High Severity

IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown)

Share this post:

Power 7+: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Note that a subsequent FW release is required and will replace this FW update for CVE-2017-5715 for IBMi when available. In addition, Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

Power 8: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

CVE(s): CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

Products Addressed and Versions:

Power 7+ Products Addressed:
1) IBM Power 720 Express (8202- E4D)
2) IBM Power 740 Express (8205- E6D)
3) IBM Smart Analytics System 7700 R1.1 (8493-SV6)
4) IBM Power 710 Express (8231- E1D)
5) IBM Power 710 Express (8268-E1D)
6) IBM Power 730 Express (8231- E2D)
7) IBM Power 750 Express (8408-E8D)
8) IBM Power 760 Express (9109-RMD)
9) BM PowerLinux 7R1 (8246-L1D)
10) IBM PowerLinux 7R1 (8246-L1T)
11) IBM PowerLinux 7R2 (8246-L2D)
12) IBM PowerLinux 7R2 (8246-L2T)
13) IBM PowerLinux 7R4 (8248-L4T)
14) IBM Power 770 (9117-MMD)
15) IBM Power 780 (9179-MHD)
16) IBM Power ESE (8412-EAD)
17) IBM Flex System p260 Compute Node (7895-23X)
18) IBM Flex System p260 Compute Node (7895-23A) with F/C EFD9
19) IBM Flex System p460 Compute Node (7895-43X)
20) IBM Flex System p270 Compute Node (7954-24X)

Power 8 Products Addressed:
1) IBM Power System S812 (8284-21A)
2) IBM Power System S822 (8284-22A)
3) IBM Power System S814 (8286-41A)
4) IBM Power System S824 (8286-42A)
5) IBM Power System S812L( 8247-21L)
6) IBM Power System S822L (8247-22L)
7) IBM Power System S824L (8247-42L)
8) IBM Power System E850 (8408-E8E)
9) IBM Power System E850C (8408-44E)
10) IBM Power System E870 (9119-MME)
11) IBM Power System E880 (9119-MHE)
12) IBM Power System E870C (9080-MME)
13) IBM Power System E880C (9080-MHE)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1026811

More High Severity stories

IBM Security Bulletin: IBM API Connect is affected by a critical privilege escalation vulnerability in Kubernetes (CVE-2018-1002105)

Dec 19, 2018 9:01 am EST | High Severity

API Connect has addressed the following vulnerability. CVE(s): CVE-2018-1002105 Affected product(s) and affected version(s): Affected API Connect Affected Versions IBM API Connect 2018.1-2018.4.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10744277X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153638 ...read more


IBM Security Bulletin: IBM API Connect V5 – Admin Users Can Elevate Own Permissions (CVE-2018-1973)

Dec 19, 2018 9:01 am EST | High Severity

IBM API Connect has addressed the following vulnerabilities. CVE(s): CVE-2018-1973 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10788339X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153914 ...read more


IBM Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784)

Dec 19, 2018 9:01 am EST | High Severity

IBM API Connect has addressed the following vulnerabilities. CVE(s): CVE-2018-1784 Affected product(s) and affected version(s): Affected Product Affected Versions IBM API Connect 5.0.0.0-5.0.8.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10737883X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/148807 ...read more