IBM Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression (PCRE) library used in IBM Aspera Shares 1.9.2 and earlier
There are multiple vulnerabilities with earlier versions of PCRE which was used by the IBM Aspera Shares Application.
CVE(s): CVE-2015-8380, CVE-2015-8381, CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385, CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393, CVE-2015-8394, CVE-2015-8395, CVE-2015-3210, CVE-2015-2327, CVE-2015-2328, CVE-2016-1283, CVE-2014-9769, CVE-2016-3191
Affected product(s) and affected version(s):
IBM Aspera Shares Application 1.9.2 or earlier
Remediation/Fixes
Upgrade to IBM Aspera Shares Application 1.9.4 or later for Linux, and 1.9.6 or later for Windows from the Aspera downloads site.
For unsupported versions of IBM Aspera Shares Application, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2f1J78K -earlier
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb
X-Force Database: http://ift.tt/2cEBGCc
X-Force Database: http://ift.tt/2cNln3g
X-Force Database: http://ift.tt/2a5XFmn
X-Force Database: http://ift.tt/2b3CfU3
X-Force Database: http://ift.tt/2cEBO4A
X-Force Database: http://ift.tt/2akVHeF
from IBM Product Security Incident Response Team http://ift.tt/2f1Jd0r