IBM Support

Security Bulletin: Public disclosed vulnerability from Bouncy Castle affects Platform PCM

Created by Jian Jin on
Published URL:
https://www.ibm.com/support/pages/node/706317
706317

Security Bulletin


Summary

Public disclosed vulnerability (CVE-2018-5382) from Bouncy Castle fix was addressed by Platform PCM

Vulnerability Details

Data not yet populated.

Affected Products and Versions

Platform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1
Platform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1

Remediation/Fixes

None.

Workarounds and Mitigations

<Product

VRMFAPARRemediation/First Fix
Platform Cluster Manager Standard Edition4.1.0, 4.1.1, 4.1.1.1, 4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1NoneSee details below
Platform Cluster Manager Advanced Edition4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1NoneSee details below

Platform Cluster Manager 4.1.x and 4.2.x

1. Download Bouncy Castle jar file bcprov-jdk15on-159.jar from the following location http://www.bouncycastle.org/latest_releases.html

2. Copy the jar file into the management node. If high availability is enabled, copy the jar file to stand-by management node, as well.

3. If high availability is enabled, shutdown stand-by management node to avoid triggering high availability.

4. On the management node, stop GUI and PERF services

HA disabled:


# pmcadmin stop
# perfadmin stop all

HA enabled:
# egosh user logon -u Admin -x Admin
# egosh service stop all

5. On management node, replace the old jar file with new one.

6. On management node, start GUI and PERF services

HA disabled:


# pmcadmin start
# perfadmin start all

HA enabled:
# egosh user logon -u Admin -x Admin
# egosh service start all

Get Notified about Future Security Bulletins

References

Off

Change History

May 18, 2018: original version

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSZUCA","label":"IBM Spectrum Cluster Foundation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"3rd party integrations","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1.0;4.1.1;4.2","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
23 June 2018

UID

isg3T1027728