IBM Support

PH07297:Denial of Service vulnerability in Guava (CVE-2018-10237)

Download


Abstract

Denial of Service vulnerability in Guava (CVE-2018-10237)

Download Description

PH07297 resolves the following problem: Denial of Service vulnerability in Guava (CVE-2018-10237)

The fix for  PH07297 requires the use of Java Version 7 or later.  The following must be taken into account when evaluating the need for installing an ifix for PH07297 on WebSphere traditional:

  • If you are running a WebSphere traditional system and you want to be protected from the vulnerability addressed in PH07297 , you must meet one of the following conditions:
    • Have WebSphere traditional V90 or 8.5.5.14 or later installed -and- an ifix for PH07297 applied.
    • Have WebSphere traditional fixpack 9.0.0.11 (or later) or 8.5.5.16 (or later) installed.
 

THE FOLLOWING FIXES ARE PROVIDED:

18003-wlp-archive-IFPH7297.jar is an archive fix that applies to Liberty fixpack 18.0.0.3.
18004-wlp-archive-IFPH07297.jar is an archive fix that applies to Liberty fixpack 18.0.0.4.

18.0.0.3-WS-WLP-IFPH07297.zip is an IM interim fix that applies to Liberty fixpack 18.0.0.3.
18.0.0.4-WS-WLP-IFPH07297.zip is an IM interim fix that applies to Liberty fixpack 18.0.0.4.

8.5.5.14-WS-WASProd-IFPH07297.zip applies to WebSphere traditional fix pack 8.5.5.14.
9.0.0.0-WS-WASProd-IFPH07297.zip applies to WebSphere traditional fix packs 9.0.0.0 through 9.0.0.10.

 

The fix for this APAR is currently targeted for inclusion in Liberty fix pack 19.0.0.1 and WebSphere traditional fix packs 8.5.5.16 and 9.0.0.11.  Please refer to the Recommended Updates page for delivery information: 
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980


Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.


Download Package

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

18003-wlp-archive-IFPH07297 01-24-2019 3517066 FC
18004-wlp-archive-IFPH07297 01-24-2019 3561304 FC
18.0.0.3-WS-WLP-IFPH07297 01-24-2019 3591162 FC
18.0.0.4-WS-WLP-IFPH07297 01-24-2019 3561304 FC
8.5.5.14-WS-WASProd-IFPH07297 01-31-2019 3528198 FC
9.0.0.0-WS-WASProd-IFPH07297 01-31-2019 3132503 FC

Problems Solved

PH07297

Change History

07 February 2019:  updated document to change typo for APAR number in one sentence

Technical Support

Contact IBM Support using SR ( http://www.ibm.com/software/support/probsub.html ), visit the support web site , or contact 1-800-IBM-SERV (U.S. only).

Problems (APARS) fixed
PH07297

Document information

More support for: WebSphere Application Server

Component: General

Software version: 8.5.5.14, 9.0.0.0, 9.0.0.1, 9.0.0.2, 9.0.0.3, 9.0.0.4, 9.0.0.5, 9.0.0.6, 9.0.0.7, 9.0.0.8, 9.0.0.9, 9.0.0.10, 18.0.0.3, 18.0.0.4

Operating system(s): AIX, HP-UX, IBM i, Linux, Mac OS, Solaris, Windows

Software edition: Base, Liberty, Network Deployment

Reference #: 0869162

Modified date: 07 February 2019