Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0038 Action required for IBM Integration Bus Hypervisor Edition V9.0 and WebSphere Message Broker Hypervisor Edition V8.0 for security vulnerabilities in Red Hat Linux 4 January 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Integration Bus Hypervisor Edition Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-8862 CVE-2016-8707 CVE-2016-7540 CVE-2016-7539 CVE-2016-7538 CVE-2016-7537 CVE-2016-7536 CVE-2016-7535 CVE-2016-7534 CVE-2016-7533 CVE-2016-7532 CVE-2016-7531 CVE-2016-7530 CVE-2016-7529 CVE-2016-7528 CVE-2016-7527 CVE-2016-7526 CVE-2016-7524 CVE-2016-7523 CVE-2016-7522 CVE-2016-7521 CVE-2016-7520 CVE-2016-7519 CVE-2016-7518 CVE-2016-7517 CVE-2016-7516 CVE-2016-7515 CVE-2016-7514 CVE-2016-7513 CVE-2016-7101 CVE-2016-6823 CVE-2015-8959 CVE-2015-8958 CVE-2015-8957 CVE-2014-9907 Reference: ESB-2017.0018 ESB-2016.2847 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21996135 - --------------------------BEGIN INCLUDED TEXT-------------------- Action required for IBM Integration Bus Hypervisor Edition V9.0 and WebSphere Message Broker Hypervisor Edition V8.0 for security vulnerabilities in Red Hat Linux Document information More support for: IBM Integration Bus Hypervisor Edition Software version: 9.0 Operating system(s): Linux Reference #: 1996135 Modified date: 03 January 2017 Flash (Alert) Abstract IBM Integration Bus Hypervisor Edition V9.0 and WebSphere Message Broker Hypervisor Edition V8.0 require customer action for security vulnerabilities in Red Hat Linux. Content IBM Integration Bus Hypervisor Edition V9.0 and WebSphere Message Broker Hypervisor Edition V8.0 ship with versions of Red Hat Enterprise Linux (RHEL) Server that are vulnerable to CVE-2016-7513, CVE-2016-8862, CVE-2016-7520, CVE-2014-9907, CVE-2016-8707, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959,CVE-2016-6823, CVE-2016-7101, CVE-2016-7514, CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518, CVE-2016-7519, CVE-2016-7521, CVE-2016-7522, CVE-2016-7523, CVE-2016-7524, CVE-2016-7526, CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530, CVE-2016-7531,CVE-2016-7532, CVE-2016-7533, CVE-2016-7534, CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538, CVE-2016-7539 and CVE-2016-7540 IBM Integration Bus Hypervisor Edition V9.0 and WebSphere Message Broker Hypervisor Edition V8.0 ship with Red Hat Enterprise Linux (RHEL) Server 6.2. Remediation: IBM strongly recommends that you contact Red Hat to obtain and install fixes for Red Hat Enterprise Linux (RHEL) Server 6.2, as applicable. Cross reference information Segment Product Component Platform Version Edition Business Integration WebSphere Message Broker Hypervisor Edition Linux 8.0 Product Alias/Synonym WMB HVE IIB HVE - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWGx30Ix+lLeg9Ub1AQg7DA//VZxhyzz8avM788CzUluD6ydcIiVg83DF ggXtI0BAN5IEQyNIFb2keSpKnBjdwTx20F3N/GS5XEPbGW/ypC4v3sLfY/uOJSJ5 WHmRValzZIkJLe61pEnVC/5qpQkuDrEyVVsVXl+0Fd3YI346d+O+2HCDUV9jRb80 9lqU8rUdlY2kMOI9KMlCjlozqxfBIpsdMbBsFmc9Q10/dgSaNULsS+IpkKspv3Y1 MeN0pqqHnPnG5OkMWs4vAafUEQWmuaihUfMUtgpYR593b63OT7+Ct7rbnSividWy VqVnc4yeUn1vMtuuSOG2veNJV2sx4tpXhUn/BPwizj4AqjQGf/cftvt5+6kZMqNF FtGaer+kZfW2H8w1iwLngFOEXcxL3W/sVkTYhWWHwmAZNH6bcVjCMZ2BV3WMCIRt +qAZT0rFf605uJuv/ahJDs2qeYIeLGuGT7dIX01eBjP8yKfW+LUsS4gNyutM/q0y xTmbrhLAfMK21Sy/KlM08F619CBYZXCk6KhQ7+ZkBFXjwsKtKzlQI2qqubdwnRBV X03+2u8Fr8fqVJ/p4RIyIGyG7xnZvdwklZ/wXjjXjrtye4yzmnupIdBGQX/dTcn0 YCdUJlVBRwALJKx6a6lOuQBTlZqGBhngSYVpTb7K3xObU2u1onF/mHBY9D1pipDf vgdAy86842A= =2nXk -----END PGP SIGNATURE-----