IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems has addressed the following vulnerabilities in libxslt.
Summary
IBM Integrated Management Module II (IMM2) for System x, Flex
and BladeCenter Systems has addressed the following vulnerabilities
in libxslt.
Vulnerability Details
CVEID: CVE-2017-5029
Description: Google Chrome could allow a remote
attacker to execute arbitrary code on the system, caused by an
integer overflow in libxslt. By persuading a victim to visit a
specially-crafted Web site, a remote attacker could exploit this
vulnerability to execute arbitrary code on the system or cause a
denial of service.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122981
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-4738
Description: Apple Mac OS X could allow a
remote attacker to execute arbitrary code on the system, caused by
a memory corruption in libxslt. By persuading a victim to visit a
specially crafted Web site, an attacker could exploit this
vulnerability to execute arbitrary code on the system or cause a
denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117202
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2015-9019
Description: libxslt could provide weaker then
expected security, caused by the failure to initialize the EXSLT
math.random function with a random seed during startup. An attacker
could exploit this vulnerability to produce predictable
outputs.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126453
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2015-7995
Description: libxslt is vulnerable to a denial
of service, caused by a type confusion error in the
xsltStylePreCompute() function. A remote attacker could exploit
this vulnerability to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107737
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2013-4520
Description: libxslt is vulnerable to a denial
of service, caused by an error in the libxslt/xslt.c when
processing XSL files. By persuading a victim to open a
specially-crafted XSL file containing DTD node, a remote attacker
could exploit this vulnerability to cause the application to
crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89722
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected products and versions
| Product |
Version |
| IBM Integrated Management Module II (IMM2) for
System x and Flex Systems |
1AOO |
| IBM Integrated Management Module II (IMM2) for
BladeCenter Systems |
1AOO |
Remediation/Fixes
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/
| Product |
Fixed Version |
IBM Integrated Management Module II (IMM2) for
System x and Flex Systems
ibm_fw_imm2_1aoo80g-6.40_anyos_noarch |
1AOO80G-6.40 |
IBM Integrated Management Module II (IMM2) for
BladeCenter Systems
ibm_fw_imm2_1aoo80g-6.40-bc_anyos_noarch |
1AOO80G-6.40_bc |
Workarounds and Mitigations
None.
References
Related Information
IBM
Secure Engineering Web Portal
IBM Product Security
Incident Response Blog
Lenovo
Product Security Advisories
Acknowledgement
None.
Change History
13 November, 2017: Original Version Published
* The CVSS Environment Score is customer environment specific
and will ultimately impact the Overall CVSS Score. Customers can
evaluate the impact of this vulnerability in their environments by
accessing the links in the Reference section of this Security
Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams
(FIRST), the Common Vulnerability Scoring System (CVSS) is an
"industry open standard designed to convey vulnerability severity
and help to determine urgency and priority of response." IBM
PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND,
INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE
IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
References
On
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
BladeCenter:Operating system independent / None
System x:Operating system independent / None
PureFlex System and Flex System:Operating system independent / None
[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW20M","label":"BladeCenter->BladeCenter T Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW20T","label":"BladeCenter->BladeCenter E Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW21Y","label":"BladeCenter H Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW22P","label":"BladeCenter S Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW22Q","label":"BladeCenter->BladeCenter HT Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW22P","label":"BladeCenter S Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW341","label":"System x->System x3250 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW94A","label":"Flex System Manager Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94F","label":"Enterprise Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX81","label":"System x->System x3500 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX82","label":"System x->System x3530 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX91","label":"System x->System x3550 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA3","label":"System x->System x3650 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA5","label":"System x->System x3650 M4 BD"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA7","label":"System x->NeXtScale nx360 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXB1","label":"System x->System x3950 X6"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXB2","label":"System x->System x3100 M5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG4","label":"System x->System x3300 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG6","label":"System x->System x3750 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXH1","label":"System x->System x3630 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXK0","label":"System x->System x3100 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXL0","label":"System x->System x3250 M5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXM0","label":"System x->System x3850 X6"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]