IBM Security Bulletin: September 2016 OpenSSL Vulnerabilities affect Multiple N series Products
Multiple N series products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.1u, 1.0.2i, and 1.1.0a are susceptible to vulnerabilities that could lead to out-of-bound writes or reads, heap corruption, man-in-the-middle attacks, memory exhaustion, or arbitrary information disclosure. IBM System Storage N series has addressed the following vulnerabilities.
CVE(s): CVE-2016-6302, CVE-2016-6305, CVE-2016-2179, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-2181, CVE-2016-6303, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-6304, CVE-2016-2183
Affected product(s) and affected version(s):
Data ONTAP operating in 7-Mode: 8.2.1, 8.2.2, 8.2.3, 8.2.4;
SnapDrive for Windows: 7.1.1, 7.1.2, 7.1.3;
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010852
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117024
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117111
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116343
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117112
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117113
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117114
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116344
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117023
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116342
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115829
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113890
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113889
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117110
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/116337
The post IBM Security Bulletin: September 2016 OpenSSL Vulnerabilities affect Multiple N series Products appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2Dp0RHg