IBM Security Virtual Server Protection for VMware 1.1.0.1 ===================================================================== Last modified: 05/16/2013 PLEASE READ THIS DOCUMENT IN ITS ENTIRETY. © Copyright IBM Corporation 2009, 2012. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. ===================================================================== CONTENTS ===================================================================== - Description - Compatibility - Applying the Update - MD5 of included files - TECHNICAL SUPPORT - Reporting product issues DESCRIPTION ===================================================================== This patch contains enhancements for IBM Security Virtual Server Protection for VMware V1.1.0.1 Details -------- This patch fixes the issue where IBM Security Virtual Server Protection for VMware System can be affected by several vulnerabilities in OpenSSL. These vulnerabilities include obtaining sensitive information and denial of service vulnerabilities that could be exploited remotely by an attacker. In the case of IBM Security Virtual Server Protection for VMware System, SSH can be affected by the vulnerabilities. Further, for these vulnerabilities, no authentication is required, the vulnerability is remotely exploitable, and no specialized knowledge is required. (CVE-2013-0169, CVE-2013-0166, and CVE-2011-4354) COMPATIBILITY ===================================================================== This update applies only to: IBM Security Virtual Server Protection for VMware V1.1.0.1. APPLYING THE UPDATE ===================================================================== To apply the update: Important: You must have root user permissions to perform the steps in this procedure. 1. Copy the patch file to the /root directory of the SVM (1.1.0.1-ISS-VSP-svm-IF002.sh). 2. On the SVM, run the patch installation script: sh 1.1.0.1-ISS-VSP-svm-IF002.sh MD5 OF INCLUDED FILES ===================================================================== 5B290A35259C254B6DA7DF80445E2FA8 1.1.0.1-ISS-VSP-svm-IF002.sh TECHNICAL SUPPORT FOR NORTH AMERICA ===================================================================== IBM SECURITY SYSTEMS provides technical support to customers that are entitled to receive support. The IBM Support Portal -------- Before you contact IBM SECURITY SYSTEMS about a problem, see the IBM Support Portal at http://www.ibm.com/software/support The IBM Software Support Guide -------- If you need to contact technical support, use the methods described in the IBM Software Support Guide at http://www14.software.ibm.com/webapp/set2/sas/f/handbook/home.html The guide provides the following information: - Registration and eligibility requirements for receiving support - TECHNICAL SUPPORT telephone numbers for the country in which you are located - Information you must gather before contacting TECHNICAL SUPPORT INFORMATION REQUIRED FOR REPORTING PRODUCT ISSUES ===================================================================== If you encounter a problem with this product, please make notes that are as detailed as possible about the following: - Version of IBM Security Virtual Server Protection for VMware - IBM Security Virtual Server Protection for VMware configuration - Network deployment - Specific failure symptoms or undesirable behavior This information helps us reproduce the problem and resolve it as quickly as possible.