Monday, October 24, 2016

IBM Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression (PCRE) library used in IBM Aspera Shares 1.9.2 and earlier

There are multiple vulnerabilities with earlier versions of PCRE which was used by the IBM Aspera Shares Application.

CVE(s): CVE-2015-8380
, CVE-2015-8381
, CVE-2015-8382
, CVE-2015-8383
, CVE-2015-8384
, CVE-2015-8385
, CVE-2015-8386
, CVE-2015-8387
, CVE-2015-8388
, CVE-2015-8389
, CVE-2015-8390
, CVE-2015-8391
, CVE-2015-8392
, CVE-2015-8393
, CVE-2015-8394
, CVE-2015-8395
, CVE-2015-3210, CVE-2015-2327, CVE-2015-2328, CVE-2016-1283, CVE-2014-9769
, CVE-2016-3191

Affected product(s) and affected version(s):

IBM Aspera Shares Application 1.9.2 or earlier

Remediation/Fixes

Upgrade to IBM Aspera Shares Application 1.9.4 or later for Linux, and 1.9.6 or later for Windows from the Aspera downloads site.

For unsupported versions of IBM Aspera Shares Application, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2f1J78K -earlier
X-Force Database: http://ift.tt/1OkXBfB
X-Force Database: http://ift.tt/2eD1myW
X-Force Database: http://ift.tt/24O3Mgh
X-Force Database: http://ift.tt/1OkXBfD
X-Force Database: http://ift.tt/2f1Hisw
X-Force Database: http://ift.tt/2akVqbx
X-Force Database: http://ift.tt/24O3JkA
X-Force Database: http://ift.tt/24O3JkC
X-Force Database: http://ift.tt/1OkXBfJ
X-Force Database: http://ift.tt/24O3LZZ
X-Force Database: http://ift.tt/1OkXBfx
X-Force Database: http://ift.tt/24O3Jkw
X-Force Database: http://ift.tt/1OkXDEb
X-Force Database: http://ift.tt/24O3Mgf
X-Force Database: http://ift.tt/1OkXBfH
X-Force Database: http://ift.tt/2eD5cbb
X-Force Database: http://ift.tt/2cEBGCc
X-Force Database: http://ift.tt/2cNln3g
X-Force Database: http://ift.tt/2a5XFmn
X-Force Database: http://ift.tt/2b3CfU3
X-Force Database: http://ift.tt/2cEBO4A
X-Force Database: http://ift.tt/2akVHeF



from IBM Product Security Incident Response Team http://ift.tt/2f1J8JQ

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.