CVE-2017-3514 IBM AIX Java Multiple Vulnerabilities (java_apr2017_advisory)

There are multiple vulnerabilities in IBM SDK Java Technology Edition Versions 6, 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2017. The following vulnerabilities exists in IBM AIX:-
1. An unspecified vulnerability in Oracle Java SE related to the Java SE AWT component could allow an unauthenticated attacker to take control of the system. (CVE-2017-3514)
2. An unspecified vulnerability in Oracle Java SE related to the Java SE AWT component could allow an unauthenticated attacker to take control of the system.(CVE-2017-3512)
3. An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to take control of the system. (CVE-2017-3511)
4. An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. (CVE-2017-3509)
5. An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Networking component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.(CVE-2017-3544)
6. An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Networking component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.(CVE-2017-3533)
7. An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. (CVE-2017-3539)
8. IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. (CVE-2017-1289)
9. zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.(CVE-2016-9840 - CVE-2016-9843)

Affected Versions:-
AIX 5.3, 6.1, 7.1, 7.2

Successful exploitation allows remote attackers to affect confidentiality, integrity, and availability impact.

The vendor has released fixes to resolve this vulnerability. Refer to AIX java_apr2017_advisory to obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

java_apr2017_advisory (IBM SDK Version 6 )

java_apr2017_advisory (IBM SDK Version 7)

java_apr2017_advisory (IBM SDK Version 7R1)

java_apr2017_advisory (IBM SDK Version 8)