REDHAT-BUG-1618869: Path Traversal
First published: Fri Aug 17 2018(Updated: )
IBM JDK 8 SR5 FP20 (8.0.5.20), 7 R1 SR4 FP30 (7.1.4.30), 7 SR10 FP30 (7.0.10.30), and 6 SR16 FP70 (6.0.16.70) fix a flaw described by upstream as: The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. References: <a href="https://www-01.ibm.com/support/docview.wss?uid=ibm10719653">https://www-01.ibm.com/support/docview.wss?uid=ibm10719653</a> <a href="https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018">https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM JDK 8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www-01.ibm.com/support/docview.wss?uid=ibm10719653
- https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_August_2018
- https://access.redhat.com/errata/RHSA-2018:2568
- https://access.redhat.com/errata/RHSA-2018:2569
- https://access.redhat.com/errata/RHSA-2018:2575
- https://access.redhat.com/errata/RHSA-2018:2576
- https://access.redhat.com/errata/RHSA-2018:2712
- https://access.redhat.com/errata/RHSA-2018:2713
- https://bugzilla.redhat.com/show_bug.cgi?id=1618869
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-1656
- agent/source
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm jdk 8