First published: Tue Nov 11 2014(Updated: )
IBM JDK updates 5.0 SR16-FP8, 6 SR16-FP2, 6R1 SR8-FP2, 7 SR8, and 7R1 SR2 fix a security issue described in the IBM security bulletin as: IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users. This issue may possibly allow local users to run arbitrary code with the privileges of other users that use IBM JDK. References: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21688283">http://www-01.ibm.com/support/docview.wss?uid=swg21688283</a> <a href="http://xforce.iss.net/xforce/xfdb/93629">http://xforce.iss.net/xforce/xfdb/93629</a> <a href="http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014</a> Additional references that describe the shared class cache feature: <a href="http://www.ibm.com/developerworks/library/j-ibmjava4/">http://www.ibm.com/developerworks/library/j-ibmjava4/</a> <a href="http://www.ibm.com/developerworks/library/j-sharedclasses/">http://www.ibm.com/developerworks/library/j-sharedclasses/</a> <a href="http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/understanding/shared_classes.html">http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/understanding/shared_classes.html</a> <a href="http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/appendixes/cmdline/Xshareclasses.html">http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/appendixes/cmdline/Xshareclasses.html</a>
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Java | =5.0.0.0 | |
IBM Java | =5.0.11.0 | |
IBM Java | =5.0.11.1 | |
IBM Java | =5.0.11.2 | |
IBM Java | =5.0.12.0 | |
IBM Java | =5.0.12.1 | |
IBM Java | =5.0.12.2 | |
IBM Java | =5.0.12.3 | |
IBM Java | =5.0.12.4 | |
IBM Java | =5.0.12.5 | |
IBM Java | =5.0.13.0 | |
IBM Java | =5.0.14.0 | |
IBM Java | =5.0.15.0 | |
IBM Java | =5.0.16.0 | |
IBM Java | =5.0.16.1 | |
IBM Java | =5.0.16.2 | |
IBM Java | =5.0.16.3 | |
IBM Java | =6.0.0.0 | |
IBM Java | =6.0.1.0 | |
IBM Java | =6.0.2.0 | |
IBM Java | =6.0.3.0 | |
IBM Java | =6.0.4.0 | |
IBM Java | =6.0.5.0 | |
IBM Java | =6.0.6.0 | |
IBM Java | =6.0.7.0 | |
IBM Java | =6.0.8.0 | |
IBM Java | =6.0.8.1 | |
IBM Java | =6.0.9.0 | |
IBM Java | =6.0.9.1 | |
IBM Java | =6.0.9.2 | |
IBM Java | =6.0.10.0 | |
IBM Java | =6.0.10.1 | |
IBM Java | =6.0.11.0 | |
IBM Java | =6.0.12.0 | |
IBM Java | =6.0.13.0 | |
IBM Java | =6.0.13.1 | |
IBM Java | =6.0.13.2 | |
IBM Java | =6.0.14.0 | |
IBM Java | =7.0.0.0 | |
IBM Java | =7.0.1.0 | |
IBM Java | =7.0.2.0 | |
IBM Java | =7.0.3.0 | |
IBM Java | =7.0.4.0 | |
IBM Java | =7.0.4.1 | |
IBM Java | =7.0.4.2 | |
IBM Java | =7.0.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.