Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2314
Security Bulletin: IBM Integrated Information Core and
WebSphere Application Server - Oracle CPU October 2014
8 December 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Integrated Information Core
Publisher: IBM
Operating System: Windows
Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated
Delete Arbitrary Files -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-6558 CVE-2014-6512 CVE-2014-6457
CVE-2014-3566
Reference: ASB-2014.0134
ASB-2014.0131
ASB-2014.0122
ASB-2014.0121
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Integrated Information Core and WebSphere Application
Server - Oracle CPU October 2014
Document information
More support for:
IBM Integrated Information Core
Software version:
1.5, 1.5.0.1
Operating system(s):
Windows 2003 server, Windows 2008 server, Windows XP
Reference #:
1692152
Modified date:
2014-12-05
Flash (Alert)
Abstract
Oracle released the October 2014 critical patch updates which contain
multiple fixes for security vulnerabilities in the IBM Java Development
Kit that is included with the IBM WebSphere Application Server.
Content
New IBM WebSphere Application Server updates are available that
include an updated IBM Java Virtual Machine to solve several security
vulnerabilities. IBM Java Virtual Machine has been updated to incorporate
those updates.
For information about how to download and install the IBM WebSphere
Application Server October 2014 critical patch updates, click on the
following IBM WebSphere Application Server Security Bulletin link:
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java
for WebSphere Application Server October 2014 CPU
Affected Products and Versions
Principal Product and Version(s) Affected Supporting Product and
Version
IBM Integrated Information Core V1.5 IBM WebSphere Application
and 1.5.0.1 Server
IBM Chemical and Petroleum Integrated IBM WebSphere Application
Information Frameworks v1.3. Server
Cross reference information
Segment Business Integration
Product IBM Chemical and Petroleum Integrated Information Framework
Platform Windows 2003 server, Windows 2008 server, Windows XP
Version 1.3
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVIT7nxLndAQH1ShLAQLjGA//Y9t69fa9c61dJXw1FJwKxmhZ95BJuXqm
S9QTvC4vj5D6LlhuGdWtAj6oywsOfrHb4DFnrzahqEApl8dov80e/s8VOZGefyYm
S4e4IPB6lZ9e3R/1O51D3+DR0kcp45mKzAz6+f4jPwv45ozP2G4ZxwNVN/C2cAFr
eCSvP3ET6oi8EBad0p5yMtztEerl2ymj/KfBMkmbvH792M0dSgjS3raKsxTgREN0
Vz5XTguLFQWzA5DpY318jQ2xBHLUXx87BJwBitT83o61zfvHCkpiEI2i41AdqF9j
jf7EIJcZThQzWmghK3NdFxOwIhA+yndqFwq4yOg8UBgRtajEtF+rHyX9FUZFvJfZ
pqf0+4xwLt2GXnHfHgnufAOKHiKNwvagqQ55oebP3MOBUfYMiEEi3rBzKTGHTfcP
Qz/ve+I15D5A6Q/WKXsFjehooJFMTgnf9p8Kczm3xut2869inEo0TV8Gj17H7yS2
mwJDDVL55jJPNh0ZdgABYNVmX5XklFU0VR+qZ+zEMfkSe2A3h9Wxdfr9F7uYL/wb
R2YKBImH0oHSiSf0Ikkwret5V7ziFgKUaYsj/WOzq1IC1B0JL7anNyc7puywnLj7
WoijPADRfSyME9LRWCaA2zdixl8KFqIsIDcd7bCIZArztx9PGo4vAPe/zDnzZHSc
XX9LkjGx0Xo=
=sEf3
-----END PGP SIGNATURE-----