Arbitrary Files   -- Remote/Unauthenticated      
                  Access Confidential Data -- Remote/Unauthenticated      
                  Reduced Security         -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2014-6558 CVE-2014-6512 CVE-2014-6457
                  CVE-2014-3566  

Reference:        ASB-2014.0134
                  ASB-2014.0131
                  ASB-2014.0122
                  ASB-2014.0121

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM Integrated Information Core and WebSphere Application
Server - Oracle CPU October 2014

Document information

More support for:
IBM Integrated Information Core

Software version:
1.5, 1.5.0.1

Operating system(s):
Windows 2003 server, Windows 2008 server, Windows XP

Reference #:
1692152

Modified date:
2014-12-05

Flash (Alert)

Abstract

Oracle released the October 2014 critical patch updates which contain
multiple fixes for security vulnerabilities in the IBM Java Development
Kit that is included with the IBM WebSphere Application Server.

Content

New IBM WebSphere Application Server updates are available that
include an updated IBM Java Virtual Machine to solve several security
vulnerabilities. IBM Java Virtual Machine has been updated to incorporate
those updates.
For information about how to download and install the IBM WebSphere
Application Server October 2014 critical patch updates, click on the
following IBM WebSphere Application Server Security Bulletin link:

Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java
for WebSphere Application Server October 2014 CPU

Affected Products and Versions

Principal Product and Version(s)		Affected Supporting Product and 
						Version

IBM Integrated Information Core V1.5		IBM WebSphere Application 
and 1.5.0.1					Server

IBM Chemical and Petroleum Integrated 		IBM WebSphere Application 
Information Frameworks v1.3.			Server
		
Cross reference information

Segment		Business Integration
Product		IBM Chemical and Petroleum Integrated Information Framework
Platform	Windows 2003 server, Windows 2008 server, Windows XP    
Version		1.3

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVIT7nxLndAQH1ShLAQLjGA//Y9t69fa9c61dJXw1FJwKxmhZ95BJuXqm
S9QTvC4vj5D6LlhuGdWtAj6oywsOfrHb4DFnrzahqEApl8dov80e/s8VOZGefyYm
S4e4IPB6lZ9e3R/1O51D3+DR0kcp45mKzAz6+f4jPwv45ozP2G4ZxwNVN/C2cAFr
eCSvP3ET6oi8EBad0p5yMtztEerl2ymj/KfBMkmbvH792M0dSgjS3raKsxTgREN0
Vz5XTguLFQWzA5DpY318jQ2xBHLUXx87BJwBitT83o61zfvHCkpiEI2i41AdqF9j
jf7EIJcZThQzWmghK3NdFxOwIhA+yndqFwq4yOg8UBgRtajEtF+rHyX9FUZFvJfZ
pqf0+4xwLt2GXnHfHgnufAOKHiKNwvagqQ55oebP3MOBUfYMiEEi3rBzKTGHTfcP
Qz/ve+I15D5A6Q/WKXsFjehooJFMTgnf9p8Kczm3xut2869inEo0TV8Gj17H7yS2
mwJDDVL55jJPNh0ZdgABYNVmX5XklFU0VR+qZ+zEMfkSe2A3h9Wxdfr9F7uYL/wb
R2YKBImH0oHSiSf0Ikkwret5V7ziFgKUaYsj/WOzq1IC1B0JL7anNyc7puywnLj7
WoijPADRfSyME9LRWCaA2zdixl8KFqIsIDcd7bCIZArztx9PGo4vAPe/zDnzZHSc
XX9LkjGx0Xo=
=sEf3
-----END PGP SIGNATURE-----