Tuesday, March 17, 2015

Security Bulletin: Multiple vulnerabilities impact DS8000 HMC

Here's a new security bulletin on the DS8870 (and above). You can find it over here.
I'm not taking over all its content because it's a bit too elaborate but here's the summary


There are multiple vulnerabilities in the DS8000 HMC which are covered in this bulletin and include the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). This bulletin also covers several items which were updated to address other vulnerabilities.

Vulnerability Details

Before applying the patches or versions noted in this advisory, please read the additional notes - there are potential impacts to clients which connect to the updated servers since SSLv3 is disabled. You should verify that disabling SSLv3 does not cause compatibility issues.

While this advisory covers mainly CVE-2014-3566, product updates included also address the list of CVEs"
CVEs are concentrating on Open SSL, IBM Java and NTP.

Affected Products and Versions are DS8870 R7.2 and above, DS8800/DS8870 R6.3 SP 9 and above.

The fix is available as a full update as well as patch. You find all the necessary details in the bulletin itself.

No comments: