https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135378#M29724 <P><A href="https://security.netapp.com/advisory/ntap-20160519-0001/" target="_blank">https://security.netapp.com/advisory/ntap-20160519-0001/</A></P><P>&nbsp;</P><P>The security advisory shows clustered ONTAP as fixed for those OpenSSH CVEs.</P> Wed, 18 Oct 2017 14:21:38 GMT kryan 2017-10-18T14:21:38Z https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135362#M29717 <P>&nbsp;</P><P>Hi All</P><P>&nbsp;</P><P>If I am reading this correctly there is still no published fixed for the Cluster ONTAP.&nbsp; The dates are getting pretty close and our companiesclus security</P><P>compliance team are expecting this patched by end of Nov 2017</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://kb.netapp.com/support/s/article/march-2016-openssl-vulnerabilities-in-multiple-netapp-products?language=en_US" target="_blank">https://kb.netapp.com/support/s/article/march-2016-openssl-vulnerabilities-in-multiple-netapp-products?language=en_US</A></P><P>&nbsp;</P><P>Have I missed an advisory update ?&nbsp; or is that document correct and there is still no update available.</P><P>&nbsp;</P><P>Rgds Andy</P> Wed, 04 Jun 2025 14:28:37 GMT https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135362#M29717 parkea2 2025-06-04T14:28:37Z https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135372#M29721 <P>That security advisory will be updated today.</P> Wed, 18 Oct 2017 13:16:44 GMT https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135372#M29721 kryan 2017-10-18T13:16:44Z https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135373#M29722 <P>Hi Andy,</P><P>&nbsp;</P><P>According to burt 992754, which covers the&nbsp;<SPAN>March 2016 OpenSSL Vulnerabilities in Clustered Data ONTAP these CVEs were&nbsp;first fixed in ONTAP 9.0 (these are not fixed in cDOT 8.3.2).&nbsp;</SPAN>However, as you state the KB article does not reflect this info.</P><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>Since there are other OpenSSH CVEs applicable to ONTAP, do your Security Team have any specific CVE number(s) they need fixed?</SPAN></P><P>&nbsp;</P><P><SPAN>FYI burt 1008362, which covers the May 2016 OpenSSH Vulnerabilities: OpenSSH vulnerability in Clustered Data ONTAP are first fixed in ONTAP 9.1 (<A href="https://kb.netapp.com/support/s/article/may-2016-openssh-vulnerabilities-in-multiple-netapp-products?language=en_US" target="_blank">https://kb.netapp.com/support/s/article/may-2016-openssh-vulnerabilities-in-multiple-netapp-products?language=en_US</A>).</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks,</SPAN></P><P><SPAN>Grant.</SPAN></P> Thu, 19 Oct 2017 15:09:59 GMT https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135373#M29722 sgrant 2017-10-19T15:09:59Z https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135377#M29723 <P>Hi</P><P>The advisory ID number is below, I suspect this is a internal number only:</P><P>&nbsp;</P><P>Advisory ID: MSS-OAR-E01-2017:0111.3</P><P>Description:&nbsp; NetApp: March 2016 OpenSSL Vulnerabilities in Multiple NetApp Products</P><P>&nbsp;</P><P>It is mapped to a NETAPP advisory and CVE below:</P><P>&nbsp;</P><PRE>NetApp Advisory Number NTAP-20160303-0001 CVE <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703" target="_blank">CVE-2016-0703</A>, <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704" target="_blank">CVE-2016-0704</A>, <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797" target="_blank">CVE-2016-0797</A>, <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798" target="_blank">CVE-2016-0798</A>, <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799" target="_blank">CVE-2016-0799</A>, <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702" target="_blank">CVE-2016-0702</A>, <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705" target="_blank">CVE-2016-0705</A></PRE><P>&nbsp;</P><P>If the NETAPP advisory will be updates soon, then I am more then happy and I can response / patch as needed once I know at what ONTAP level I need to be at.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 18 Oct 2017 14:20:06 GMT https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135377#M29723 parkea2 2017-10-18T14:20:06Z https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135378#M29724 <P><A href="https://security.netapp.com/advisory/ntap-20160519-0001/" target="_blank">https://security.netapp.com/advisory/ntap-20160519-0001/</A></P><P>&nbsp;</P><P>The security advisory shows clustered ONTAP as fixed for those OpenSSH CVEs.</P> Wed, 18 Oct 2017 14:21:38 GMT https://community.netapp.com/t5/ONTAP-Discussions/Security-Patch-Status-of-NTAP-20160303-0001/m-p/135378#M29724 kryan 2017-10-18T14:21:38Z