APAR status
Closed as documentation error.
Error description
Accelerator maintenance levels up to maintenance level 7.5.6.x (deployment on IIAS) have incorporated IIAS software platform levels including OpenSSH versions prior to 7.2p2. Vulnerability scans may lead to findings related to the OpenSSH version used. For details concerning these potential findings see https://www.openssl.org/news/secadv/20190910 The issue will be fixed with accelerator maintenance level 7.5.7. Additional keywords: TS004048067 OpenSSH
Local fix
Problem summary
Users affected: All customers of IBM Db2 Analytics Accelerator for z/OS V7.5 with deployment on IIAS, having got a maintenance level up to 7.5.6. Problem summary: The issue has been fixed with accelerator maintenance level 7.5.7 by inclusion of IIAS software platform level 1.0.26.1. IIAS level 1.0.26.1 supersedes IIAS level 1.0.25.0 which includes the latest available OpenSSH version that has been provided for RedHat7 (OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017). This OpenSSH version fixes the vulnerabilities reported in CVE-2019-1563 and CVE-2019-1547.
Problem conclusion
Upgrade your accelerator maintenance level to 7.5.7 or higher.
Temporary fix
Comments
APAR Information
APAR number
PH42359
Reported component name
ANYTCS ACCLTR Z
Reported component ID
5697DA700
Reported release
750
Status
CLOSED DOC
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-11-25
Closed date
2021-11-26
Last modified date
2021-12-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M"},"Platform":[{"code":"PF054","label":"z\/OS"}],"Version":"750"}]
Document Information
Modified date:
11 December 2021