The IBM Endpoint Manager team is releasing the 8.2 Patch 11 and 9.0 Patch 7 of the IBM Endpoint Manager platform. These new versions address security updates, including the POODLE vulnerability, and fixes from older versions of OpenSSL. The new patches use OpenSSL 0.9.8.zc.
IBM recommends upgrading whenever possible to take advantage of optimizations and bug fixes. Because these vulnerabilities are not of a critical nature, the upgrade should not be done in haste, but as part of a planned upgrade process.
Upgrade fixlets are available at BES Support since version 1198.
Here are some details of the patches:
9.0 Patch 7 (9.0.876.0)
Changelist
- Fixes for POODLE and OpenSSL security issues
- Fixes for general platform issues
The full technical changelist is available at http://support.bigfix.com/bes/changes/fullchangelist-90.txt.
A detailed description of the security vulnerabilities is available at http://www-01.ibm.com/support/docview.wss?uid=swg21692193.
Components Affected
All components (Server components, Console, Relays, Agents) are included in this update.
8.2 Patch 11 (8.2.1456.0)
Changelist
- Fixes for “POODLE” and OpenSSL security issues.
The full technical changelist is available at http://support.bigfix.com/bes/changes/fullchangelist-82.txt.
A detailed description of the security vulnerabilities is available at http://www-01.ibm.com/support/docview.wss?uid=swg21692194.
Components Affected
Only Server components are included in this patch.
This announcement was also made available via Endpoint Management blog via developerWorks.