OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs.
CVEID: CVE-2015-0286 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101666 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-0292 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing base64 encoded data. An attacker could exploit this vulnerability using specially-crafted base 64 data to corrupt memory and execute arbitrary code on the system and cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101670 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
IBM Netezza Platform Software 7.0.2.16-P2 and earlier
IBM Netezza Platform Software 7.0.4.8-P2 and earlier
IBM Netezza Platform Software 7.1.0.5-P2 and earlier
IBM Netezza Platform Software 7.2.0.4-P2 and earlier
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
IBM Netezza Platform Software| 7.0.2.16-P3|
| Link to IBM Fix Central
IBM Netezza Platform Software| 7.0.4.8-P3|
| Link to IBM Fix Central
IBM Netezza Platform Software| 7.1.0.5-P3|
| Link to IBM Fix Central
IBM Netezza Platform Software| 7.2.0.4-P3|
| Link to IBM Fix Central
For IBM Netezza Platform Software 6.0.8.x and earlier, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None