Security Bulletin: Vulnerabilities in ClearCase OpenSSL Component (CVE-2013-0169, CVE-2012-2686, CVE-2013-0166)

Summary

The OpenSSL component shipped as a part of IBM Rational ClearCase has issued a security advisory. This component is used in making SSL connections in the base CC/CQ integration and in making SSL connections via user Perl modules. On the UNIX/Linux platforms, OpenSSL can also be used by the UCM/CQ integration.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

CVE ID:CVE-2013-0169
**Description:**This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/secadv_20130205.txt

CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81902&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID:CVE-2013-0166
**Description:**This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/secadv_20130205.txt

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81904&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID:CVE-2012-2686
**Description:**This vulnerability is listed in the OpenSSL security advisory located at http://www.openssl.org/news/secadv_20130205.txt

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81903&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Rational ClearCase versions prior to 8.0.0.7, or 7.1.2.11

Remediation/Fixes

Upgrade to one of the following releases:

• Rational ClearCase 8.0.1
• Rational ClearCase Fix Pack 7 (8.0.0.7) for 8.0
• Rational ClearCase Fix Pack 11 (7.1.2.11) for 7.1.2

Workarounds and Mitigations

None