RE: Fw: Security Bulletin: IBM i Access for Windows affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422. (2016.10.26)

<The issue can be fixed by obtaining and applying the Service Pack SI57907>

SI57907 was out almost a year ago, 11/12/15.

Latest SP is SI60523 - 06/20/16

I'm wondering if they actually meant SI60523.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Nathan Andelin
Sent: Wednesday, October 26, 2016 12:32 PM
To: Midrange Systems Technical Discussion
Subject: Re: Fw: Security Bulletin: IBM i Access for Windows affected by vulnerabilities CVE-2015-2023 and CVE-2015-7422. (2016.10.26)

I don't suppose there's some easy way to tell if someone is connecting
to your IBM i by one client or the other? And, if so, the patch level
of the client?

I've never read anything indicating that possibility with 5250 interfaces.
Browsers on the other hand forward that kind of information to the HTTP server in each request.

It doesn't appear to matter in this case. The problem text suggested that the vulnerability pertained to the Windows client, which also suggests that the new ACS client (JVM based) would not be affected. Think of a JVM being a platform of its own - separate from the OS which hosts it.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.