IBM warns of a critical security vulnerability in the AIX and VIOS operating systems. The vulnerability allows attackers to mess up the memory organization and, due to its severity, probably infiltrate and execute malicious code. IT managers should install the available updates now, the manufacturer urgently advises.
In IBM’s security announcement, the developers explain that AIX and VIOS rely on the package manager RPM. This in turn relies on SQLite and includes vulnerable versions before 3.50.2. This contains a security vulnerability that can lead to arbitrary memory access (CVE-2025-6965 / EUVD-2025-21441, CVSS 7.2, risk “high”).
In contrast to the categorization of the SQLite vulnerability, IBM rates the severity as a “critical” risk with a CVSS value of 9.8. AIX 7.2 and 7.3 as well as VIOS 3.1 and 4.1 are affected.
Apply updates quickly
IBM publishes updated RPM filesets that replace the vulnerable versions of “rpm.rte” from 4.15.1.1000 to 4.15.1.1016, 4.15.1.2000 to 4.15.1.2024, and 4.18.1.2000 to 4.18.1.2006. They are available for admins to download after logging in to IBM’s website. You can find out whether vulnerable filesets are installed on the system by calling lslpp -L | grep -i rpm.rte.
IBM also provides a tar archive containing the corrections for RPM. Before importing the updated versions, IBM recommends creating a system backup using mksysb and ensuring that it starts and is readable. The tar xvf rpm_fix4.tar command then unpacks the updates.
The individual AIX and VIOS versions should then be updated with the corresponding archive. Admins can obtain the RPM version for AIX 7.2 TL5 by calling tar xvf rpm_fix4/rpm_41511017.tar, for AIX 7.3 TL1 with tar xvf rpm_fix4/rpm_41512015.tar and for AIX 7.3 TL2, TL3 and VIOS 4.1 with the command tar xvf rpm_fix4/rpm_41812007.tar. This is followed by another call to apply the update. installp -apYd . rpm simulates an installation run, while installp -aXYd . rpm then executes it.
Admins with IBM’s AIX and VIOS recently had to plug a security hole. At the end of September, root attacks on the operating systems were possible as a result.
(dmk)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
Dieser Link ist leider nicht mehr gültig.
Links zu verschenkten Artikeln werden ungültig,
wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Sie benötigen ein heise+ Paket, um diesen Artikel zu lesen. Jetzt eine Woche unverbindlich testen – ohne Verpflichtung!