Security Bulletin
Summary
Power Systems Firmware affected by vulnerability in OpenSSL (CVE-2016-0797)
Vulnerability Details
CVEID: CVE-2016-0797
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BN_hex2bn/BN_dec2bn() function. An attacker could exploit this vulnerability using specially crafted data to cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
Affected Firmware Versions(840)
840.00: 01SV840_056_056, 01SC840_056_056
840.10: 01SV840_079_056, 01SC840_079_056
840.11: 01SV840_087_056, 01SC840_087_056
Firmware 840 Affected Products:
IBM Power System S822 (8284-22A)
IBM Power System S814 (8286-41A)
IBM Power System S824 (8286-42A)
IBM Power System S812L (8247-21L)
IBM Power System S822L (8247-22L)
IBM Power System S824L (8247-42L)
IBM Power System E850 (8408-E8E)
IBM Power System E870 (9119-MME)
IBM Power System E880 (9119-MHE)
Remediation/Fixes
Customers on Version 840(SV/SC), install 840.20: 01SV840_104_056 or higher, 01SC840_104_056 or higher
The fix can be obtained from FixCentral by specifying the Product as described in the Affected Products and Versions section and fix level as specified in this Remediation/Fixes section.
Get Notified about Future Security Bulletins
References
Change History
Information for version 840 is added
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
19 August 2022
UID
isg3T1023841