Wednesday, August 3, 2016

IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cloud Manager with OpenStack

OpenSSL vulnerabilities were disclosed on 28th Jan 2016, March 1, 2016 ,May 3 2016 by the OpenSSL Project. OpenSSL is used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs – CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 CVE-2016-0705 CVE-2016-0798 CVE-2016-0797 CVE-2016-0799 CVE-2016-0702 CVE-2016-0703 CVE-2016-0704 CVE-2016-2842 CVE-2016-0701 CVE-2015-3197

CVE(s): CVE-2015-3197, CVE-2016-0701, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2842

Affected product(s) and affected version(s):

IBM Cloud Manager with OpenStack 4.1.0 through 4.1.0.5 interim fix 2
IBM Cloud Manager with OpenStack 4.2.0 through 4.2.0.3 interim fix 6
IBM Cloud Manager with OpenStack 4.3.0 through 4.3.0.6 interim fix 1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2asMuQy
X-Force Database: http://ift.tt/1rd26hw
X-Force Database: http://ift.tt/1W1VuQf
X-Force Database: http://ift.tt/1Tg5v6h
X-Force Database: http://ift.tt/1N2N4p7
X-Force Database: http://ift.tt/1Tg5wH8
X-Force Database: http://ift.tt/1Tg5wqO
X-Force Database: http://ift.tt/1Tg5wqQ
X-Force Database: http://ift.tt/1N2N4p3
X-Force Database: http://ift.tt/1N2N4p5
X-Force Database: http://ift.tt/1NwOPLs
X-Force Database: http://ift.tt/25myFMu
X-Force Database: http://ift.tt/1NwOQz5
X-Force Database: http://ift.tt/1VjTr9i
X-Force Database: http://ift.tt/1Z0wO8Z
X-Force Database: http://ift.tt/25mym4p
X-Force Database: http://ift.tt/24fOBfM



from IBM Product Security Incident Response Team http://ift.tt/2aPXs6g

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.