OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. OpenSSL vulnerabilities were disclosed on May 3, 2016 by the OpenSSL Project. OpenSSL is used by GPFS V3.5 for Windows. IBM GPFS V3.5 for Windows has addressed the applicable CVEs.
CVE(s): CVE-2016-3115, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
Affected product(s) and affected version(s):
OpenSSH for GPFS V3.5 for Windows
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1VvJOVd
X-Force Database: http://ift.tt/1TPZsvb
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
from IBM Product Security Incident Response Team http://ift.tt/1TPZ9Re
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.