IBM Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier
OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Shares Application and IBM Aspera Console Application. IBM Aspera Shares Application and IBM Aspera Console Application have addressed the applicable CVEs.
CVE(s): CVE-2016-2106
, CVE-2016-2109
, CVE-2016-2176
, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702
Affected product(s) and affected version(s):
IBM Aspera Shares Application 1.9.4 or earlier
IBM Aspera Console Application 3.0.6 or earlier
Remediation/Fixes
Upgrade to the following from the Aspera downloads site:
IBM Aspera Shares Application 1.9.6 or later
IBM Aspera Console Application 3.0.7 or later
For unsupported versions of IBM Aspera Shares Application or IBM Aspera Console Application, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://support.asperasoft.com/hc/en-us/articles/229505687-Security-Bulletin-Multiple-OpenSSL-vulnerabilities-affect-IBM-Aspera-Shares-1-9-2-or-earlier- -IBM-Aspera-Console-3-0-6-or-earlier
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112856
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112858
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111141
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h
from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-4-or-earlier-and-ibm-aspera-console-3-0-6-or-earlier-2/