Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only
  • 1.  curl security vulnerability fix on AIX toolbox

    Posted Thu February 07, 2019 05:31 AM

    Originally posted by: sanket


     

    curl-7.62.0-1.aix6.1.ppc.rpm is now available on AIX toolbox.

    This version of curl has fixes for following security vulnerabilities.

    CVE-2018-16842
    CVE-2018-16840

    CVE-2018-16839

     

    You can also use YUM to update to this versions of curl from AIX toolbox repository

     

     

     


    #AIXOpenSource
    #AIX-Open-Source-Software


  • 2.  Re: curl security vulnerability fix on AIX toolbox

    Posted Thu April 11, 2019 06:47 PM

    Originally posted by: james.franznick


    Looks like a dependency issue with 7.64

    # rpm -Uhv curl-7.62.0-1.aix6.1.ppc.rpm
    curl                        ##################################################

    # rpm -Uhv curl-7.64.0-1.aix6.1.ppc.rpm
    error: failed dependencies:
            libcrypto.a(libcrypto.so.1.0.2) is needed by curl-7.64.0-1
            libssl.a(libssl.so.1.0.2) is needed by curl-7.64.0-1

     

     


    #AIX-Open-Source-Software
    #AIXOpenSource


  • 3.  Re: curl security vulnerability fix on AIX toolbox

    Posted Thu April 11, 2019 08:54 PM

    Originally posted by: Ravikanth.sh


    Hi James, Seems you are using older openssl. You need to update your openssl file set to the latest level i.e 1.0.2.1601 which is available on aix media.

    Link to download openssl file set: https://www-01.ibm.com/marketing/iwm/iwm/web/dispatcher.do?source=aixbp

    Run command "updtvpkg" after installation.

    Then install/update curl-7.64.0-1.


    #AIX-Open-Source-Software
    #AIXOpenSource


  • 4.  Re: curl security vulnerability fix on AIX toolbox

    Posted Fri April 12, 2019 11:32 AM

    Originally posted by: james.franznick


    Good to know. I had the 1601 version installed but needed to run updtvpkg

    # updtvpkg
    Please wait...

    # rpm -Uhv /nim/RPMS_IBM/curl/curl-7.64.0-1.aix6.1.ppc.rpm
    curl                        ##################################################

     


    #AIX-Open-Source-Software
    #AIXOpenSource