High Severity

IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown)

Share this post:

Power 7+: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Note that a subsequent FW release is required and will replace this FW update for CVE-2017-5715 for IBMi when available. In addition, Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

Power 8: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

CVE(s): CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

Products Addressed and Versions:

Power 7+ Products Addressed:
1) IBM Power 720 Express (8202- E4D)
2) IBM Power 740 Express (8205- E6D)
3) IBM Smart Analytics System 7700 R1.1 (8493-SV6)
4) IBM Power 710 Express (8231- E1D)
5) IBM Power 710 Express (8268-E1D)
6) IBM Power 730 Express (8231- E2D)
7) IBM Power 750 Express (8408-E8D)
8) IBM Power 760 Express (9109-RMD)
9) BM PowerLinux 7R1 (8246-L1D)
10) IBM PowerLinux 7R1 (8246-L1T)
11) IBM PowerLinux 7R2 (8246-L2D)
12) IBM PowerLinux 7R2 (8246-L2T)
13) IBM PowerLinux 7R4 (8248-L4T)
14) IBM Power 770 (9117-MMD)
15) IBM Power 780 (9179-MHD)
16) IBM Power ESE (8412-EAD)
17) IBM Flex System p260 Compute Node (7895-23X)
18) IBM Flex System p260 Compute Node (7895-23A) with F/C EFD9
19) IBM Flex System p460 Compute Node (7895-43X)
20) IBM Flex System p270 Compute Node (7954-24X)

Power 8 Products Addressed:
1) IBM Power System S812 (8284-21A)
2) IBM Power System S822 (8284-22A)
3) IBM Power System S814 (8286-41A)
4) IBM Power System S824 (8286-42A)
5) IBM Power System S812L( 8247-21L)
6) IBM Power System S822L (8247-22L)
7) IBM Power System S824L (8247-42L)
8) IBM Power System E850 (8408-E8E)
9) IBM Power System E850C (8408-44E)
10) IBM Power System E870 (9119-MME)
11) IBM Power System E880 (9119-MHE)
12) IBM Power System E870C (9080-MME)
13) IBM Power System E880C (9080-MHE)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1026811

More High Severity stories

IBM Product Security Incident Response

Acknowledgement

Aug 20, 2018 3:45 pm EDT

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2018 Cody Wass, (NetSPI) David Azria, Alex Mor, (Ernst & Young, Hacktics Advanced Security Center) Jakub Tyrlik, (ING TECH) Jan Bee, (Google Security Team) ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Aug 20, 2018 9:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. These issues were disclosed as part of the IBM Java SDK updates in April 2018. CVE(s): CVE-2018-2798, CVE-2018-2783, CVE-2018-2794, CVE-2018-2800, CVE-2018-2795, ...read more


IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a systemd vulnerability (CVE-2018-1049)

Aug 20, 2018 9:00 am EDT | Medium Severity

IBM Security Access Manager Appliance has addressed the following vulnerability. CVE(s): CVE-2018-1049 Affected product(s) and affected version(s): Affected IBM Security Access Manager Appliance Affected Versions IBM Security Access Manager 9.0.3.0-9.0.4.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10728209X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138105 ...read more