This interim fix upgrades the GSKit shipped with IBM HTTP Server to resolve the CVE-2013-6747 vulnerability.
PI09443 resolves the following problem:
Users of IBM HTTP Server with SSL enabled.
A GSKit security library problem could result in hang or crash of IBM HTTP Server.
Apply this fix if using IBM HTTP Server with SSL enabled.
The GSKit security library was updated to resolve the issue.
This fix is targeted for IBM HTTP Server fixpacks:
IBM HTTP Server is distributing an updated GSKit security library as an interim fix.
The fix for PI08502 is also included in this interim fix.
No configuration is required once GSKit is updated to 18.104.22.168 or 22.214.171.124.
Note: For IHS 8.5.5, the fix is in the 126.96.36.199 fixpack , but "CVE-2013-6747" will not be listed in
the '-V' output until the 188.8.131.52 fixpack.
For IHS version 8.0 and 8.5:
The interim fix can be installed using Installation Manager (IM) with the Web-based ("live") repository provided by IBM. It may be necessary to de-select the "Show recommended only" option within IM and to expand "Only fixes for version 8.x.y.z" to see the fix listed.
The interim fix is also available from Fix Central at the link listed in the Download Package section below.
For IHS versions prior to 8.0:
This standalone GSKit update has been published to the IBM HTTP Server Fixes download site,
and is located under the 'GSKit Version 7' section for your platform. Click 'here' to be taken to the login page.
For IBM HTTP Server 6.x releases, download the GSKit 184.108.40.206 package and Readme
under the section labeled 'PI09443 - IHS Version 6'
For IBM HTTP Server 7.0 releases, download the GSKit 220.127.116.11 package and Readme
under the section labeled 'PI09443 - IHS Version 7'
Review the readme.txt available with the fix for installation instructions.
Fixes for IHS V6 and V7 must be downloaded as described above from the IBM HTTP Server Fixes download site.
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
15 June 2018