IBM Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4.

IBM has released the following fixes for AIX and VIOS in response to CVE-2018-3639.

CVE(s): CVE-2018-3639

Affected product(s) and affected version(s):

AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x

The vulnerabilities in the following filesets are being addressed:

key_fileset = aix

Fileset                 Lower Level  Upper Level KEY
———————————————————
bos.mp64                5.3.12.0     5.3.12.10   key_w_fs
bos.mp64                6.1.9.0      6.1.9.316   key_w_fs
bos.mp64                7.1.4.0      7.1.4.34    key_w_fs
bos.mp64                7.1.5.0      7.1.5.16    key_w_fs
bos.mp64                7.2.0.0      7.2.0.6     key_w_fs
bos.mp64                7.2.1.0      7.2.1.5     key_w_fs
bos.mp64                7.2.2.0      7.2.2.16    key_w_fs

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example: lslpp -L | grep -i bos.mp64

Note: AIX or VIOS users of all fileset levels should continue to monitor their My Notifications alerts and the IBM PSIRT Blog for additional information about these vulnerabilities:

– My Notifications
http://www.ibm.com/support/mynotifications

– IBM PSIRT Blog – Potential Impact on Processors in the Power Family
https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=isg3T1027700

The post IBM Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4. appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2IJ8bMn