IBM PureApplication System Version 2.0.0.1 Interim Fix 6

Download Description

To download the interim fix, go to the PureApplication System product page on Fix Central.

Version 2.0.0.1 Interim Fix 6 includes fixes for these security vulnerabilities:

CVEID: CVE-2015-2613
DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVEID: CVE-2015-2601
DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVEID: CVE-2015-2625
DESCRIPTION: An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVEID: CVE-2015-1931
DESCRIPTION: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVEID: CVE-2015-1788
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a specially crafted binary polynomial field. A remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVEID: CVE-2015-7450
DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.

If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version.