Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All
If I am reading this correctly there is still no published fixed for the Cluster ONTAP. The dates are getting pretty close and our companiesclus security
compliance team are expecting this patched by end of Nov 2017
Have I missed an advisory update ? or is that document correct and there is still no update available.
Rgds Andy
Solved! See The Solution
1 ACCEPTED SOLUTION
parkea2 has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That security advisory will be updated today.
4 REPLIES 4
parkea2 has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That security advisory will be updated today.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Andy,
According to burt 992754, which covers the March 2016 OpenSSL Vulnerabilities in Clustered Data ONTAP these CVEs were first fixed in ONTAP 9.0 (these are not fixed in cDOT 8.3.2). However, as you state the KB article does not reflect this info.
Since there are other OpenSSH CVEs applicable to ONTAP, do your Security Team have any specific CVE number(s) they need fixed?
FYI burt 1008362, which covers the May 2016 OpenSSH Vulnerabilities: OpenSSH vulnerability in Clustered Data ONTAP are first fixed in ONTAP 9.1 (https://kb.netapp.com/support/s/article/may-2016-openssh-vulnerabilities-in-multiple-netapp-products?language=en_US).
Thanks,
Grant.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
The advisory ID number is below, I suspect this is a internal number only:
Advisory ID: MSS-OAR-E01-2017:0111.3
Description: NetApp: March 2016 OpenSSL Vulnerabilities in Multiple NetApp Products
It is mapped to a NETAPP advisory and CVE below:
NetApp Advisory Number NTAP-20160303-0001 CVE CVE-2016-0703, CVE-2016-0704, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0702, CVE-2016-0705
If the NETAPP advisory will be updates soon, then I am more then happy and I can response / patch as needed once I know at what ONTAP level I need to be at.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
https://security.netapp.com/advisory/ntap-20160519-0001/
The security advisory shows clustered ONTAP as fixed for those OpenSSH CVEs.