Hello,
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
Page 1 / 1
Hello,
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
It says:
>>> import hashlib >>> hashlib.sha3_224 <built-in function openssl_sha3_224>
A vulnerable Python version will say something like <class '_sha3.sha3_224'> instead of referencing openssl_sha3_224.
And if I do so, I receive <class '_sha3.sha3_224'>
python --version delivers:
Python 3.7.0 (tags/python-3.7.0-28-dirty:ea20976056, Dec 22 2020, 01:20:53) [C]
I have installed latest update with miniconda, but the result is still the same.
Python 3.7.0 (build 36, Apr 16 2021, 06:18:59) [C]
Hello,
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
Hi Jurgen,
The latest Miniconda (miniconda-zos-2.0-2022-01-17.run) contains Python 3.9.5 in the base environment:
$ pythonPython 3.7.0 is not supported anymore and will no longer get any security patches.
Python 3.9.5 (heads/pyz_dev-3.9:7cc8dd352f, Nov 2 2021, 05:50:11) on zos
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> hashlib.sha3_224
<built-in function openssl_sha3_224>
Hello,
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
Thank you for your information. I have updated miniconda to the new version and can confirm, that the vulnerability is fixed.
Regards Jürgen
Hello,
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
There is a new vulnerabilty CVE-2022-37454 for "Extended Keccak Code Package Project Extended Keccak Code Package vulnerabilities"
Does this affect any Rocket z/OS Tools?
Many Thanks!
Impact on the other z/OS ports within Rocket Open AppDev for Z is unknown and currently under analysis at high priority. Note that CVE fixes are made available immediately to customers on support contract and after a six month delay to all others. If you are entitled to support please open a case via the support portal to ensure you get a quick update should this vulnerability apply to one of the Open AppDev for Z ports.
Sign up
Already have an account? Login
Welcome to the Rocket Forum!
Please log in or register:
Employee Login | Registration Member Login | RegistrationEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.
77 4th Avenue
Waltham, MA 02451 USA
