×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
POODLE is CVE-2014-3566. This is probably a different security leak.
Mark Murphy
STAR BASE Consulting, Inc.
mmurphy@xxxxxxxxxxxxxxx
-----rob@xxxxxxxxx wrote: -----
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
From: rob@xxxxxxxxx
Date: 01/12/2015 09:51AM
Subject: RE: POODLE vs Firmware
For some reasons IBM left off the word POODLE from the fix that you are
currently at:
http://delivery04.dhe.ibm.com/sar/CMA/SFA/04m9q/0/01AL740_152_042.html
All the rest of the terminology sure smells like POODLE
HIPER/Pervasive: A security problem was fixed in the OpenSSL (Secure
Socket Layer) protocol that allowed clients and servers, via a specially
crafted handshake packet, to use weak keying material for communication. A
man-in-the-middle attacker could use this flaw to decrypt and modify
traffic between the management console and the service processor. The
Common Vulnerabilities and Exposures issue number for this problem is
CVE-2014-0224.
...
Then again, that may have been for a different security leak
http://en.wikipedia.org/wiki/POODLE
The fix you have is dated 06/24/14 (see fix history from first URL),
POODLE wasn't disclosed until September 2014 (see WIKI article above).
Maybe they don't have the fix ready for Power 7?
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.