Security Alert (A16-03-01): Multiple vulnerabilities in IBM Notes


 

Published on: 02 March 2016

  
  

Description:

IBM has published a security bulletin to address multiple vulnerabilities related to libpng used in Notes. An attacker could send specially crafted PNG image files to an affected system to obtain sensitive information and execute arbitrary code.


Affected Systems:

  • IBM Notes 9.0, 9.0.1
  • IBM Notes 8.5.3, 8.5.2, 8.5.1

Impact:

Successful exploitation could lead to information disclosure and arbitrary code execution.


Recommendation:

The vendor has released fixes to address the issues and they can be downloaded at the following URL:

  • Notes 9.0.1 Fix Pack 5 Interim Fix 2 (Windows)
    http://www-01.ibm.com/support/docview.wss?uid=swg21657963#Notes_tab

  • Notes 9.0.1 64-bit Interim Fix 1 (Macintosh)
    http://www-01.ibm.com/support/docview.wss?uid=swg21657963#Notes64_tab

  • Notes 8.5.3 Fix Pack 6 Interim Fix 9
    http://www-01.ibm.com/support/docview.wss?uid=swg21663874


More Information:

http://www-01.ibm.com/support/docview.wss?uid=swg21975365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540



Tag: IBM , IBM Notes
Tags