From ${URL} : Description IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service), by malicious users to disclose sensitive information and cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system, disclose sensitive information, cause a DoS (Denial of Service), and manipulate certain data. For more information: SA56485 The vulnerabilities are reported in versions prior to 5.0 SR16-FP5, 6 SR15-FP1, 6.0.1 SR7-FP1, 7 SR6-FP1, and 7R1 SR1. Solution: Update to version 5.0 SR16 FP5, 6 SR15-FP1, 6.0.1 SR7-FP1, 7 SR6-FP1, or 7R1 SR1. Original Advisory: http://www.ibm.com/support/docview.wss?uid=swg21662968 http://www.ibm.com/developerworks/java/jdk/alerts/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-3068 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3068): IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. CVE-2014-3065 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3065): Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.
We maintain only IBM JDK 1.6 which is the process of being punted from the tree.
It's been last-rited. Security team, please close this out. Java team is done here.
Package was last-rited and removed.
