Now that 10.5.0.12 shipped today
https://www.ibm.com/support/pages/fix-packs-datapower-gateway-1050x
10.5.0.12 and 10.6.0.0 contain many CVE fixes, including CVE-2024-1086, which is handled by this APAR:
(UPDATE KERNEL TO ADDRESS MULTIPLE CVES)
https://www.ibm.com/support/pages/apar/IT46276
------------------------------
Hermann Stamm-Wilbrandt
Compiler Level 3 support, IBM DataPower Gateways
IBM
Boeblingen
------------------------------
Original Message:
Sent: Mon June 10, 2024 10:51 AM
From: Joseph Morgan
Subject: Is Datapower vulnerable to CVE-2024-1086?
Yes. DataPower is somewhat based on Linux, especially WRT commands. However, the underlying Kernel likely uses quite a bit more, the extent of which only the IBM folks will know.
We'll have to wait for them, and, as we all know, IBM won't announce it if DataPower is vulnerable until they have a firmware available for us to upgrade.
------------------------------
Joseph Morgan
Original Message:
Sent: Mon June 10, 2024 06:07 AM
From: John Parker
Subject: Is Datapower vulnerable to CVE-2024-1086?
I think that Datapower uses a stripped down version of Linux.
------------------------------
John Parker
Original Message:
Sent: Sun June 09, 2024 01:02 AM
From: Jim T.
Subject: Is Datapower vulnerable to CVE-2024-1086?
My understanding is that CVE-2024-1086 is a Linux kernel vulnerability. I don't understand how DataPower would be exposed to that.
------------------------------
Jim T.
Original Message:
Sent: Thu June 06, 2024 06:12 AM
From: John Parker
Subject: Is Datapower vulnerable to CVE-2024-1086?
Hey folks,
Is Datapower vulnerable to CVE-2024-1086? Is there a firmware update that mitigates it? I'm running IDG.10.5.0.11
Thanks!
------------------------------
John Parker
------------------------------