Domino 9.0.1 FP2 IF3

DESCRIPTION:
IBM Domino could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections. Note that Interim Fixes are cumulative and contain all of the fixes from previous versions.

IBM Security Bulletin
Fix Central

IBM Domino – POODLE attack and what is the solution?

IBM intends to release Domino server Interim Fixes over the next several weeks that implement TLS 1.0 with TLS_FALLBACK_SCSV for HTTP to protect against the POODLE attack. Implementing TLS 1.0 for Domino will protect against the POODLE attack and will allow browsers to still connect to Domino after they have been changed to address the POODLE attack.

IBM will provide Interim Fixes for the following Domino releases:

    • 9.0.1 Fix Pack 2
    • 9.0
    • 8.5.3 Fix Pack 6
    • 8.5.2 Fix Pack 4
    • 8.5.1 Fix Pack 5

Source: IBM Technote

Rometty and IBM’s disappointing quarterly earnings

So on Monday, Rometty and CFO Martin Schroeter had to tell Wall Street that they would not hit the target.

“Given our third-quarter performance, the actions we’re taking and with only 15 months till the end of 2015, we no longer expect to deliver $20 operating earnings per share in 2015,” Schroeter said on the quarterly conference call.

A huge IBM selloff followed the news, and the shares dropped 7% in heavy volume. Some analysts on the call then questioned if IBM was in a “crises.”

But here’s the thing.

This could really be good news for IBM and Rometty. She’s no longer jumping through hoops to meet an arbitrary EPS number selected by the previous CEO, from a tactic that made sense in 2007.

Source: Business Insider

 

Planned SHA-2 deliveries

SHA-2 support for Domino 9.x is planned to be delivered over the next several weeks via an Interim Fix.

  • With this Interim Fix, Domino administrators will be able to configure Domino 9.x to use a SHA-2 certificate over HTTP, SMTP, LDAP, POP, and IMAP. With a SHA-2 certificate in place, users will be able to use a browser to connect to iNotes, XPages, traditional Domino Web apps, and Sametime (based on Domino HTTP).
  • Once the Interim Fix is applied, browser users will not receive a security alert since Domino will be configured with SHA-2. Domino administrators will be able to import a 3rd-party SHA-2 cert or generate SHA-2 certs with the Domino Administrator client with Domino 9.x running the Interim Fix on all supported platforms.
  • As mentioned in the above section, the cryptographic infrastructure needed to provide these features was new to Domino 9.x. For this reason, we will not be able to support SHA-2 on Domino 8.5.x.

Source: IBM Technote

JVMPatch released for IBM Domino and Notes 9.0.1 Fp2 and 8.5.3 FP6

Source: IBM