IBM Security Network Protection 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004 README ======================================================================== Readme file for: IBM Security Network Protection Firmware 5.1.1 All-Models-Hotfix 0004 Product/Component Release: 5.1.1.0 Update Name: 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004 PatchID: 1909 Platforms: XGS Publication date: May 30, 2014 Last Modification date: May 30, 2014 Copyright IBM Corporation 2014. Read this document in its entirety. ======================================================================== CONTENTS ======================================================================== * Description * Compatibility and Prerequisites * Known Issues * Installation information * Files included in this update * Contacting IBM Support * Copyright and trademark ======================================================================== DESCRIPTION ======================================================================== NOTE: A reboot is required for the changes made by the fix pack to apply. Also, you should clear the browser cache on any browsers used to manage the appliance. Fixes a vulnerability to CVE-2014-0963 that is caused by rapidly increasing CPU utilization due to the handling of certain SSL messages. Previous fixes: Authentication security improvement. Disabling protection ports prior to port pair for SSL inspection prevents any SSL inspection from occurring. mesa_eventsd did not get restarted after crashing. XGS appliance does not report up to SiteProtector when the firmware level is out of date. Fix Outbound SSL vulnerabilities to CVE-2014-0160 and CVE-2014-0076. Fix Ruby vulnerabilities regarding CVE-2013-4164 and CVE-2013-4492. Fix a possible LMI lockup when trying to display the Top Ten Events graph. Update the appliance statistics collection process to prevent a crash when generating a support file. Update the appliance SiteProtector communication process to properly inform SiteProtector of the health status of the space available on the root partition. Update the appliance remote syslog event generator to prevent a crash when generating QRadar formatted events that have large name-value pairs. Fix for enabling promiscuous mode for monitoring and HA mirror protection interfaces after an appliance reboot. Address an issue where security events are lost on the way to SiteProtector and local event database. When filtering an IPS Policy using multiple boolean filters, the filters can behave unexpectedly and fail to work as intended by the user. It is necessary to clear your browser cache after this fix is applied. Fix a crash in the inspection process due to memory corruption. A reboot is necessary for this fix to apply after installing the fix pack. Fix the matching of events generated over SSL MITM so that IPS objects other than the default IPS Object will match. A reboot is necessary for this fix to apply after installing the fixpack. Fix LMI pages so that they will render correctly in Google Chrome v30. Fix an issue that results in a Reset instead of Block page with SSL decryption and Web Apps. Fix an issue that resulted in dropped TCP connections that had been established before packet processing was started. Fix an issue where the XGS doesn't block exploit code contained in PDF documents transferred via HTTPS. Fix a random resource leak in the analysis engine. Fix a issue with the default IPS Policy not properly enabling the default IPS objects. Fix a rare network packet buffer leak. Fix an issue where the unanalyzed policy setting is not taken into account when flushing the packet queue. ======================================================================== COMPATIBILITY AND PREREQUISITES ======================================================================== This update is only compatible with the IBM Security Network Protection firmware 5.1.1. It can be applied on top of any previously installed fix pack. MD5 checksum calculation: - f7a151b0a6b01d03f0148634cf2a6960 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004.fixpack ======================================================================== KNOWN ISSUES ======================================================================== There are no known issues with this patch. ======================================================================== INSTALLATION INFORMATION ======================================================================== To apply fix pack through LMI 1) Go to Manage System Settings --> Updates and Licensing --> Fix Packs 2) Click +New 3) Browse for fix pack file: - 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004.fixpack 4) Click Save Configuration 5) Reboot Appliance and clear Browser cache on any browser used to manage appliance To apply fix pack through USB port of XGS 1) Copy fix pack file into a USB device: - 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004.fixpack 2) Connect USB device onto XGS in which you want to apply fix pack 3) ssh to XGS appliance - ssh admin@XXX.XXX.XXX.XXX 4) Type fix pack, press enter 5) Type install, press enter 6) Confirm USB device is inserted by typing YES and pressing enter ======================================================================== FILES INCLUDED IN THIS UPDATE ======================================================================== 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004.zip | |--5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004.fixpack | | | |--5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0004-Readme.txt ======================================================================== CONTACTING IBM SUPPORT ======================================================================== To Contact IBM Support Worldwide Phone: Call IBM Support by selecting phone number from this location: http://www.ibm.com/planetwide When prompted for type of support, select option 2 for Software Support You will need to provide your IBM Customer Number (ICN) Electronically: Go to http://www.ibm.com/legal/copytrade.shtml and open a new service request =========================================================================== COPYRIGHT AND TRADEMARK =========================================================================== Copyright and trademark information http://www.ibm.com/legal/copytrade.shtml Notices INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Microsoft, Windows, and Windows Server are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Other company, product, or service names may be trademarks or service marks of others. *THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION* See the license agreement for this product for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions: * the Excluded Components are provided on an "AS IS" basis * IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * IBM will not be liable to you or indemnify you for any claims related to the Excluded Components * IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components. ===========================================================================