IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products
Multiple N series products incorporate the OpenSSL software libraries to provide cryptographic capabilities. OpenSSL versions below 1.0.2k and 1.1.0d are susceptible to vulnerabilities that could lead to out-of-bound reads, process crashes, Denial of Service (DoS) attacks, or incorrect results. Multiple N series products has addressed the applicable CVEs.
CVE(s): CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, CVE-2016-7055
Affected product(s) and affected version(s):
Data ONTAP operating in 7-Mode: 8.2.1, 8.2.2, 8.2.3, 8.2.4;
SnapDrive for Windows: 7.1.1, 7.1.2, 7.1.3, 7.1.4;
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012311
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121311
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121312
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121313
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/118748
The post IBM Security Bulletin: Jnuary 2017 OpenSSL Vulnerabilities affect Multiple N series Products appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2FC4rtz