IBM PureApplication System Version 2.0.0.1 Interim Fix 4

Download Description

To download the interim fix, go to the PureApplication System product page on Fix Central.

• IBM GPFS allows local users to obtain root privileges for program execution via unspecified vectors (CVE-2015-0197), IBM GPFS in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors (CVE-2015-0198), mmfslinux kernel module in IBM GPFS allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls (CVE-2015-0199), which are announced and documented in this Security Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21960401
• OpenSSL: use-after-free on invalid EC private key import (CVE-2015-0209), OpenSSL: invalid pointer use in ASN1_TYPE_cmp() (CVE-2015-0286), OpenSSL: ASN.1 structure reuse memory corruption (CVE-2015-0287), OpenSSL: X509_to_X509_REQ NULL pointer dereference (CVE-2015-0288), OpenSSL: PKCS7 NULL pointer dereference (CVE-2015-0289), OpenSSL: integer underflow leading to buffer overflow in base64 decoding (CVE-2015-0292), and OpenSSL: assertion failure in SSLv2 servers (CVE-2015-0293), which are announced and documented in this Security Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21960210
• Vulnerability in RC4 stream cipher (CVE-2015-2808), which is announced and documented in this Security Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21883880

If an integrated pattern or component is not listed, there were no fixes for that pattern or component in this version.