Security Bulletin: IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Abstract Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality. Content CVE ID: CVE-2012-2190 DESCRIPTION: GSKit allows remote attackers to cause a denial of service...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in GSKit (CVE-2012-2203, CVE-2012-2191, CVE-2012-2190)

Abstract Vulnerabilities in IBM Global Security Kit GSKit, shipped as part of IBM Tivoli Composite Application Manager for Transactions ITCAM for Transactions. Content VULNERABILITY DETAILS: Security vulnerabilities have been discovered in the GSKit libraries. ITCAM for Transactions uses the GSKi...

Security Bulletin: GSKit Trust Anchor vulnerability in Tivoli Directory Server (CVE-2012-2203)

Abstract A vulnerability has been identified in the GSKit component utilized by Tivoli Directory Server TDS such that trust anchors can be inserted without detection. Remediation for the issue consists of updating GSKit 7 to version 7.0.4.41 or higher, and GSKit 8 to version 8.0.14.22 or higher...

Security Bulletin: Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203).

Abstract GSKit is an IBM product that is used by IBM DB2 for SSL support. The GSKit that is shipped with DB2 contains multiple security vulnerabilities. By default, DB2 does not use SSL for client-server communication and therefore, this vulnerability affects DB2 only if SSL is enabled. Content...

Security Bulletin: Multiple vulnerabilities in Rational Directory Server (CVE-2012-2203, CVE-2012-2191)

Summary Notice of security vulnerabilities which impacts IBM Rational Directory Server 5.2.x Tivoli variant only along with instructions to resolve the issues. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for...

Security Bulletin: IBM Rational ClearQuest security vulnerability fixes for CVE-2012-2203

Summary IBM Rational ClearQuest uses the IBM GSKit component to establish SSL connections to an LDAP directory server for LDAP authentication. ClearQuest 7.1.2.8 and 8.0.0.4 install updated versions of GSKit which contain corrections for security vulnerability CVE-2012-2203 Vulnerability Details ...

CVE-2012-2203

CVE-2012-2203 concerns IBM GSKit (PKCS#12) where trust anchors can be inserted into the keystore, enabling possible SSL/TLS spoofing. IBM advisories show GSKit updates as remediation across multiple products: for Tivoli/GSKit 7.x use 7.0.4.41 or later; for GSKit 8.x use 8.0.14.22 or later (e.g., ...