Summary of PowerVC Standard Edition security fixes published March 12, 2015

A number of security exposure and corresponding fixes were published March 12, 2015 for PowerVC Standard Edition.

For your convenience, here is a list of the issues and links to related information.

    • IBM PowerVC Could Allow a Local Attacker to Read a Valid Access Token (CVE-2015-0136)IBM PowerVC could allow a local attacker to read a valid access token. The powervc-iso-import command internally calls another command to which it passes a valid access token as a command line argument. This token may be seen in the process table. Only PowerVC Express installations managing IVM and PowerVC Standard installations managing PowerKVM are affected.

The best way to stay informed of important PowerVC fixes is to subscribe via IBM My Notifications

Advertisements

About Jay Kruemcke

Jay has had more than twenty years of experience in the information technology industry. Starting from a rather humble beginning at IBM, Jay became a mainframe systems support programmer. Eventually Jay joined the AIX operating systems development team early in that product's development. Jay leveraged technical skills that he built in systems management to establish himself as a member of the IBM Austin Executive Briefing Center. His expertise in systems management with the SAP ERP system enabled his first product management role, as the owner of the Tivoli management product for SAP. Over the next three years he established that product as a success with the help of a strong development team. Jay returned to AIX in a product management position initially focusing on managing new requirements for the AIX operating system. Jay established himself as a subject manager expert in AIX and Power Systems virtualization and became a frequent guest at conferences around the world. Jay succumbed to the dark side and spent four years in IBM marketing in which he introduced AIX version 6 and AIX version 7 and many product innovations including the first every open beta program for an AIX release and a significant restructuring of the AIX offering structure and prices. Jay was part of the cloud software development organization and and focused on managing development engagements for clients deploying clouds using Power Systems servers with PowerVC and related products. In March of 2016, Jay retired from IBM and started in a new role as a product manager for SUSE, the Open Software company. Jay new focus is on enterprise Linux for POWER and ARM processor based systems. The postings on this site solely reflect the personal views of the author and do not necessarily represent the views, positions, strategies or opinions of my employer. Follow me on twitter @mr_sles, @cloudrancher and @chromeaix.
This entry was posted in AIX & Power Systems Blogroll, Cloud and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s