Security Bulletin
Summary
Public disclosed vulnerability (CVE-2018-5382) from Bouncy Castle fix was addressed by Platform PCM
Vulnerability Details
Data not yet populated.
Affected Products and Versions
Platform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1
Platform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1
Remediation/Fixes
None.
Workarounds and Mitigations
|
<Product | VRMF | APAR | Remediation/First Fix |
| Platform Cluster Manager Standard Edition | 4.1.0, 4.1.1, 4.1.1.1, 4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1 | None | See details below |
| Platform Cluster Manager Advanced Edition | 4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1 | None | See details below |
Platform Cluster Manager 4.1.x and 4.2.x
1. Download Bouncy Castle jar file bcprov-jdk15on-159.jar from the following location http://www.bouncycastle.org/latest_releases.html
2. Copy the jar file into the management node. If high availability is enabled, copy the jar file to stand-by management node, as well.
3. If high availability is enabled, shutdown stand-by management node to avoid triggering high availability.
4. On the management node, stop GUI and PERF services
HA disabled:
# pmcadmin stop
# perfadmin stop all
HA enabled:
# egosh user logon -u Admin -x Admin
# egosh service stop all
5. On management node, replace the old jar file with new one.
6. On management node, start GUI and PERF services
HA disabled:
# pmcadmin start
# perfadmin start all
HA enabled:
# egosh user logon -u Admin -x Admin
# egosh service start all
Get Notified about Future Security Bulletins
References
Change History
May 18, 2018: original version
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
23 June 2018
UID
isg3T1027728