IBM Security Bulletin: Vulnerabilities in OpenSSH affect SAN Volume Controller and Storwize Family (CVE-2015-6563 CVE-2015-6564)

OpenSSH vulnerabilities were disclosed in May 2016 by the OpenSSH Project. OpenSSH is used by SAN Volume Controller and Storwize Family in its CLI. SAN Volume Controller and Storwize Family products have addressed the applicable CVEs.

CVE(s): CVE-2015-6563, CVE-2015-6564

Affected product(s) and affected version(s):

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V3700
IBM Storwize V3500

All products are affected when running supported releases 1.1 to 7.5.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2e1f6GG
X-Force Database: http://ift.tt/2bZYLgC
X-Force Database: http://ift.tt/2c8Vyh9



from IBM Product Security Incident Response Team http://ift.tt/2eeIKUb