IBM should be consulted, certainly; but there is strong evidence that this vulnerability is an ORACLE-specific one.
Code-sharing aside, vulnerabilities are implementation-specific; and code sharing between IBM and ORACLE would be enormously interesting, not least because of the vanishingly small probability that it would occur. --jg On 8/28/12, Kirk Wolf <[email protected]> wrote: > According to this: http://www.us-cert.gov/cas/techalerts/TA12-240A.html > the vulnerability is limited to Oracle Java 1.7.0 > > Also, the vulnerability is an exploit that allows java code to break out of > a Java SecurityManager. This is most important when Java is being run on > a machine under a browser - the SecurityManager boxes the network-loaded > code in a sandbox. Not the typical scenario for z. > > But you could contact IBM to inquire if your IBM SDK is affected.... > > Kirk Wolf > Dovetailed Technologies > http://dovetail.com > > On Tue, Aug 28, 2012 at 2:34 PM, Mike Schwab > <[email protected]>wrote: > >> >> http://www.computerworld.com/s/article/9230656/Macs_at_risk_from_super_dangerous_Java_zero_day >> >> Has Java 7 made it to z/OS? Has anyone tested for this vulnerability? >> >> The problem was new to Java 7, so one suggestion is to uninstall Java >> 7 and re-install Java 6 until patched. >> >> -- >> Mike A Schwab, Springfield IL USA >> Where do Forest Rangers go to get away from it all? >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
