OpenSSL versions prior to 1.0.0 do not follow best security practices

Flash (Alert)


Abstract

Tivoli Provisioning Manager: potential security exposure: versions of OpenSSL prior to 1.0.0 need to be upgraded since they not follow best security practices

Content

IBM Tivoli Intelligent Orchestrator, IBM Tivoli Provisioning Manager (TPM) and IBM Tivoli Provisioning Manager for Software (TPM for Software) and IBM Tivoli Provisioning Manager Embedded Edition depend on the OpenSSL package supplied by the following Operating Systems :
- AIX
- RedHat Enterprise Linux
- SUSE Linux Enterprise Server
and third party product :
- Cygwin for Windows

OpenSSL 1.0.0 packages are available or are going to be available for each of them.

To check their availability, after getting the latest openssl vulnerability identifier (e.g. CVE-2012-2333) from URL:

http://www.openssl.org/news/vulnerabilities.html

you should follow steps below:

1. refer to the RedHat CVE database site

https://access.redhat.com/security/cve

to identify the latest RedHat openssl package to be downloaded, filtering by the CVE identifier
(e.g. CVE-2012-2333)

2. refer to the Novell CVE Database URL:

http://support.novell.com/security/cve

to identify the latest SLES openssl package to be downloaded clicking on the relative CVE identifier (e.g. CVE-2012-2333)

3. refer to the AIX Toolbox for Linux Application URL:

http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html

and click on AIX Toolbox Cryptographic Content to get the latest AIX openssl package

4. refer to URL:

http://cygwin.com

to install the latest version of cygwin

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Provisioning Manager

Software version:

5.1.1

Operating system(s):

AIX, Linux Red Hat - iSeries, Linux SUSE - iSeries, Windows

Reference #:

1616127

Modified date:

2014-10-01

Translate my page

Machine Translation

Content navigation