IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC)
The updates indicated below have been released to address the following vulnerabilities: CVE-2016-2107 MITM attack in OpenSSL, CVE-2016-5547 Denial of service in IBM Java JRE CVE-2017-1123 Escalation of privilege in the DS8000 HMC
CVE(s): CVE-2016-2107, CVE-2016-5547, CVE-2016-5547, CVE-2017-1123
Affected product(s) and affected version(s):
DS8800 R8.2 up to 88.22.33.00
DS8800 R8.1 up to 88.11.45.00
DS8800 R8.0 all versions 88.0x.xx.xx
DS8870 R7.x all versions 87.xx.xx.xx
DS8800 R6.x all versions 86.xx.xx.xx
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009613
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112854
X-Force Database:
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/120871
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121249
The post IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2Fpub1a