Notice IBM is now listing V7R4 PTFs.
https://www-01.ibm.com/support/docview.wss?uid=ibm10883384&myns=ibmi&mynp=OCSSC52E&mynp=OCSSC5L9&mynp=OCSSTS2D&mynp=OCSS9QQS&mync=E&cm_sp=ibmi-_-OCSSC52E-OCSSC5L9-OCSSTS2D-OCSS9QQS-_-E
Security Bulletin
Summary
ISC BIND is vulnerable to this security vulnerability. IBM i has addressed this vulnerability.
Vulnerability Details
CVEID: CVE-2018-5743<
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743>
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw when setting the TCP client quota using the tcp-clients option. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the exhaustion of file descriptors.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/160127 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Releases 7.1, 7.2, 7.3, and 7.4 of IBM i are affected.
Remediation/Fixes
The issue can be fixed by applying a PTF to IBM i.
Releases 7.1, 7.2, 7.3, and 7.4 of IBM i are supported and will be fixed.
The IBM i PTF numbers are:
Release 7.1 – SI69882
Release 7.2 – SI69883
Release 7.3 – SI69885
Release 7.4 – SI69886
https://www-945.ibm.com/support/fixcentral/
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
