IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 …
OpenSSL vulnerabilities were disclosed on September 22, 2016 by the OpenSSL Project. OpenSSL is used by IBM IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client, IBM Aspera Faspstream, IBM Aspera Cargo, and IBM Aspera Sync. The above mentioned products have addressed the applicable CVEs.
CVE(s): CVE-2016-6302, CVE-2016-6304, CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-2181, CVE-2016-2183
Affected product(s) and affected version(s):
IBM Aspera Enterprise Server 3.6.2 or earlier
IBM Aspera Connect for Web Access 3.6.2 or earlier
IBM Aspera Desktop Client 3.6.2 or earlier
IBM Aspera Point to Point Client 3.6.2 or earlier
IBM Aspera Cargo 1.5.0 or earlier
IBM Aspera Faspstream 3.7.0 or earlier
IBM Aspera Sync 3.5.3 or earlier
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Bp6HTz
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC
The post IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync (CVE-2016-6302 CVE-2016-6304 CVE-2016-6303 CVE-2016-2182 CVE-2016-2177 CVE-2016-2178 … appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2j3eMq2