IBM Security Virtual Server Protection for VMware 1.1.1.0 ===================================================================== Last modified: 06/23/2014 PLEASE READ THIS DOCUMENT IN ITS ENTIRETY. © Copyright IBM Corporation 2009, 2014. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. ===================================================================== CONTENTS ===================================================================== - Description - Compatibility - Applying the Update - MD5 of included files - TECHNICAL SUPPORT - Reporting product issues DESCRIPTION ===================================================================== This patch contains enhancements for IBM Security Virtual Server Protection for VMware V1.1.0.0 Details -------- This patch fixes the issue where IBM Security Virtual Server Protection for VMware System can be affected by a vulnerability in OpenSSL. OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and servers. A remote attacker could exploit this vulnerability using a specially-crafted handshake to conduct man-in-the-middle attacks to decrypt and modify traffic. (CVE-2014-0224) COMPATIBILITY ===================================================================== This update applies only to: IBM Security Virtual Server Protection for VMware V1.1.0.0. APPLYING THE UPDATE ===================================================================== To apply the update: Important: You must have root user permissions to perform the steps in this procedure. 1. Copy the patch file to the /root directory of the SVM (1.1.1.4-ISS-VSP-svm-IF001.sh). 2. On the SVM, run the patch installation script: sh 1.1.1.4-ISS-VSP-svm-IF001.sh MD5 OF INCLUDED FILES ===================================================================== ea22bfe5296dac53f286f7ed5267396c 1.1.1.4-ISS-VSP-svm-IF001.sh TECHNICAL SUPPORT FOR NORTH AMERICA ===================================================================== IBM SECURITY SYSTEMS provides technical support to customers that are entitled to receive support. The IBM Support Portal -------- Before you contact IBM SECURITY SYSTEMS about a problem, see the IBM Support Portal at http://www.ibm.com/software/support The IBM Software Support Guide -------- If you need to contact technical support, use the methods described in the IBM Software Support Guide at http://www14.software.ibm.com/webapp/set2/sas/f/handbook/home.html The guide provides the following information: - Registration and eligibility requirements for receiving support - TECHNICAL SUPPORT telephone numbers for the country in which you are located - Information you must gather before contacting TECHNICAL SUPPORT INFORMATION REQUIRED FOR REPORTING PRODUCT ISSUES ===================================================================== If you encounter a problem with this product, please make notes that are as detailed as possible about the following: - Version of IBM Security Virtual Server Protection for VMware - IBM Security Virtual Server Protection for VMware configuration - Network deployment - Specific failure symptoms or undesirable behavior This information helps us reproduce the problem and resolve it as quickly as possible.