IBM Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-0392)

A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root.

CVE(s): CVE-2016-0392

Affected product(s) and affected version(s):

IBM Spectrum Scale V4.2.0.0 thru V4.2.0.2

IBM Spectrum Scale V4.1.1.0 thru V4.1.1.6

IBM GPFS V4.1.0.0 thru V4.1.0.8

IBM GPFS V3.5.0.0 thru V3.5.0.30

All older IBM GPFS versions no longer in service

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1Za4mBF
X-Force Database: http://ift.tt/29tldws



from IBM Product Security Incident Response Team http://ift.tt/2974Yaa