IBM Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Shares Application and IBM Aspera Console Application. IBM Aspera Shares Application and IBM Aspera Console Application have addressed the applicable CVEs.

CVE(s): CVE-2016-2106
, CVE-2016-2109
, CVE-2016-2176
, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0702

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.4 or earlier

IBM Aspera Console Application 3.0.6 or earlier

Remediation/Fixes

Upgrade to the following from the Aspera downloads site:

IBM Aspera Shares Application 1.9.6 or later

IBM Aspera Console Application 3.0.7 or later

For unsupported versions of IBM Aspera Shares Application or IBM Aspera Console Application, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://support.asperasoft.com/hc/en-us/articles/229505687-Security-Bulletin-Multiple-OpenSSL-vulnerabilities-affect-IBM-Aspera-Shares-1-9-2-or-earlier- -IBM-Aspera-Console-3-0-6-or-earlier
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112856
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112858
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111140
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111141
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1Tg5v6h

from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-openssl-vulnerabilities-affect-ibm-aspera-shares-1-9-4-or-earlier-and-ibm-aspera-console-3-0-6-or-earlier/