IBM Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by security vulnerabilities. (CVE-2016-2985 and CVE-2016-2984)

A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to execute commands as root. IBM PureApplication System provides a GPFS pattern and addressed the applicable CVEs.

CVE(s): CVE-2016-2985, CVE-2016-2984

Affected product(s) and affected version(s):

· IBM PureApplication System V2.0 and V2.0.0.1(GPFS Pattern type 1.2.0.0, 1.2.0.1, and 1.2.0.2) using IBM GPFS V3.5.0.19

· IBM PureApplication System V2.1.0.1 (GPFS Pattern type 1.2.1.0) using IBM GPFS V4.1.0.5
· IBM PureApplication System V2.1.0.2 (GPFS Pattern type 1.2.2.0) using IBM GPFS V4.1.0.7
· IBM PureApplication System V2.1.1.0 (GPFS Pattern type 1.2.3.0) using IBM GPFS V4.1.0.7
· IBM PureApplication System V2.1.2.0 (GPFS Pattern type 1.2.4.0) using IBM GPFS V4.1.1.2
· IBM PureApplication System V2.2.0 (GPFS Pattern type 1.2.5.0) using IBM GPFS V4.1.1.3
· IBM PureApplication System V2.2.1 (GPFS Pattern type 1.2.6.0) using IBM GPFS V4.1.1.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ciNgos
X-Force Database: http://ift.tt/2arxFw4
X-Force Database: http://ift.tt/2aDMcrO



from IBM Product Security Incident Response Team http://ift.tt/2coD22A