OpenSSL could allow a local attacker to obtain sensitive information, caused by an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm).
CVE IDs: CVE-2014-0076
DESCRIPTION: This bulletin covers the following OpenSSL related CVE.
CVEID: CVE-2014-0076
Description: OpenSSL could allow a local attacker to obtain sensitive information, caused by an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm).
CVSS Base Score: 2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91990 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Releases V5R3, V5R4, 6.1 and 7.1 of IBM i are affected.
The issue can be fixed by applying a PTF to the IBM i Operating System.
Releases 6.1 and 7.1 of IBM i are supported and will be fixed. Release V5R4 is unsupported, however it will be fixed. Releases V5R3 is unsupported and will not be fixed.
The IBM i PTF numbers are:
**Release 5.****4 -**SI53888
Release 6.1 - SI53046 Release 7.1 - SI53024
_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.