× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



POODLE is CVE-2014-3566. This is probably a different security leak.

Mark Murphy
STAR BASE Consulting, Inc.
mmurphy@xxxxxxxxxxxxxxx


-----rob@xxxxxxxxx wrote: -----
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
From: rob@xxxxxxxxx
Date: 01/12/2015 09:51AM
Subject: RE: POODLE vs Firmware

For some reasons IBM left off the word POODLE from the fix that you are
currently at:
http://delivery04.dhe.ibm.com/sar/CMA/SFA/04m9q/0/01AL740_152_042.html
All the rest of the terminology sure smells like POODLE
HIPER/Pervasive: A security problem was fixed in the OpenSSL (Secure
Socket Layer) protocol that allowed clients and servers, via a specially
crafted handshake packet, to use weak keying material for communication. A
man-in-the-middle attacker could use this flaw to decrypt and modify
traffic between the management console and the service processor. The
Common Vulnerabilities and Exposures issue number for this problem is
CVE-2014-0224.
...

Then again, that may have been for a different security leak
http://en.wikipedia.org/wiki/POODLE

The fix you have is dated 06/24/14 (see fix history from first URL),
POODLE wasn't disclosed until September 2014 (see WIKI article above).
Maybe they don't have the fix ready for Power 7?


Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.