IBM(R) Security Access Manager Web Gateway Appliance, 
Patch  7.0.0-ISS-WGA-IF0011 README
===============================================================================

(C) Copyright International Business Machines Corporation 2015. All rights
reserved. U.S. Government Users Restricted Rights -- Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

NOTE:  Before using this information and the product it supports,
       read the general information under "NOTICES" in this document.

DATE:  Monday, 9 March 2015
-------------------------------------------------------------------------------

    CONTENTS

    1.0 ABOUT THIS PATCH
       1.1 Patch contents
       1.2 Patches superseded


    2.0 APARS AND DEFECTS FIXED
       2.1 Problems fixed by Patch 7.0.0-ISS-WGA-IF0011


    3.0 BEFORE YOU INSTALL THIS PATCH
       3.1 Create a snapshot of the existing appliance configuration


    4.0 INSTALLING THIS PATCH
       4.1 Installing this Interim Fix.
    
    5.0 UNINSTALLING THIS PATCH
  
    6.0 AFTER YOU INSTALL THIS PATCH

    7.0 DOCUMENTATION UPDATES

    8.0 SOFTWARE LIMITATIONS

    9.0 KNOWN PROBLEMS AND WORKAROUNDS

   10.0 NOTICES
       10.1 Trademarks


*****************************************************************************
*****************************************************************************

1.0 ABOUT THIS PATCH
--------------------
 This patch package contains a security vulnerability fixes that applies
 on top of 7.0.0.11 for Web Gateway appliance, please upgade to this patch level 
 before applying this interim fix.

1.1 Patch contents

 This patch package contains:

    - This README file.
    - ghost_fix.fixpack file.


1.2 Patches superseded

 Patches superseded by this patch:

     None


2.0 APARS AND DEFECTS FIXED
---------------------------
 Because patches are cumulative, this patch corrects all the problems
 outlined in the following sections.


2.1 Problems fixed by Patch 7.0.0-ISS-WGA-IF0011


CVEID: CVE-2015-0138

DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations
could allow a remote attacker to downgrade the security of certain
SSL/TLS connections. An IBM SSL/TLS client implementation could accept
the use of an RSA temporary key in a non-export RSA key exchange
ciphersuite. This could allow a remote attacker using man-in-the-middle
techniques to facilitate brute-force decryption of TLS/SSL traffic
between vulnerable clients and servers. This vulnerability is also
known as the FREAK attack. 


3.0 BEFORE YOU INSTALL THIS PATCH
--------------------------------
 This is a stand-alone patch which should only be applied on top of the latest
 published patch i.e. 7.0.0.11 for Web Gateway appliance.
 Before you install this patch, review the following prerequisites and
 dependencies.


3.1 Create a snapshot of the existing appliance configuration

 Before you apply the firmware update to the appliance, it is best to take a 
 snapshot of the current configuration. Perform  the following steps in the 
 local management interface to create a snapshot:

   1. Log on to the local management interface.
   2. Select Manage System Settings -> Snapshots from the menu.
   3. Select New to create the snapshot and give the snapshot an 
      appropriate name.
   4. Select the newly created snapshot, click Download, and save 
      the snapshot on a local drive.


4.0 INSTALLING THIS PATCH
-------------------------
 NOTE: Before you install this patch, be sure that you have completed the 
       backup procedure in section 3.0, "BEFORE YOU INSTALL THIS PATCH".

4.1 Installing this Interim Fix:

  Before you begin:
  The appliance does not automatically create a backup copy of a partition 
  when you apply a fix pack to it. If you want to back up your partition 
  before you apply the fix pack, then you must do it manually.

  About this task:
  Fix packs are applied to the current partition. If a fix pack is installed 
  on your appliance, you can view information about who installed it, comments, 
  patch size, and the installation date.

  Procedure:

    Click Manage, and then click Fix Packs.
    In the Fix Packs pane, click New.
    In the Add Fix Pack window, click Browse to locate the fix pack file, and 
    then click Open.
    Click Submit to install the fix pack.


5.0 UNINSTALLING THIS PATCH

 1. Log into either console or using an SSH terminal to the appliance that
    the fix pack has been applied. 
 2. Type fixpacks and press the enter key. 
 3. Type "rollback" and press the enter key.


