Release note Tornaborate

Similar documents
Findings for

Barracuda Firewall Release Notes 6.5.x

Sentry Power Manager (SPM) Software Security

FinIntrusion Kit / Release Notes. FINFISHER: FinIntrusion Kit 4.0 Release Notes

WatchGuard Dimension v2.1.1 Update 3 Release Notes

Branch Repeater :51:35 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Brocade will no longer provide security updates as End of Life (EOL) was January 18, 2013.

McAfee Network Security Platform 8.1

Network Security Platform 8.1

SonicOS Release Notes

Network Security Platform 8.1

TECHNICAL NOTE Vidyo Server Security Update 18 for VidyoPortal, VidyoRouter, and VidyoGateway VIDYO

Barracuda Firewall Release Notes 6.6.X

AppSense DataNow. Release Notes (Version 4.0) Components in this Release. These release notes include:

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Security and network design

Amigopod Release Notes. Updating to Amigopod Document Overview. Overview of the Update Process. Verify the System s Memory Limit

Avocent Corporation ACS 6000 Advanced Console Server Release Notes Version November 10 th, 2010

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

SOURCEFIRE 3D SYSTEM RELEASE NOTES

Securing Remote Access to IT Resources

Network Security Platform 8.1

Securing Your Wireless LAN

vsphere Replication for Disaster Recovery to Cloud vsphere Replication 8.1

Wireless LAN Security. Gabriel Clothier

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

Scan Time Start time : Fri May 14 19:16: End time : Fri May 14 19:18:

Avaya Identity Engines Ignition Server Software Release 7.0.0

Plaintext-Recovery Attacks Against Datagram TLS

Ethernet Routing Switch 4800 Series Software Release

CYBER POWER SYSTEMS, INC. INTELLIGENT PDU FIRMWARE RELEASE NOTES V1.1.4 Page 1/7

Nessus Scan Report. Hosts Summary (Executive) Hosts Summary (Executive) Mon, 15 May :27:44 EDT

CA SiteMinder. Advanced Password Services Release Notes SP1

SonicOS Enhanced Release Notes

SonicOS Enhanced Release Notes

Web Self Service Administrator Guide. Version 1.1.2

Network Security Platform 8.1

McAfee Network Security Platform 8.3

Dominion SX Release Notes

MultiConnect rcell 100 Series Cellular Routers

Administering vrealize Log Insight. 05-SEP-2017 vrealize Log Insight 4.3

McAfee Network Security Platform 8.3

Block Cipher Modes of Operation

PGP(TM) Universal Server Version 3.2 Maintenance Pack Release Notes

Pulse Secure Desktop Client

Information Security CS 526

Release Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7

TECHNICAL NOTE Vidyo Server Security Update 7

SonicOS Enhanced Release Notes

Visualization Performance & Fault Manager

Cisco Expressway Cluster Creation and Maintenance

TLS (TRANSPORT LAYER SECURITY) PROTOCOL

Supported Web Browsers (Remote Web Client) Date February 2015

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

AppGate 11.0 RELEASE NOTES

Cyclades ACS 5000 Advanced Console Server Appliances Release Notes Version September 24 th 2010

NAM 6.3(2) Image Contents Upgrading to NAM 6.3(2) Verifying NAM 6.3(2) Image Installation Known Issues in Release 6.3(2)...

Replace Single Server or Cluster

McAfee Network Security Platform 8.3

RELEASE NOTE. System Data Manager SDM600 SDM600 Ver. 1.2 Service Pack 2

Network Security Platform 8.1

Transport Layer Security

jk0-022 Exam Questions Demo CompTIA Exam Questions jk0-022

CommandCenter Secure Gateway Release 3.0.2

Configuring the Cisco APIC-EM Settings

M!DGE/MG102i Release notes Firmware version xxx

Release Notes for Avaya WLAN 9100 Software Patch Release WLAN Release Notes

REMOTE MANAGEMENT CARD FIRMWARE RELEASE NOTES. Ver (Release Date: Apr. 03, 2018)

