9119-FHB (Doc Number=3529): Microcode update for MTMs 9119-FHB

Content

Updated microcode for Machine-Type Models: 9119-FHB

System Firmware Level: AH780_054

This package provides firmware for Power 795 (9119-FHB) Servers only.

Read the AH780_054 Description file for Firmware information and important notes.

NOTE: This Service Pack AH780_054 corrects the following HIPER (H ighI mpact / PER vasive) issues and replaces levels AH780_040 and AH780_050.

HIPER/Pervasive: A security problem was fixed in the OpenSSL Montgomery ladder implementation for the ECDSA (Elliptic Curve Digital Signature Algorithm) to protect sensitive information from being obtained with a flush and reload cache side-channel attack to recover ECDSA nonces from the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0076. The stolen ECDSA nonces could be used to decrypt the SSL sessions and compromise the Hardware Management Console (HMC) access password to the service processor. Therefore, the HMC access password for the managed system should be changed after applying this fix.

HIPER/Pervasive: A security problem was fixed in the OpenSSL Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) to not allow Heartbeat Extension packets to trigger a buffer over-read to steal private keys for the encrypted sessions on the service processor. The Common Vulnerabilities and Exposures issue number is CVE-2014-0160 and it is also known as the heartbleed vulnerability. The stolen private keys could be used to decrypt the SSL sessions and and compromise the Hardware Management Console (HMC) access password to the service processor. Therefore, the HMC access password for the managed system should be changed after applying this fix.

IBM recommends that systems running AH780_040 or AH780_050, upgrade to AH780_054.

Visit Fix Central for all the latest updates.