Medium Severity

IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2019-1559) Security Bulletin

Share this post:

There is a vulnerability in OpenSSL used by AIX.

CVE(s): CVE-2019-1559

Affected product(s) and affected version(s):
AIX 7.1, 7.2
VIOS 2.2.x
The following fileset levels are vulnerable:

key_fileset = osrcaix Fileset Lower Level Upper Level KEY
——————————————————
openssl.base 1.0.2.500 1.0.2.1601 key_w_fs
openssl.base 20.13.102.1000 20.16.102.1600 key_w_fs
Note:
A. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are advised to upgrade to currently supported OpenSSL 1.0.2 version. B. Latest level of OpenSSL fileset is available from the web download site:
https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp&S_PKG=openssl

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in the AIX user’s guide.
Example: lslpp -L | grep -i openssl.base

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10878172
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514

More stories

IBM Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4146, CVE-2019-4222)

Apr 23, 2019 9:01 am EDT | Medium Severity

IBM Sterling B2B Integrator Standard Edition has addressed the information disclosure vulnerabilities CVE(s): CVE-2019-4146, CVE-2019-4222 Affected product(s) and affected version(s):IBM Sterling B2B Integrator 6.0.0.0 – 6.0.0.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10880595X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158401X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159231 ...read more


IBM Security Bulletin: Security Bulletin: IBM Content Navigator is affected by an open redirect vulnerability

Apr 23, 2019 9:01 am EDT | Medium Severity

IBM Content Navigator has addressed the following vulnerability. CVE(s): CVE-2019-4092 Affected product(s) and affected version(s): Affected IBM Content Navigator Affected Versions IBM Content Navigator 2.0.3 IBM Content Navigator 3.0 Continuous Delivery Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10874754X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157654 ...read more


IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator

Apr 23, 2019 9:01 am EDT | Medium Severity

IBM Sterling B2B Integrator Standard Edition has addressed the cross-scripting vulnerabilities CVE(s): CVE-2019-4073, CVE-2019-4074, CVE-2019-4075, CVE-2019-4076, CVE-2019-4077, CVE-2019-4148 Affected product(s) and affected version(s):IBM Sterling B2B Integrator 6.0.0.0 – 6.0.0.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10880591X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157107X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157108X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157109X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157110X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157111X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158414 ...read more