Security Bulletin: IBM i affected by OpenSSL vulnerability (CVE-2014-0076)

Summary

OpenSSL could allow a local attacker to obtain sensitive information, caused by an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm).

Vulnerability Details

CVE IDs: CVE-2014-0076

DESCRIPTION: This bulletin covers the following OpenSSL related CVE.

CVEID: CVE-2014-0076
Description: OpenSSL could allow a local attacker to obtain sensitive information, caused by an implementation error in ECDSA (Elliptic Curve Digital Signature Algorithm).
CVSS Base Score: 2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91990 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Releases V5R3, V5R4, 6.1 and 7.1 of IBM i are affected.

Remediation/Fixes

The issue can be fixed by applying a PTF to the IBM i Operating System.

Releases 6.1 and 7.1 of IBM i are supported and will be fixed. Release V5R4 is unsupported, however it will be fixed. Releases V5R3 is unsupported and will not be fixed.

The IBM i PTF numbers are:

**Release 5.****4 -**SI53888
Release 6.1 - SI53046 Release 7.1 - SI53024

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.