Security Bulletin: Vulnerability in systemd affects Power Hardware Management Console (CVE-2019-6454)

Summary

The systemd is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE

Vulnerability Details

CVEID: CVE-2019-6454 DESCRIPTION:

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.
CVSS Base Score: 7

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Power HMC V8.7.0.0
Power HMC V9.1.910.0

Remediation/Fixes

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V8.8.7.1 SP3 ppc

|

MB04210

|

MH01824

Power HMC

|

V8.8.7.1 SP3 x86

|

MB04209

|

MH01823

Power HMC

|

V9.1.930.1 SP1 ppc

|

MB04213

|

MH01826

Power HMC

|

V9.1.930.0 SP1 x86

|

MB04212

|

MH01825

Workarounds and Mitigations

None