High Severity

IBM Security Bulletin: This Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754 (known as Spectre and Meltdown)

Share this post:

Power 7+: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Note that a subsequent FW release is required and will replace this FW update for CVE-2017-5715 for IBMi when available. In addition, Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

Power 8: In response to recently reported security vulnerabilities, this Power firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754. Operating System updates are required in conjunction with this FW level for CVE-2017-5753 and CVE-2017-5754.

CVE(s): CVE-2017-5753, CVE-2017-5715, CVE-2017-5754

Products Addressed and Versions:

Power 7+ Products Addressed:
1) IBM Power 720 Express (8202- E4D)
2) IBM Power 740 Express (8205- E6D)
3) IBM Smart Analytics System 7700 R1.1 (8493-SV6)
4) IBM Power 710 Express (8231- E1D)
5) IBM Power 710 Express (8268-E1D)
6) IBM Power 730 Express (8231- E2D)
7) IBM Power 750 Express (8408-E8D)
8) IBM Power 760 Express (9109-RMD)
9) BM PowerLinux 7R1 (8246-L1D)
10) IBM PowerLinux 7R1 (8246-L1T)
11) IBM PowerLinux 7R2 (8246-L2D)
12) IBM PowerLinux 7R2 (8246-L2T)
13) IBM PowerLinux 7R4 (8248-L4T)
14) IBM Power 770 (9117-MMD)
15) IBM Power 780 (9179-MHD)
16) IBM Power ESE (8412-EAD)
17) IBM Flex System p260 Compute Node (7895-23X)
18) IBM Flex System p260 Compute Node (7895-23A) with F/C EFD9
19) IBM Flex System p460 Compute Node (7895-43X)
20) IBM Flex System p270 Compute Node (7954-24X)

Power 8 Products Addressed:
1) IBM Power System S812 (8284-21A)
2) IBM Power System S822 (8284-22A)
3) IBM Power System S814 (8286-41A)
4) IBM Power System S824 (8286-42A)
5) IBM Power System S812L( 8247-21L)
6) IBM Power System S822L (8247-22L)
7) IBM Power System S824L (8247-42L)
8) IBM Power System E850 (8408-E8E)
9) IBM Power System E850C (8408-44E)
10) IBM Power System E870 (9119-MME)
11) IBM Power System E880 (9119-MHE)
12) IBM Power System E870C (9080-MME)
13) IBM Power System E880C (9080-MHE)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=isg3T1026811

More High Severity stories

Security Bulletin: IBM Cognos Controller 2019Q4 Security Updater: Multiple Security Vulnerabilities have been identified in IBM Cognos Controller

Nov 21, 2019 9:38 am EST | High Severity

This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller 10.4.1 IF2, 10.4.0 IF5, 10.3.1 IF12 and 10.3.0 FP1 IF13. A vulnerability exists in IBM Cognos Controller that could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM Cognos Controller stores sensitive information in ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (July2019 updates)

Nov 21, 2019 9:10 am EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that are used by the OS Images for IBM Cloud Pak System formerly known as IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK quarterly updates in July 2019. OS Images have addressed the applicable CVEs. Affected product(s) and affected ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (CVE-2019-4473, CVE-2019-11771)

Nov 21, 2019 8:49 am EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK update in July 2019. Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus 8.1.0 Refer to the following reference URLs for remediation and additional vulnerability details:   Source ...read more