IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

OpenSSL vulnerabilities were disclosed on September 22 and September 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs.

CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6305, CVE-2016-6303, CVE-2016-2180, CVE-2016-2177, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052

Affected product(s) and affected version(s):

IBM Spectrum Control 5.2.8 through 5.2.11
Tivoli Storage Productivity Center 5.2.0 through 5.2.7.1
Tivoli Storage Productivity Center 5.1.0 through 5.1.1.12

The versions listed above apply to all licensed offerings of IBM Spectrum Control and Tivoli Storage Productivity Center, including IBM SmartCloud Virtual Storage Center Storage Analytics Engine.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gAOHdW
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dR3XX1
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dmWOvf
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dR3Smm
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD

from IBM Product Security Incident Response Team http://ift.tt/2hF0NYm