IBM Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows

Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows have addressed the following vulnerabilities in cURL/libcurl.

CVE(s): CVE-2016-9586, CVE-2017-1000257, CVE-2017-8818, CVE-2017-8816, CVE-2017-8817, CVE-2017-7407

Affected product(s) and affected version(s):

The following products used with Intel Xeon Phi PCI-Express cards (Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A, and Intel Xeon Phi 7210P) on the System x systems:

• iDataPlex dx360 M4
• NeXtScale nx360 M4
• PureFlex x220 M4 / x240 M4 / x240 M5
• x3850 X6 / x3950 X6

Product	Version
Intel® Manycore Platform Software Stack (MPSS) for Linux & Windows	3.8

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099804
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/119929
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134033
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135659
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135657
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135658
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/125384

The post IBM Security Bulletin: Vulnerabilities in cURL/libcurl affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ift.tt/2GpGN3T