We’d like to draw your attention to a security alert resulting from a reported buffer overflow vulnerability that the OpenSSL open source community disclosed for OpenSSl versions 3.0.0 – 3.0.6 which CP4D users may be running. 

Note: OpenSSL pre-announced on October 25, 2022, that OpenSSL 3.0.7 would fix a Critical vulnerability. Its vulnerability disclosure today downgraded the vulnerability to High.

IBM clients concerned about the applicability of this vulnerability to IBM products should, as with any other security vulnerability, continue to monitor IBM Product Security Central for product specific security bulletins and fixes.

For customers running legacy Netezza systems, OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

If you want any further information, feel free to contact us.

Roy Hammett
I am an IT consultant with 30 years experience in Data Warehousing and Data Analytics. I have written blog articles and website content for Smart Associates for the past 8 years, focusing on their range of products and services, data warehousing, data analytics, business intelligence, partner products and more.