Security Bulletin: Libxml2 vulnerabilities affect IBM SmartCloud Entry (CVE-2015-1819)

Summary IBM SmartCloud Entry is vulnerable to several libxml2 vulnerabilities. Remote attackers can exploit them to consume all available memory resources. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injecti...

Security Bulletin: Vulnerability in memcached affects SmartCloud Entry (CVE-2016-8704, CVE-2016-8705)

Summary A heap-based buffer overflow has been identified in memcached shipped with SmartCloud Entry. Vulnerability Details CVEID: CVE-2016-8704 DESCRIPTION: Memcached is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the processbinappendprepend function. By using a...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306...

Security Bulletin: Vulnerability in libgcrypt affects SmartCloud Entry (CVE-2016-6313 )

Summary GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. Vulnerability Details CVEID: CVE-2016-6313 DESCRIPTION: GnuPG could provide weaker than expected security, caused by an error in the...

Security Bulletin: Spice-server vulnerabilities affect IBM SmartCloud Entry (CVE-2016-0749 CVE-2016-2150 )

Summary SmartCloud Entry is vulerable to Spice-server vulnerabilities. Attackers could exploit them to cause improper bounds checking by smartcard interaction or bypass security restrictions Vulnerability Details CVEID: CVE-2016-0749 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.35 and Version 7.0.10.1 used by SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in Apr 2017. Vulnerability Details CVEID: CVE-2017-3514 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM SmartCloud Entry

Summary OpenSSL vulnerabilities were disclosed on 28th Jan 2016, March 1, 2016 ,May 3 2016 by the OpenSSL Project. OpenSSL is used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the applicable CVEs - CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176...

Security Bulletin: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

Summary IBM SmartCloud Entry is vulnerable to a glic vulnerability, which allows a romote attacker overflow a buffer and cause the application to crash. Vulnerability Details CVEID: CVE-2015-7547 DESCRIPTION: GNU C Library glibc is vulnerable to a stack-based buffer overflow, caused by improper...

Security Bulletin: Vulnerabilities in Python affect IBM SmartCloud Entry (CVE-2016-0772 CVE-2016-5699 CVE-2016-1000110)

Summary IBM SmartCloud Entry is vulnerable to Python vulnerabilities. Attackers could exploit these vulnerabilities to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer, inject arbitrary HTTP headers...

Security Bulletin: Vulnerabilities in Qemu-kvm affect IBM SmartCloud Entry

Summary IBM SmartCloud Entry is vulnerable to Qemu-kvm vulnerabilities. Attackers could overflow a buffer and execute arbitrary code on the system or cause the application to crash, or could exploit these vulnerabilities to gain elevated privileges on the host system or cause a denial of service,...

Security Bulletin: Vulnerabilities in Bash affect IBM SmartCloud Entry Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM SmartCloud Entry appliance. Vulnerability Details CVE-ID:...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.0.10.5 used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with th...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.25 and Version 7.0.9.35 that is used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in July 2016 and October 2016 and includes the vulnerability commonly...

Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-5240 CVE-2015-3280)

Summary IBM SmartCloud Entry is vulnerable to a Nova vulnerability that allows a remote authenticated attacker to cause a denial of service. IBM SmartCloud Entry is vulnerable to a Neutron vulnerability that allows an attacker to bypass firewall rules and gain access to applications. Vulnerabilit...

Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)

Summary IBM SmartCloud Entry is vulnerable to several Grep vulnerabilities. Remote attackers can exploit them to obtain sensetive information or launch further attacks on the system. Vulnerability Details CVEID: CVE-2012-5667 DESCRIPTION: grep is vulnerable to a heap-based buffer overflow, caused...

Security Bulletin: Vulnerability in bind affects SmartCloud Entry (CVE-2016-9147)

Summary ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger a...

Security Bulletin: Multiple vulnerabilities in qemu-kvm and libguestfs affect SmartCloud Entry (CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980 CVE-2015-8869)

Summary Multiple vulnerabilitieshave been identified in qemu-kvm and libguestfs. Qemu-kvm and libguestfs shipped with IBM SmartCloud Entry Appliance. IBM SmartCloud Entry Appliance has addressed the vulnerabilities. Vulnerability Details CVE-2016-9603 DESCRIPTION: Xen is vulnerable to a heap-base...

Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry

Summary Multiple vulnerabilities have been identified in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util. coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util shipped with IBM SmartCloud Entry Appliance. IBM SmartCloud Entry Appliance has addressed the vulnerabilities...

Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2014-8121)

Summary IBM SmartCloud Entry is vulnerable to GNU C library glibc vulnerabilities. Remote attackers can exploit them to cause the application to enter into an infinite loop. Vulnerability Details CVEID: CVE-2014-8121 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service, caused by...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6.0.16.21 and Version 7.0.9.20 that is used by IBM SmartCloud Entry. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as...