IBM Support

IT01934: A VULNERABILITY IN RELATION TO TLS RECORD PROCESSING HAS BEEN DISCOVERED RELATED TO TLS 1.0 IN GSKIT

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • A vulnerability in relation to TLS Record Processing has been
    discovered related TLS 1.0 and later which can result in high
    CPU Utilization leading requiring a system reboot to resolve.
    GSKit  8.0.50.17 used in Connect:Direct for Windows
    

Local fix

  • STRRTC - 424498
    JL / SF
    Circumvention: None
    

Problem summary

  • Users Affected:
    Sterling Connect:Direct for Windows 4.7.0
    
    Problem Description:
    Vulnerability related to Record Processing in TLS 1.0 and later
    which can result in high CPU Utilization that requires a system
    reboot to resolve.
    
    Platforms Affected:
    Windows
    

Problem conclusion

  • Resolution Summary:
    Updated the version of GSKit.
    
    Delivered In:
    Sterling Connect:Direct for Windows 4.7.0.1
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT01934

  • Reported component name

    STR CD FOR WIND

  • Reported component ID

    5725C9908

  • Reported release

    460

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-05-21

  • Closed date

    2014-05-30

  • Last modified date

    2014-05-30

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR CD FOR WIND

  • Fixed component ID

    5725C9908

Applicable component levels



Document information

More support for: Sterling Connect:Direct for Microsoft Windows

Software version: 4.6

Reference #: IT01934

Modified date: 30 May 2014