z/VSE service news (openSSL PTFs)
Ingolf24 120000DRN3 Visits (8099)
New openSSL PTFs are available. They fix a problem as described in vulnerability CVE-2014-0224. The PTFs affect z/VSE Version 5 only, because openSSL was first delivered with z/VSE 5.1.
The APAR is DY47545. It is described here. The corresponding PTFs are UD54036 (z/VSE 5.1) and UD54037 (z/VSE 5.2).
In z/VSE 5.1 openSSL is exploited by the product IPv6/VSE. In zVSE 5.2 there are more exploiters. Therefore I recommend that all IPv6/VSE and z/VSE 5.2 users apply these new PTFs.
The APAR will show up tomorrow on our secu