Friday, December 9, 2016

IBM Security Bulletin: Vulnerabilities in OpenSSL affects IBM Rational ClearCase (CVE-2016-2177, CVE-2016-2178, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306)

OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs.

CVE(s): CVE-2016-2177, CVE-2016-2178, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306

Affected product(s) and affected version(s):

IBM Rational ClearCase versions:

Not all deployments of Rational ClearCase use OpenSSL in a way that is affected by these vulnerabilities.

You are vulnerable if your use of Rational ClearCase includes any of these configurations:

  1. You use the base ClearCase/ClearQuest integration client on any platform, configured to use SSL to communicate with a ClearQuest server.
  2. You use the UCM/ClearQuest integration on UNIX/Linux clients, configured to use SSL to communicate with a ClearQuest server.
    Note: Windows clients using the UCM/ClearQuest integration are not vulnerable.
  3. On UNIX/Linux clients, you use the Change Management Integration (CMI) for base ClearCase with ClearQuest or Rational Team Concert (RTC), or for UCM with ClearQuest or RTC, or for Jira, when configured to use SSL to communicate with the server.
    Note: Windows clients using the CMI integration are not vulnerable.
  4. You use ratlperl, ccperl, or cqperl to run your own perl scripts, and those scripts use SSL connections.

    Refer to the following reference URLs for remediation and additional vulnerability details:
    Source Bulletin: http://ift.tt/2heJ3A6
    X-Force Database: http://ift.tt/2aPXjQq
    X-Force Database: http://ift.tt/2asKHex
    X-Force Database: http://ift.tt/2dR3VyC
    X-Force Database: http://ift.tt/2dR4fNY
    X-Force Database: http://ift.tt/2dmXjFz
    X-Force Database: http://ift.tt/2dmY7tO
    X-Force Database: http://ift.tt/2dmYpRr

Version Status
9.0 through 9.0.0.2 Affected
8.0.1 through 8.0.1.12 Affected
8.0 through 8.0.0.19 Affected
7.1.0.x, 7.1.1.x, 7.1.2.x (all versions) Affected


from IBM Product Security Incident Response Team http://ift.tt/2gkGFe9
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)