High Severity

IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown)

Share this post:

Power 7+: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Note that a subsequent FW release is required and will replace this FW update for CVE-2017-5715 for IBMi when available. In addition, Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

Power 8: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

CVE(s): CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

Products Addressed and Versions:

Power 7+ Products Addressed:
1) IBM Power 720 Express (8202- E4D)
2) IBM Power 740 Express (8205- E6D)
3) IBM Smart Analytics System 7700 R1.1 (8493-SV6)
4) IBM Power 710 Express (8231- E1D)
5) IBM Power 710 Express (8268-E1D)
6) IBM Power 730 Express (8231- E2D)
7) IBM Power 750 Express (8408-E8D)
8) IBM Power 760 Express (9109-RMD)
9) BM PowerLinux 7R1 (8246-L1D)
10) IBM PowerLinux 7R1 (8246-L1T)
11) IBM PowerLinux 7R2 (8246-L2D)
12) IBM PowerLinux 7R2 (8246-L2T)
13) IBM PowerLinux 7R4 (8248-L4T)
14) IBM Power 770 (9117-MMD)
15) IBM Power 780 (9179-MHD)
16) IBM Power ESE (8412-EAD)
17) IBM Flex System p260 Compute Node (7895-23X)
18) IBM Flex System p260 Compute Node (7895-23A) with F/C EFD9
19) IBM Flex System p460 Compute Node (7895-43X)
20) IBM Flex System p270 Compute Node (7954-24X)

Power 8 Products Addressed:
1) IBM Power System S812 (8284-21A)
2) IBM Power System S822 (8284-22A)
3) IBM Power System S814 (8286-41A)
4) IBM Power System S824 (8286-42A)
5) IBM Power System S812L( 8247-21L)
6) IBM Power System S822L (8247-22L)
7) IBM Power System S824L (8247-42L)
8) IBM Power System E850 (8408-E8E)
9) IBM Power System E850C (8408-44E)
10) IBM Power System E870 (9119-MME)
11) IBM Power System E880 (9119-MHE)
12) IBM Power System E870C (9080-MME)
13) IBM Power System E880C (9080-MHE)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1026811

More High Severity stories

IBM Security Bulletin: Vulnerability in Python affects IBM OS Images for Red Hat Linux Systems

Mar 21, 2019 10:01 am EDT | Low Severity

Security vulnerabilities are reported when using IBM OS Image for Red Hat Linux Systems RHEL 7.2 (V3.0.6.0). CVE(s): CVE-2016-2183 Affected product(s) and affected version(s): IBM PureApplication System V2.2.3.0 IBM PureApplication System V2.2.3.1 IBM PureApplication System V2.2.3.2 IBM PureApplication System V2.2.4.0 IBM PureApplication System V2.2.5.0 IBM PureApplication System V2.2.5.1 IBM PureApplication System V2.2.5.2 Refer to the ...read more


IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052)

Mar 21, 2019 10:01 am EDT | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-4052 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10874248X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156544 ...read more


IBM Security Bulletin: IBM Content Navigator is affected by a spoofing vulnerability

Mar 21, 2019 10:01 am EDT | Medium Severity

IBM Content Navigator has addressed the following vulnerability. CVE(s): CVE-2019-4035 Affected product(s) and affected version(s): Affected IBM Content Navigator Affected Versions IBM Content Navigator 3.0 Continuous Delivery Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10869060X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156001 ...read more