6.0 AFTER YOU INSTALL THIS PATCH
  None

7.0 DOCUMENTATION UPDATES
-------------------------

 The product documentation for IBM Security Access Manager Web Gateway
 Appliance, Version 7.0, is in the product Information Center at the following 
 web address (entered as one line):

 http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.isam.doc_70/appliance.html


8.0 SOFTWARE LIMITATIONS
------------------------

 None.



9.0 KNOWN PROBLEMS AND WORKAROUNDS
------------------------------------------------

 None.


10.0 NOTICES 
--------------------

This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this 
document in other countries. Consult your local IBM representative for 
information on the products and services currently available in your area. Any 
reference to an IBM product, program, or service is not intended to state or 
imply that only that IBM product, program, or service may be used. Any 
functionally equivalent product, program, or service that does not infringe 
any IBM intellectual property right may be used instead. However, it is the 
user's responsibility to evaluate and verify the operation of any non-IBM 
product, program, or service.

IBM may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:

IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte character set (DBCS) information,
contact the IBM Intellectual Property Department in your country or send
inquiries, in writing, to:

Intellectual Property Licensing
Legal and Intellectual Property Law
IBM Japan, Ltd.
19-21, Nihonbashi-Hakozakicho, Chuo-ku
Tokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any other
country where such provisions are inconsistent with local law :
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS
PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certain
transactions, therefore, this statement might not apply to you.
This information could include technical inaccuracies or typographical errors.
Changes are periodically made to the information herein; these changes will be
incorporated in new editions of the publication. IBM may make improvements
and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for
convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this 
IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it
believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose
of enabling: (i) the exchange of information between independently created
programs and other programs (including this one) and (ii) the mutual use of the
information which has been exchanged, should contact:

IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions,
including in some cases payment of a fee.

The licensed program described in this document and all licensed material
available for it are provided by IBM under terms of the IBM Customer Agreement,
IBM International Program License Agreement or any equivalent agreement
between us.

Any performance data contained herein was determined in a controlled
environment. Therefore, the results obtained in other operating environments may
vary significantly. Some measurements may have been made on development-level
systems and there is no guarantee that these measurements will be the same on
generally available systems. Furthermore, some measurement may have been
estimated through extrapolation. Actual results may vary. Users of this document
should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of
those products, their published announcements or other publicly available 
sources.  IBM has not tested those products and cannot confirm the accuracy of
performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the
suppliers of those products.

All statements regarding IBM's future direction or intent are subject to 
change or withdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are 
subject to change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is 
subject to change before the products described become available.

This information contains examples of data and reports used in daily business
operations. To illustrate them as completely as possible, the examples include 
the names of individuals, companies, brands, and products. All of these names 
are fictitious and any similarity to the names and addresses used by an actual 
business enterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, which
illustrate programming techniques on various operating platforms. You may copy,
modify, and distribute these sample programs in any form without payment to IBM,
for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating
platform for which the sample programs are written. These examples have not
been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or
imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to
IBM for the purposes of developing, using, marketing, or distributing 
application programs conforming to IBM's application programming interfaces.

Each copy or any portion of these sample programs or any derivative work, must
include a copyright notice as follows:
© (your company name) (year). Portions of this code are derived from IBM Corp.
Sample Programs. © Copyright IBM Corp. _enter the year or years_. All rights
reserved.

If you are viewing this information in softcopy form, the photographs and color
illustrations might not be displayed.

10.1 Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of
International Business Machines Corp., registered in many jurisdictions 
worldwide.  Other product and service names might be trademarks of IBM or 
other companies.  A current list of IBM trademarks is available on the Web 
at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered
trademarks or trademarks of Adobe Systems Incorporated in the United States,
other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer and
Telecommunications Agency which is now part of the Office of Government
Commerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel 
Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium 
are trademarks or registered trademarks of Intel Corporation or its 
subsidiaries in the United States and other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, 
or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of
Microsoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the 
Office of Government Commerce, and is registered in the U.S. Patent and 
Trademark Office.

UNIX is a registered trademark of The Open Group in the United States and 
other countries.
Java and all Java-based trademarks and logos are trademarks or registered
trademarks of Oracle and/or its affiliates.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the
United States, other countries, or both and is used under license therefrom.

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are
trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

 
 End of IBM Security Access Manager Web Gateway Appliance, Patch 7.0.0.11-ISS-WGA-IF0011 README