IBM Support

SE64529 - SC1-UTL OPENSSH PATCH SECURITY VULNERABILITIES

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 APAR (Authorized Program Analysis Report)

Abstract

SC1-UTL OPENSSH PATCH SECURITY VULNERABILITIES

Error Description

OpenSSH is vulnerable to the following CVEs:                    
                                                               
CVE-2016-3115                                                  
CVE-2016-1908                                                  
CVE-2016-1907                                                  

Problem Summary

****************************************************************
* PROBLEM: (SE64529) Licensed Program = 5733SC1 for i 6.1,     *
*                                       i 7.1, and i 7.2       *
*                                                              *
*           Security                                           *
****************************************************************
* USERS AFFECTED: All IBM i operating system users.            *
****************************************************************
* RECOMMENDATION: Apply PTF SI60277 for i 6.1.                 *
*                 Apply PTF SI60302 for i 7.1.                 *
*                 Apply PTF SI60301 for i 7.2.                 *
****************************************************************
*******                                                        
OpenSSH is vulnerable to the following CVEs:                    
                                                               
CVE-2016-3115                                                  
CVE-2016-1908                                                  
CVE-2016-1907                                                  

Problem Conclusion

The CVEs have been corrected.                                  

Temporary Fix

                       *********                                
                       * HIPER *                                
                       *********                                

Comments

Circumvention


PTFs Available

R610 SI60541 PTF Cover Letter   1000
R710 SI60302 PTF Cover Letter   6320
R720 SI60301 PTF Cover Letter   6306

Affected Modules

         
         

Affected Publications

Summary Information

Status............................................ CLOSED PER
HIPER........................................... Yes
Component.................................. 5733SC100
Failing Module.......................... RCHMGR
Reported Release................... R610
Duplicate Of..............................




System i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.2.0"},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG15Q","label":"APARs - OS\/400 General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V6R1M0;V7R1M0;V7R2M0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG16B","label":"APARs - i5\/OS V6R1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V6R1M0;V7R1M0;V7R2M0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
02 December 2016