LANDESK Security and Patch News
- (12 August 2016) LANDESK has provided an update for the Cloud Service Appliance version 4.3 - CSA patch 178. This patch addresses the following issues.
- 327834: The CSA still shows up as vulnerable to CVE-2016-2107 (Qualys SSL Labs). Patch 177 replaced the shared OpenSSL library but did not replace a statically linked copy.
- 322168: The blocked client certificates list shows an incorrect 'created' column. The fix will insert the current time when a cert is added to the list.
- 329849: Protect the PHP scripts against HTTPoxy (sic!) attacks CVE-2016-5385 by intercepting "Proxy" HTTP header properties.
- 209318: Third-party certificates do not work in FIPS 140-2 mode and cause the CSA to become inoperable. After applying patch 178, third-party certificates need to be reinstalled before switching to FIPS mode. Don't reverse that order!
Each new CSA patch release will be a cumulative release of new and previous updates. There is no longer a need for prerequisite patch installs.
- Vulnerability ID – GSB431_178
- Vulnerability ID – N/A
New Patch Downloads
Where to Send Feedback
At LANDESK, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future. Please continue to provide feedback by contacting our local support organization.
LANDESK Product Support
Copyright © 2016 LANDESK Software. All rights reserved. LANDESK is either a registered trademark or trademark of LANDESK Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.
Information in this document is provided for information purposes only. The information presented here is subject to change without notice. This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDESK disclaims any liability with respect to this document and LANDESK has no responsibility or liability for any third party products of any content contained on any site referenced herein. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.LANDESK.com