Release Notes for Snare Server v6 Release Notes for Snare Server v6

epldt Web Builder Security March 2017

Scan Report Executive Summary. Part 2. Component Compliance Summary Component (IP Address, domain, etc.):

Covert channels in TCP/IP: attack and defence

vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.5

Configuring Cisco TelePresence Manager

Securing VMware NSX MAY 2014

SOURCEFIRE SSL APPLIANCE RELEASE NOTES

McAfee Network Security Platform 9.1

05 - WLAN Encryption and Data Integrity Protocols

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

dctrack Version 6.1.1

Release Note of EPDU-B Ver (Release Date: 03/01/2016):

5G support tool V4.5 Installation Guide

HT801/HT802 Firmware Release Note IMPORTANT UPGRADING NOTE

Advanced Penetration Testing

System Security Features

Product Support Notice

View Upgrades. VMware Horizon 6 6.0

TLS 1.1 Security fixes and TLS extensions RFC4346

Karthik Bharathy Program Manager, SQL Server Microsoft

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

TLS1.2 IS DEAD BE READY FOR TLS1.3

CPM Quick Start Guide V2.2.0

Release Notes Version 7.8

Steel Belted Radius. Release Notes SBR 6.24 Build 1. Release, Build Published Document Version Build 1 May,

Release Notes Version 8.1

WLAN Release Notes. Release Notes for Avaya Wireless Orchestration System (WOS-E) Version Avaya Inc - External Distribution

CPM. Quick Start Guide V2.4.0

Activant Solutions Inc. SQL 2005: Server Management

July 2018 These release notes provide information about the The Privileged Appliance and Modules release.

Class Climate v6.0 Upgrade Guide The minimum version of Class Climate required before installing 6.0 is version 5.1 (Build 1950) or later.

Transcription:

Release note 1.2.6 Tornaborate 2015-09-10

Contents 1 Summary 4 2 Additional important information about this release 5 3 Upgrade 6 3.1 Prerequisites................................... 6 3.2 How to apply the patch............................. 6 3.2.1 Create a restore point.......................... 6 3.2.2 Checking if your IDAT is ready for the upgrade........... 7 3.2.3 Applying the upgrade.......................... 7 3.2.4 Validating the upgrade result...................... 9 4 Changes 10 4.1 Resolved Issues................................. 10 4.2 Implemented Features............................. 10 4.3 Known Issues................................... 10 2

List of Figures 3.1 Creating a snapshot............................... 6 3.2 Checking the previous release......................... 7 3.3 Uploading the patch file............................. 8 3.4 Waiting on the patch to be applied...................... 8 3.5 Refreshing the page............................... 9 3.6 Checking the target release: correct version displays after the upgrade. 9 3

1 Summary This software has been released on 2015-09-10. 4

2 Additional important information about this release If you upgrade a running system to this release, please note the following things: 1. After the migration, you may need to log in again because your session context might have been lost. 5

3 Upgrade The upgrade process will stop the processing of IDAT except the Syslog service which will still collect incoming Syslog messages from the Ignition server. The Syslog buffer can keep up to 1500 event authentication messages. All these buffered messages will be processed after the upgrade. The upgrade process requires between 15 second up to 5 minutes depend on hard disk IO performance. 3.1 Prerequisites IDAT patch file of the current release to be upgraded to has to be in place upfront. Please have a look at www.tornaborate.net/idat/ for more details. 3.2 How to apply the patch 3.2.1 Create a restore point Make a snapshot of your Virtual Machine (VM) as a potential restore point in case of any unpredicted issues. Figure 3.1: Creating a snapshot 6

3.2. HOW TO APPLY THE PATCH CHAPTER 3. UPGRADE Important NOTE Creating a backup file of the previous release will not yet be restorable on the IDAT release to be installed. That s why an ESXi snapshot is mandatory to have a safe restore point. 3.2.2 Checking if your IDAT is ready for the upgrade Login as administrator and check which current IDAT release runs on your Virtual Machine (VM). Figure 3.2: Checking the previous release 3.2.3 Applying the upgrade Load the new upgrade file like this: 7

