Security Alert: IBM Java 6 SR16FP3 IF1 Contains Vulnerabilities Impacting Domino - Get the Fix

Bill Malchisky  June 3 2015 03:03:10 PM

IBM Security released a new bulletin today, entitled, "Security Bulletin: Multiple vulnerabilities in IBM Java 6 SR16FP3 IF1 affect IBM Notes and Domino" describing the latest reported vulnerabilities  by Oracle. Know that IBM Java 6 SR16FP3 IF2 resolves the issues and is suggested that you install it on your production Domino servers as soon as you can.

Multiple Vulnerabilities Addressed
The IBM security bulletin provides detailed descriptions and links for each of the 13 vulnerabilities identified.

Affected versions of Domino
Pretty much all 8.5.x and 9.0.x flavors are in-scope
 1. IBM Notes and Domino 9.0.1 Fix Pack 3 (plus Interim Fixes) and earlier
 2. IBM Notes and Domino 8.5.3 Fix Pack 6 (plus Interim Fixes) and earlier
 3. IBM Notes and Domino 8.5.3 Fix Pack 5 (plus Interim Fixes) and earlier
 4  All 9.0 and 8.5.x releases of IBM Notes and Domino prior to those listed above.

Fix
IBM offers an Interim Fix (IF) 2 for both Domino 8.5.3 and 9.0.1 code streams, via technotes 1663874 and 1657963, respectively. If running Notes on Linux, mind the additional installation section at the bottom, entitled, Instructions for installing Notes Interim Fixes on Linux for the simple process to install the IF.

Each technote also contains links on Notes and TLS 1.2 support, and protecting Notes from the POODLE attack (here (ND9) and here (ND8.5.3)) if you were previously unaware.

• Comments [0]