Download
Abstract
This document lists the fixes contained in IBM PureApplication System and Software Version 2.1.0.2.
Download Description
Version 2.1.0.2 addresses the following security vulnerabilities for IBM PureApplication System:
CVEID: CVE-2015-0138
DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is also known as the FREAK attack.
CVEID: CVE-2015-0204
DESCRIPTION: A vulnerability in the OpenSSL ssl3_get_key_exchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is also known as the FREAK attack.
CVEID: CVE-2015-1916
DESCRIPTION: Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVEID: CVE-2015-1920
DESCRIPTION: WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
CVEID: CVE-2015-2808
DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as "Bar Mitzvah Attack".
CVEID: CVE-2015-4000
DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey a DHE_EXPORT ciphersuite choice. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to 512-bit export-grade cipher. Successful exploitation could allow an attacker to recover the session key as well as modify the contents of the traffic. This vulnerability is commonly referred to as "Logjam".
See the following known limitation:
- Caching Service status shows as "Failed" after upgrading to 2.1.0.2.
The caching service deployment sometimes ends in a failed state due to a mismatched password.
To diagnose the problem, download the logs and extract them. Examine the ...\Master\IWDAgent\opt\IBM\maestro\agent\usr\servers\Caching-Master.<Instance>\logs\Caching-Master.<Instance>.Caching file.
If you see these lines:
Caching service is not running properly, returned the following:
<TimeStamp>: {
"errorStatusCode": 401,
"errorMessage": null
}
then you are hitting this issue. As a workaround, redeploy the caching service.
The following tables contain the Authorized Program Analysis Reports (APARs) and other fixes that are included in this release. If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version.
APAR | Abstract |
We should not remove collection sets associated to a problem report until necessary | |
The chassis management modules collection set fails to be created | |
"Default Add NIC" add-on in a multi-virtual machine pattern is unpredictable. | |
Call Home service ticket generated for informational alert on IBM PureApplication System version 2.0.0.1 | |
"CWZAG2022X - Failed to create snapshot" error on Power system | |
CWZIP3534E Call Home connection did not complete successfully, HTTP Error = 404 | |
CWZIP6007E Message indicating the file system is greater than or equal to 90 percent used |
APAR | Abstract |
CWZCO1006E: Start failed to ping virtual machines for IBM API Management Virtual System |
APAR | Abstract |
Problem with script packages containing certain characters in script environment variable names | |
Problem with script packages containing certain characters in script environment variable names | |
Interim fix policy with multiple fixes is not applying all fixes | |
The elastic load balancing plug-in binaries need to include the Logjam and POODLE fixes. |
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24040424