MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » April 2014

RE: OpenSSL Vulnerability Notice



fixed

Seriously. Could you please trim your posts :-)

Nothing like wading thru a 1000 line response of quoted text from previous posts.

Regards,
Richard Schoen
RJS Software Systems Inc.
Where Information Meets Innovation
Document Management, Workflow, Report Delivery, Forms and Business Intelligence
Email: richard@xxxxxxxxxxxxxxx
Web Site: http://www.rjssoftware.com
Tel: (952) 736-5800
Fax: (952) 736-5801
Toll Free: (888) RJSSOFT

-----Original Message-----


message: 1
date: Tue, 22 Apr 2014 21:50:28 -0400
from: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
subject: RE: OpenSSL Vulnerability Notice

IBM announced another vulnerability and more i5/OS PTF fixes.
These PTFs downloaded today, were included in Group Security SF99708

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020038

OpenSSL could allow a local attacker to obtain sensitive information, caused by an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm).


AFFECTED PRODUCTS AND VERSIONS:
Releases V5R3, V5R4, 6.1 and 7.1 of IBM i are affected.

REMEDIATION:
The issue can be fixed by applying a PTF to the IBM i Operating System.

Releases 6.1 and 7.1 of IBM i are supported and will be fixed. Releases V5R3 and V5R4 are unsupported and will not be fixed.

The IBM i PTF numbers are:

Release 6.1 - SI53046
Release 7.1 - SI53024

Paul







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact