ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Security Patch: Status of NTAP-20160303-0001

parkea2
‎2017-10-18 02:01 AM
4,306 Views

 

Hi All

 

If I am reading this correctly there is still no published fixed for the Cluster ONTAP.  The dates are getting pretty close and our companiesclus security

compliance team are expecting this patched by end of Nov 2017

 

 

https://kb.netapp.com/support/s/article/march-2016-openssl-vulnerabilities-in-multiple-netapp-products?language=en_US

 

Have I missed an advisory update ?  or is that document correct and there is still no update available.

 

Rgds Andy

0 Kudos
View By:
Tags (2)
1 ACCEPTED SOLUTION

kryan
NetApp
‎2017-10-18 06:16 AM
4,276 Views

That security advisory will be updated today.

View solution in original post

0 Kudos
4 REPLIES 4

kryan
NetApp
‎2017-10-18 06:16 AM
4,277 Views

That security advisory will be updated today.

0 Kudos

sgrant
NetApp
‎2017-10-18 06:36 AM
4,270 Views

Hi Andy,

 

According to burt 992754, which covers the March 2016 OpenSSL Vulnerabilities in Clustered Data ONTAP these CVEs were first fixed in ONTAP 9.0 (these are not fixed in cDOT 8.3.2). However, as you state the KB article does not reflect this info.

 

 

Since there are other OpenSSH CVEs applicable to ONTAP, do your Security Team have any specific CVE number(s) they need fixed?

 

FYI burt 1008362, which covers the May 2016 OpenSSH Vulnerabilities: OpenSSH vulnerability in Clustered Data ONTAP are first fixed in ONTAP 9.1 (https://kb.netapp.com/support/s/article/may-2016-openssh-vulnerabilities-in-multiple-netapp-products?language=en_US).

 

Thanks,

Grant.

parkea2
‎2017-10-18 07:20 AM
In response to sgrant
4,255 Views

Hi

The advisory ID number is below, I suspect this is a internal number only:

 

Advisory ID: MSS-OAR-E01-2017:0111.3

Description:  NetApp: March 2016 OpenSSL Vulnerabilities in Multiple NetApp Products

 

It is mapped to a NETAPP advisory and CVE below:

 

NetApp Advisory Number

   NTAP-20160303-0001

  CVE

   CVE-2016-0703, CVE-2016-0704, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799,
   CVE-2016-0702, CVE-2016-0705

 

If the NETAPP advisory will be updates soon, then I am more then happy and I can response / patch as needed once I know at what ONTAP level I need to be at.

 

 

 

0 Kudos

kryan
NetApp
‎2017-10-18 07:21 AM
4,253 Views

https://security.netapp.com/advisory/ntap-20160519-0001/

 

The security advisory shows clustered ONTAP as fixed for those OpenSSH CVEs.

0 Kudos
Announcements
All Community Forums
Public