3.2. HOW TO APPLY THE PATCH CHAPTER 3. UPGRADE 1. Select the Setup section 2. Select the Support section Figure 3.3: Uploading the patch file 3. Browse and pick up the target upgrade file IDAT_patch_... 4. Start loading and processing the upgrade Please monitor the upgrade process via WEB browser to make sure when it is finished. Figure 3.4: Waiting on the patch to be applied 8

3.2. HOW TO APPLY THE PATCH CHAPTER 3. UPGRADE 3.2.4 Validating the upgrade result To make sure that the upgrade is properly applied, please refresh the browser and log in again if you are requested to do so. Figure 3.5: Refreshing the page Figure 3.6: Checking the target release: correct version displays after the upgrade 9

4 Changes 4.1 Resolved Issues The following issues have been resolved in this issue: Item Content 656 Nessus 65821/CVE-2013-2566+CVE-2015-2808: Apache: disable SSL RC4 cipher suites The remote host supports the use of RC4 in one or more cipher suites. The RC4 cipher is flawed in its generation of a pseudo-random stream of bytes so that a wide variety of small biases are introduced into the stream, decreasing its randomness. 657 Nessus 70658/CVE-2008-5161: SSH: support Cipher Block Chaining (CBC) disabled The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext. 658 Nessus 71049: SSH: MD5 or 96-bit MAC disabled The SSH server is configured to allow either MD5 or 96-bit MAC algorithms, both of which are considered weak. 659 Nessus 77200/openSSL issues This bug covers these openssl incidents: 1) CVE-2010-5298 - ssl3_read_bytes function 2) CVE-2010-5298 - ECDSA flush+reload 3) CVE-2014-0195 - invalid DTLS fragment handling 4) CVE-2014-0198 - do_ssl3_write function 5) CVE-2014-0221 - DTLS handshake handling 6) CVE-2014-3470 - dtls1_get_message_fragment 662 TCP timestamps disabled in Linux Possible attackers may gain an impression of the uptime of a *nix based system. This can be used to guess the patch level of the operation system and exploit it afterwards. 663 Apache hardening Several apache webserver settings were optimized in order to make the IDAT as less vulnerable as possible. 4.2 Implemented Features The following features have been implemented in this release: Item Content 4.3 Known Issues The following issues are already known and will be fixed in one of the following releases: 10

4.3. KNOWN ISSUES CHAPTER 4. CHANGES Item Content 253 After upgrade by loading patch, the About message box still shows the old version. It needs a logout/login cycle to update the release. 617 "Change of system maintainer time" appears twice in auditlog and is UTC The change message appears twice in the auditlog. Also, the time is shown in already UTC converted time. 644 license management change to new concept The license structure change to this model order code type Radius-Srv Authenticators WLAN-9100 Aps Clients IDAT-0110 Basic (free) 1 5 75 500 IDAT-0120 Advanced 2 20 300 1.500 IDAT-0140 Professional 4 50 750 5.000 IDAT-0190 Enterprise 100 10.000 150.000 1.000.000 The license management have to cover WLAN-9100 Access Points form Avaya, which have to be separate counted as WLAN Authenticator. The enforcement is already implemented, is just the presentation missing. 649 About box content cleanup The about box shows Pure PHP radius which isn t used anymore. The line should be removed. 652 Avoid restore of newer DB backups to older systems Currently, it s still possible to load new database backups to old releases. 655 Expired licenses are not displayed In current releases, only non-expired licenses are displayed. 661 SNMPv3 access violation not well reported as clear error message If SNMPv3 configured and IDAT access a device configured with SNMPv2 only or if the user for SNMPv3 not exist on device, an error message is displayed which isn t well understandable. The message looks like this: 2015-09-02 06:39:27 127.0.0.1 err daemon dcollect: A-3487 SNMP 192.168.1.8 determineoid Received usmstatsunknownusernames.0 Report-PDU with value 272 during synchronization 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback