Download
Release Date
25 January 2019
Abstract
This document lists the fixes contained in IBM PureApplication Version 2.2.5.3.
Download Description
Version 2.2.5.3 includes fixes for these security vulnerabilities:
CVEID: CVE-2017-16997
DESCRIPTION: GNU C Library could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the elf/dl-load.c. By using a Trojan horse library, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVEID: CVE-2018-1723
DESCRIPTION: IBM Spectrum Scale could allow a GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node.
CVEID: CVE-2018-1783
DESCRIPTION: IBM GPFS command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully terminate GPFS and deny access to data available through GPFS.
CVEID: CVE-2018-2952
DESCRIPTION: An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVEID: CVE-2018-3136
DESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVEID: CVE-2018-3139
DESCRIPTION: An unspecified vulnerability in related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVEID: CVE-2018-3180
DESCRIPTION: An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVEID: CVE-2018-3214
DESCRIPTION: An unspecified vulnerability related to the Java SE Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVEID: CVE-2018-3615
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature and Intel software guard extensions (Intel SGX). By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to leak information residing in the L1 data cache from an enclave and read data belonging to different security contexts.
CVEID: CVE-2018-3620
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack.
CVEID: CVE-2018-3639
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or "SpectreNG".
CVEID: CVE-2018-3646
DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker with guest OS privilege could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts.
CVEID: CVE-2018-6972
DESCRIPTION: VMware ESXi, Workstation, and Fusion are vulnerable to a denial of service, caused by a NULL pointer dereference in RPC handler. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the virtual machine to crash.
CVEID: CVE-2018-6974
DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in SVGA device. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVEID: CVE-2018-6981
DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to execute arbitrary code on the system, caused by an issue with uninitialized stack memory usage in the vmxnet3 virtual network adapter. If vmxnet3 is enabled, an attacker could exploit this vulnerability to execute arbitrary code and gain elevated privileges on the host system.
CVEID: CVE-2018-6982
DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to obtain sensitive information, caused by an issue with uninitialized stack memory usage in the vmxnet3 virtual network adapter. If vmxnet3 is enabled, an attacker could exploit this vulnerability to obtain sensitive information leaked from the host to the guest domain.
CVEID: CVE-2018-13785
DESCRIPTION: libpng is vulnerable to a denial of service, caused by a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVEID: CVE-2018-1000001
DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib/canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges.
The following tables contain the Authorized Program Analysis Reports (APARs) and other fixes that are included in this release. If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version. The upgrade recommendation is to move directly to 2.2.5.3.
APAR |
Abstract |
Compute Nodes lost connection to virtualization management system. |
|
Unable to create snapshot due to storage error |
|
VM not powering on - CWZIP8732E Information about the port group for VLAN ID null could not be obtained |
|
IPv6_IP Group Creation Error |
|
CWZIP6041E Compute node was put into quiesced because the compute node does not have any cache LUN. |
|
External profile for VM console access |
|
IT25393 | Timed out waiting for some virtual machines |
VDCS error when attempting to delete cloud group |
|
VMs inside PAS are failing test ping |
|
BMLs - replication status showing as unconfigured |
|
CWZIP6211W Connection timed out waiting for the resource lock |
|
Is IPAS able to use host name based NTP-servers |
|
Error ID = 987301: Connection to a configured remote cluster has been lost |
|
CWZIP8819W The storage pool on storage node has changed to the degraded state |
|
Compute Node in Discovering state |
APAR |
Abstract |
DB2 VIP Linux add NIC fails |
|
Refresh of environment profile values fail (Part2) |
|
Remove scripts are not executed at the deletion of a multi-system instances |
|
Unable to assign users to shared services |
|
Linux Cloud VM - Weak Permissions on Service Directory |
|
Problem with listing virtual instances for restricted access LDAP users |
|
Issue with shared service under IPAS version |
|
Script package is executed simultaneously resulting in http 500 error |
|
Network update job fails with DB2 exception | |
IBM Endpoint Manager shared service 1.0.5.0 does not work with external BigFix platform 9.5.9.62 |
|
Health check - Foundation Pattern Type for PureApplication |
|
When removing a large pattern instance the UI performance degrades to unusable levels |
|
Uploading collection sets with Call home does not work |
|
Problem with deploying instances |
|
Locked password in read-only pattern can be read by any user with read access |
|
GPFS client not starting after reboot of RHEL7 system |
|
Emergency fixes: Some IBM OS Images added at applicable to list are not applicable |
|
Pattern level parameter Description |
|
IBM Endpoint Manager shared service 1.0.5.0 multi-rack issue |
|
PureApplication Software Logical workload environment |
|
IT26825 | Migration of GPFS environment to other rack |
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
27 September 2019
UID
ibm10795320