LANDESK Patch News Bulletin: LANDESK has Provided an Update for CSA 4.3 - (Patch 177) 13-JUN-2016

Version 1

    LANDESK Security and Patch News

     

    Headlines

    • (13 June 2016) LANDESK has provided an update for the Cloud Service Appliance version 4.3 - CSA patch 177 This patch addresses the following issues.

     

     

    Patch 177 contains the following fixes:

    1. 303775: PHP library updated to version 5.5.35
    2. 313408: OpenSSL library updated to version 1.0.1e-48 to address CVE-2016-2108
    3. 313858: Fix malformed HTML documents
    4. 212067: Add ability to disable TLS 1.0 (See description below)
    5. 316451: Clickjacking prevention


    The CSA has a new drop-down field on the 'Gateway Service' menu to allow the customer to select the transport protocol level. The default selection is TLSv1.1. While we recommend that, for maximum security, the level be set to TLSv1.2, we have found during testing that some LDMS hosts do not support it. For this reason we have chosen TLSv1.1 as a 'safe' default.  A typical symptom of non-supporting hosts are  "Cannot connect to CSA" errors while trying to configure the CSA in the LDMS console. TLSv1.2 support requires .NET 4.5/4.6 components, typically delivered as optional patches in Windows Update. If those .NET patches are installed prior to LDMS installation, TLSv1.2 will usually work. If they are installed afterwards, communication with the CSA may still fail. In such cases, the following registry changes may help.

    Windows Registry Editor Version 5.00

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto"=dword:00000001

     

     

     

    Each new CSA patch release will be a cumulative release of new and previous updates. There is no longer a need for prerequisite patch installs.

     

    New Vulnerabilities

    • Vulnerability ID – GSB431_177


    Changed Vulnerabilities

    • Vulnerability ID – N/A


    New Patch Downloads

    • GSB431_177.tar.gz


    Where to Send Feedback

    At LANDESK, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

     

    Best regards,

    LANDESK Product Support

     

     

    Copyright © 2016 LANDESK Software.  All rights reserved. LANDESK is either a registered trademark or trademark of LANDESK Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

     

     

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDESK disclaims any liability with respect to this document and LANDESK has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.LANDESK.com