Security Bulletin: OpenSSLにある複数の脆弱性のWebSphere Message BrokerとIBM Integration Busへの影響について

Summary OpenSSLの脆弱性について、OpenSSL Projectより2016年 9月22日、9月26日、11月10日にそれぞれ公表されております。WebSphere Message BrokerならびにIBM Integration Busにて使用されているDataDirect ODBC ドライバーに対して該当するCVEがあり、対処しております。 Vulnerability Details 最新の情報は下記の文書（英語）をご参照ください。 Security Bulletin: Multiple vulnerabilities in OpenSSL affect...

Security Bulletin: Vulnerabilities in OpenSSL affects IBM Rational ClearCase (CVE-2016-2177, CVE-2016-2178, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-3087-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3087-1 advisory. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cau...

CVE-2016-6303

CVE-2016-6303 involves an overflow in MDC2_Update() in OpenSSL (pre-1.1.0). The vulnerability allows a remote attacker to crash the application via an out‑of‑bounds write, i.e., a denial of service, with potential other impacts depending on the context. Publicly documented fixed releases show Ope...