The following is a description of the modifications to the IBM SDN VE
Unified Controller since 1.2.2.

Symptom:
IBM SDN for Virtual Environments is affected by vulnerabilities in GNU Libc.
(CVE-2015-0235)

Resolution:
The gethostbyname functions of the GNU C Library (glibc) are vulnerable to a 
buffer overflow. By sending a specially crafted, but valid hostname argument, 
a remote attacker could overflow a buffer and execute arbitrary code on the 
system with the privileges of the targeted process or cause the process to 
crash. The impact of an attack depends on the implementation details of the 
targeted application or operating system. This issue is being referred to as 
the "Ghost" vulnerability. IBM SDN VE for Virtual Environments has patched
the GNU libc library to fix this vulnerability.

Symptom:
IBM SDN for Virtual Environments is affected by vulnerabilities in OpenSSL
related to the DTLS protocol (CVE-2014-3571, CVE-2015-0206)

Resolution:
OpenSSL has been upgraded to fix these vulnerabilities.

Symptom:
IBM SDN for Virtual Environments is affected by vulnerabilities in OpenSSL
(CVE-2014-3572, CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570)

Resolution
OpenSSL has been upgraded to fix these vulnerabilities.