IBM Support

VULNERABILITY UPDATE ON ZERO-DAY FLAW IN LINUX FOR GUARDIUM APPLIANCES (CVE-2016-0728)

Question & Answer


Question

Which versions of Guardium appliance are not affected by Zero-Day Flaw (Memory-Leak) found in Linux systems ?

Cause

Zero-Day Flaw found in Linux is a new memory-leak vulnerability that impacts the core linux kernel. An attacker could abuse the flaw to gain root-level privileges on a device and execute arbitrary code or steal any data stored on the device. Please refer to:
http://www.databreachtoday.com/zero-day-flaw-found-in-linux-a-8808

RedHat has provided the following statement in response to CVE-2016-0728:

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the Linux kernels as shipped with Red Hat Entereprise MRG 2 and Red Hat Enterprise Linux 7. Future Linux kernel updates for the respective releases will address this issue. Refer to https://access.redhat.com/node/2131021 for further information.

See also: https://access.redhat.com/security/cve/cve-2016-0728

Answer


The following versions of Guardium appliances are not affected by CVE-2016-0728 :


Guardium versionsRHEL versionsAffected ?
V8.25No
V9.05No
V9.15No
V9.55No
V10.06No

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Database Activity Monitor","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0;8.2;9.0;9.1;9.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21975729

Page Feedback