• Welcome to InfoExpress Support Forums. Please login or sign up.
 

Cybergatekeeper 9.1 : Cumulative security patch available

Started by Zeeshan, August 18, 2015, 07:18:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Zeeshan

August 18, 2015, 07:18:47 AM Last Edit: November 16, 2015, 09:47:39 AM by Mike Bobbitt
Use of this document and web site are governed by the Terms and Conditions of Use for InfoExpress's web site.

CGS 9.1 Security Patch available

We are pleased to announce the availability of a cumulative patch for 9.1 CGS.
It includes all fixes and updates released independently earlier + newer updates and fixes.

The patch contains the following fixes / updates.

BUG-00187   Fixed "Hardware CGS appliance can be queried using 'public' community string, doesn't matter whether it is configured or not on the appliance. Hardware CGS appliance cannot be queried with any configured community string"   
BUG-00452   Fixed "CGBackup breaks NIC assignments on CGS"   
BUG-00471   Changed cgpold to process correctly policies that have space charaters in the file name.   
BUG-00485   Changed cgpold to process correctly empty files. Updated cgpold to process logs written by vsFTPd for new policy upload.   
BUG-00509   Allowed admin account to ftp in    
BUG-00521   Fixed console SSL errors from webby   
BUG-00682   Fixed typo in SNMP code for CPU usage   
BUG-02809   Fixed "CGS Inline cannot pass through traffic for compliant endpoint"   
BUG-02840   Fixed "Ported over 11698 OID for correct snmp walk behavior"   
BUG-02847   Fixed the slow outbound Syslog issue   
BUG-X0001   Fixed "Webby gets high CPU & prints 'can't accept:Too many open files' messages"
BUG-X0002   Fixed "CGS stops accepting connections"   
FEA-00670   Added patch history spport   
VUL-00686   Fixed "Downgrade to export ciphers (CVE-2015-0204)"   
VUL-12217   Fixed "DNS server cache snooping remote information disclosure"   
VUL-35372   Fixed "DNS server dynamic update record injection"   
VUL-70658   Fixed "SSH Server CBC Mode Ciphers Enabled (CVE-2008-5161)"   
VUL-71049   Fixed "SSH Weak MAC Algorithms Enabled"   
VUL-71783   Fixed "NTP monlist Command Enabled (CVE-2013-5211)"   
VUL-77200   Fixed "OpenSSL 'ChangeCipherSpec' MiTM Vulnerability"   
VUL-77857   Fixed "Bourne Again Shell (Bash) Remote Code Execution Vulnerability (CVE-2014-7169)"   
VUL-78479   Fixed "SSL 3.0 fallback - POODLE (CVE-2014-3566)"

Customers are advised to update their CGS with this patch from the following link.

Download Cumulative Patch

Please note:  updating cybergatekeeper appliance would require a reboot. You might want to consider your maintenance window to install the update

Related Technotes


Use of this document and web site are governed by the Terms and Conditions of Use for InfoExpress's web site.