30 May 2024 IBM i Security Alert: OpenSSL & OpenSSH (10/10/2023)

New security bulletin from IBM:
OpenSSL and OpenSSH for IBM i are vulnerable to arbitrary code execution, denial of service and circumvention of security restrictions due to multiple vulnerabilities. This flaw has a severity code of 8.1, so we strongly recommend applying the patch.

For OpenSSH, the flaw lies in the execution of arbitrary code due to a defect in ssh-agent (CVE-2023-38408),
for OpenSSL on the other hand, there are several vulnerabilities, here we note 2 denials of service, the first due to a flaw in DH key verification (CVE-2023-3817) and the second due to an object-to-text function (CVE-2023-2650), OpenSSL is also vulnerable to a bypass of security restrictions due to a flaw in certificate verification (CVE-2023-0465)

IBM i has fixed these vulnerabilities in the following patch or in the remediation/fixes section, which you can find here: https: //lnkd.in/e3zFzCcu.

Posted in