IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Active Bypass (CVE-2016-6304, CVE-2016-6303, CVE-2016-2181, CVE-2016-6309, CVE-2016-7052 )
OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Security Network Active Bypass. IBM Security Network Active Bypass has addressed the applicable CVEs.
CVE(s): CVE-2016-6303, CVE-2016-6309, CVE-2016-7052, CVE-2016-6304, CVE-2016-2181
Affected product(s) and affected version(s):
IBM Security 1G Network Active Bypass firmware version 1.X firmware levels 1.0.849 through 3.30.5-21
IBM Security 10G Network Active Bypass firmware versions 1.x firmware levels 1.0.1876 through 3.30.5-21
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2hZh367
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXLUk
from IBM Product Security Incident Response Team http://ift.tt/2hZfIMA