IT12806: VULNERABILITIES IN OPENSSL AFFECT STERLING CONNECT:DIRECT FOR WINDOWS (CVE-2015-3194,CVE-2015-3195)

4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if022
4.6.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if028
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if008
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if009
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if013
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if015
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if018
Sterling Connect:Direct for Microsoft Windows 4.6.0 Fix Packs

APAR status

• Closed as program error.

Error description

• Several vulnerabilities were reported in OpenSSL which makes
  OpenSSL vulnerable. Sterling Connect:Direct for Microsoft
  Windows uses OpenSSL and therefore is also vulnerable to
  CVE-2015-3194 and CVE-2015-3195.
  

Local fix

• STRRTC - 485782
  VF / VF
  Circumvention: None
  

Problem summary

• Users Affected:
  Sterling Connect:Direct for Windows 4.5.00
  Sterling Connect:Direct for Windows 4.5.01
  Sterling Connect:Direct for Windows 4.6.0
  
  Problem Description:
  Several vulnerabilities were reported in OpenSSL which makes
  OpenSSL vulnerable. Sterling Connect:Direct for Microsoft
  Windows uses OpenSSL and therefore is also vulnerable to
  CVE-2015-3194 and CVE-2015-3195.
  
  Platforms Affected:
  Windows
  

Problem conclusion

• Resolution Summary:
  Updated OpenSSL.
  
  Delivered In:
  Sterling Connect:Direct for Windows 4.5.00 Patch 059
  Sterling Connect:Direct for Windows 4.5.01 Patch 025
  Sterling Connect:Direct for Windows 4.6.0.5_iFix021
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Fix information

• Fixed component name

  STR CD FOR WIND

• Fixed component ID

  5725C9908

Applicable component levels