z/VSE security: new bulletin affecting openSSL (MD5 “SLOTH” vulnerability)
Ingolf24 120000DRN3 Visits (8002)
Yesterday we released a new security bulletin.
The MD5 “SLOTH” vulnerability on TLS 1.2 affects OpenSSL on IBM z/VSE (described in CVE-2015-7575).
Affected Products and Versions: OpenSSL on z/VSE is affected if using GSK_LOW_SECURITY in gsk_
Remediation/Fixes: GSK_LOW_SECURITY should not be used.
For more information see the security bulletin in the security section of the z/VSE service & support web page - here.