JR52950: SECURITY APAR CVE-2014-6953/2015-0410 - MULTIPLE VULNERABILITIES IN IBM SDK FOR JAVA SHIPPED WITH INTEGRATION DESIGNER

7.0.0.5-WS-IID-IFJR52950
7.5.1.2-WS-IID-IFJR52950
8.0.1.3-WS-IID-IFJR52950
8.5.0.1-WS-IID-IFJR52950
8.5.5.0-WS-IID-IFJR52950
8.5.6.0-WS-IID-IFJR52950
8.5.7.0: IBM Integration Designer V8.5 Refresh Pack 7 for Windows
8.5.7.0: IBM Integration Designer V8.5 Refresh Pack 7 for Linux

APAR status

• Closed as program error.

Error description

• There are multiple vulnerabilities in IBM SDK Java Technology
  Edition, which IBM Integration Designer and IBM WebSphere
  Integration Developer use. These issues were disclosed as part
  of the IBM SDK Java Technology Edition updates in January 2015.
  This bulletin also addresses the "FREAK: Factoring Attack on
  RSA-EXPORT keys" TLS/SSL client and server vulnerability.
  

Local fix

Problem summary

• No additional information is available.
  

Problem conclusion

• A fix is available for the latest fix pack of all supported
  releases of Integration Designer and WebSphere Integration
  Developer.
  
  On Fix Central (http://www.ibm.com/support/fixcentral), search
  for JR52950:
  
  Select IBM Integration Designer or IBM WebSphere Integration
  Developer from the product selector, the installed version to
  the fix pack level, and your platform, and then click Continue.
  Select APAR or SPR, enter JR52950, and click Continue.
  
  When you download fix packages, ensure that you also download
  the readme file for each fix. Review each readme file for
  additional installation instructions and information about the
  fix.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  INTEGRATION DES

• Fixed component ID

  5725C9702

Applicable component levels

• R751 PSY

     UP

• R801 PSY

     UP

• R850 PSY

     UP

• R855 PSY

     UP

• R856 PSY

     UP