IBM Information for VU#888801

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Status

Affected

Vendor Statement

The AIX operating system does not ship with SSL. However, SSL is available for installation on AIX from the Linux Affinity Toolbox.

The Linux Affinity Toolbox contains OpenSSL 0.9.6g-3 which is not vulnerable to the issues discussed in CERT Vulnerability Note VU#888801 and any advisories which follow.

Users using an earlier version of OpenSSL should download the most recent version as soon as possible.

The Linux Affinity Toolbox is available at:

http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html

This software is offered on an "as-is" and is unwarranted.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.