IBM Security Bulletin: A vulnerability in the Linux kernel affects PowerKVM (CVE-2016-3044)

Written by IBM PSIRT | July 25, 2016 | Medium Severity

PowerKVM is affected by a denial of service (DoS) vulnerability in the Linux kernel. This vulnerability is now fixed. CVE(s): CVE-2016-3044 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1023969X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114706 ...read more


IBM Security Bulletin: Multiple vulnerabilities in ImageMagick affect PowerKVM

Written by IBM PSIRT | July 25, 2016 | High Severity

PowerKVM is affected by several vulnerabilities in ImageMagick. These vulnerabilities are now fixed. CVE(s): CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898, CVE-2016-5118, CVE-2016-5239, CVE-2016-5240 Affected product(s) and affected version(s): PowerKVM v2.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1023934X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114226X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114227X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114228X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114229X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113611X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/114230X-Force Database: ...read more


IBM Security Bulletin: Multiple vulnerabilities in ntp affect PowerKVM

Written by IBM PSIRT | July 25, 2016 | High Severity

PowerKVM is affected by several vulnerabilities in the Network Time Protocol. These vulnerabilities are now fixed. CVE(s): CVE-2015-5300, CVE-2015-7704, CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1023885X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/107594X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/107446X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/110024X-Force Database: ...read more


IBM Security Bulletin: Multiple vulnerabilities in PCRE affect PowerKVM

Written by IBM PSIRT | July 25, 2016 | High Severity

PowerKVM is affected by several vulnerabilities in the PCRE library. These vulnerabilities are now fixed. CVE(s): CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8385 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1023886X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/108461X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/108459X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/108456X-Force Database: ...read more


IBM Security Bulletin: A vulnerability in lcms affects PowerKVM (CVE-2013-7455)

Written by IBM PSIRT | July 25, 2016 | High Severity

PowerKVM is affected by a vulnerability in Little CMS (lcms). This vulnerability is now fixed. CVE(s): CVE-2013-7455 Affected product(s) and affected version(s): PowerKVM 2.1 and PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1023876X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/112910 ...read more


IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM Tivoli Storage Manager Administration Center (CVE-2016-4560)

Written by IBM PSIRT | July 25, 2016 | High Severity

InstallAnywhere generates installation executables which are vulnerable to a DLL-planting that affects IBM Tivoli Storage Manager Administration Center on Windows platforms. CVE(s): CVE-2016-4560 Affected product(s) and affected version(s): The following levels of IBM Tivoli Storage Manager Administration Center are affected on the Windows platform: 6.3.0.0 through 6.3.5.x 6.2 and 6.1 all levels (these releases are ...read more


IBM Security Bulletin: Vulnerability in InstallAnywhere affects IBM Tivoli Monitoring for Tivoli Storage Manager Server (CVE-2016-4560)

Written by IBM PSIRT | July 25, 2016 | High Severity

InstallAnywhere generates installation executables which are vulnerable to a DLL-planting affecting IBM Tivoli Monitoring for Tivoli Storage Manager (Reporting) on Windows platforms. CVE(s): CVE-2016-4560 Affected product(s) and affected version(s): The following levels of IBM Tivoli Monitoring for Tivoli Storage Manager (Reporting) Server are affected on the Windows platform: 6.3.0.0 through 6.3.5.x 6.2, 6.1, and 5.5 ...read more


IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Application Server

Written by IBM PSIRT | July 22, 2016 | High Severity

The following potential security vulnerabilities have been identified in all versions of IBM OpenPages GRC Platform with Application Server. See the CVE(s): CVE-2016-0638, CVE-2016-0675, CVE-2016-0688, CVE-2016-0696, CVE-2016-0700, CVE-2016-3416 Affected product(s) and affected version(s): IBM OpenPages GRC Platform with Application Server 7.0. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21987642X-Force ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2016-3426 CVE-2016-3427)

Written by IBM PSIRT | July 22, 2016 | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2016. CVE(s): CVE-2016-3426, CVE-2016-3427 Affected product(s) and affected version(s): The following product, running on all supported platforms, is affected: ...read more


IBM Security Bulletin: Vulnerability in InstallShield affects IBM WebSphere eXtreme Scale .NET client installation (CVE-2016-2542)

Written by IBM PSIRT | July 22, 2016 | High Severity

InstallShield generates installation executables which are vulnerable to an DLL-planting vulnerability during installation of the .NET client CVE(s): CVE-2016-2542 Affected product(s) and affected version(s): WebSphere eXtreme Scale 8.6 .NET client installer Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21985366X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/110914 ...read more


IBM Security Bulletin: OpenSSL security vulnerabilities in IBM N Series Products

Written by IBM PSIRT | July 22, 2016 | High Severity

There are security vulnerabilities related to OpenSSL in IBM N Series products. CVE(s): CVE-2010-5298, CVE-2014-0195 , CVE-2014-0198 , CVE-2014-0221, CVE-2014-0224 , CVE-2014-3470 , CVE-2014-3505 , CVE-2014-3506 , CVE-2014-3507, CVE-2014-3508 , CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 , CVE-2014-5139 Affected product(s) and affected version(s): Clustered Data ONTAP Antivirus Connector: 1.0, 1.0.1, 1.0.3; Data ONTAP SMI-S Agent: 5.1.1, 5.1.2, ...read more


IBM Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 (CVE-2016-0785 CVE-2016-2162)

Written by IBM PSIRT | July 21, 2016 | High Severity

Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by IBM® FlashSystem™ 840 and IBM FlashSystem 900 in its Service Assistant GUI. CVE(s): CVE-2016-0785, CVE-2016-2162 Affected product(s) and affected version(s): FlashSystem 840 including machine type and models (MTMs) for all available code levels. MTMs affected include 9840-AE1 and 9843-AE1. FlashSystem 900 ...read more