CVE Archives - IT Jungle

Multiple Security Vulnerabilities Reported In IBM i

April 30, 2018 Alex Woodie

IBM this month revealed an array of security vulnerabilities across IBM i middleware components, including OpenSSL, DHCP, and Java products. Most of the flaws were given a “high severity” rating, and all of them have been patched.

This week’s security fun starts with DHCP (Dynamic Host Configuration Protocol), which is used to automate the management and distribution of IP addresses within a network. According to the April 26 IBM security bulletin, IBM i 7.1, 7.2, and 7.3 are vulnerable to a pair of security vulnerabilities in the underlying DHCP protocol.

The first DHCP flaw, which is identified as CVE-2018-5732 …
Read more
IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

February 21, 2018 Alex Woodie

IBM has issued patches to fix a serious security problem in the IBM Global Security Kit, or GSKit, a relatively obscure crypto package that implements SSL/TLS encryption algorithms across a variety of IBM products, including IBM i. An old flaw in the underlying RSA crypto algorithm that could let hackers decrypt data in a “side channel” attack has resurfaced under a new moniker: “ROBOT.”

GSKit is an IBM toolkit that implements various encryption-related functions, including symmetric and asymmetric ciphers, random number generation, hashing algorithms, and encryption key management capabilities, for products that need over-the-wire encryption, including IBM i, Linux, and …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

Multiple Security Vulnerabilities Reported In IBM i

IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

Content archive

Recent Posts

Subscribe

Pages

Search