CVE Archives - IT Jungle

Samba Patch Caps Busy Year for IBM i Security

December 4, 2019 Alex Woodie

IBM last week patched a moderately severe security flaw in IBM i’s Samba implementation that could enable hackers to access data they really shouldn’t be able to access. The disclosure caps a rather busy second half of the year for security patches on IBM i that saw 26 emergency PTFs and Yum updates for Node.js, Python, the Apache HTTP Server, OpenSSL, ISC Bind, IBM Navigator, and even Db2 Mirror for IBM i.

On November 26, IBM issued this security bulletin to let people know about the new flaw in the Samba client. The flaw could allow a hacker to not …
Read more
Multiple Security Vulnerabilities Reported In IBM i

April 30, 2018 Alex Woodie

IBM this month revealed an array of security vulnerabilities across IBM i middleware components, including OpenSSL, DHCP, and Java products. Most of the flaws were given a “high severity” rating, and all of them have been patched.

This week’s security fun starts with DHCP (Dynamic Host Configuration Protocol), which is used to automate the management and distribution of IP addresses within a network. According to the April 26 IBM security bulletin, IBM i 7.1, 7.2, and 7.3 are vulnerable to a pair of security vulnerabilities in the underlying DHCP protocol.

The first DHCP flaw, which is identified as CVE-2018-5732 …
Read more
IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

February 21, 2018 Alex Woodie

IBM has issued patches to fix a serious security problem in the IBM Global Security Kit, or GSKit, a relatively obscure crypto package that implements SSL/TLS encryption algorithms across a variety of IBM products, including IBM i. An old flaw in the underlying RSA crypto algorithm that could let hackers decrypt data in a “side channel” attack has resurfaced under a new moniker: “ROBOT.”

GSKit is an IBM toolkit that implements various encryption-related functions, including symmetric and asymmetric ciphers, random number generation, hashing algorithms, and encryption key management capabilities, for products that need over-the-wire encryption, including IBM i, Linux, and …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

Samba Patch Caps Busy Year for IBM i Security

Multiple Security Vulnerabilities Reported In IBM i

IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

Content archive

Recent Posts

Subscribe

Pages

Search