Flash (Alert)
Abstract
Tivoli Provisioning Manager: potential security exposure: versions of OpenSSL prior to 1.0.0 need to be upgraded since they not follow best security practices
Content
IBM Tivoli Intelligent Orchestrator, IBM Tivoli Provisioning Manager (TPM) and IBM Tivoli Provisioning Manager for Software (TPM for Software) and IBM Tivoli Provisioning Manager Embedded Edition depend on the OpenSSL package supplied by the following Operating Systems :
- AIX
- RedHat Enterprise Linux
- SUSE Linux Enterprise Server
and third party product :
- Cygwin for Windows
OpenSSL 1.0.0 packages are available or are going to be available for each of them.
To check their availability, after getting the latest openssl vulnerability identifier (e.g. CVE-2012-2333) from URL:
http://www.openssl.org/news/vulnerabilities.html
you should follow steps below:
1. refer to the RedHat CVE database site
https://access.redhat.com/security/cve
to identify the latest RedHat openssl package to be downloaded, filtering by the CVE identifier
(e.g. CVE-2012-2333)
2. refer to the Novell CVE Database URL:
http://support.novell.com/security/cve
to identify the latest SLES openssl package to be downloaded clicking on the relative CVE identifier (e.g. CVE-2012-2333)
3. refer to the AIX Toolbox for Linux Application URL:
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html
and click on AIX Toolbox Cryptographic Content to get the latest AIX openssl package
4. refer to URL:
http://cygwin.com
to install the latest version of cygwin
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.