Guardium not affected by openssl CVE-2016-2107

Question & Answer

Question

Is Guardium vulnerable to CVE-2016-2107 and others against OpenSSL?

Cause

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Answer

Guardium v10 is based on RHEL 6. According to https://rhn.redhat.com/errata/RHSA-2016-0996.html

RHEL6:
openssl-1.0.1e-48.el6_8.1.*.rpm addresses

CVE-2016-0799
CVE-2016-2105
CVE-2016-2106
CVE-2016-2107
CVE-2016-2108
CVE-2016-2109
CVE-2016-2842

And according to https://access.redhat.com/solutions/2298211

CVE-2016-2176 does not affect the versions of OpenSSL used by Redhat (that includes RHEL 5,6,7).

So Guardium is not affected.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium Appliances","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.0;10.0.1;10.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Guardium not affected by openssl CVE-2016-2107

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?