LANDESK Security and Patch News
- (27 October 2016) LANDESK has provided an update for the Cloud Service Appliance version 4.3 - CSA patch 180. This patch addresses the following issues.
The patch contains these fixes / enhancements:
- TFS 357895: Support for iOS DEP enrollment and support for eclipse curve ciphers required by Apple ATS.
- TFS 360822: Fix timezone setting problem
- Refresh RCClient and LDSupport executables
The Apple iOS Device Enrollment Program (DEP) enrollment for iOS devices upgraded from iOS 9.x to 10 .0 no longer works through the CSA due to changes in the TLS certificate exchange (on the Apple side). To continue supporting DEP enrollment through the CSA, it was decided to open a second TLS service port (next to 443) exclusively dedicated to DEP enrollment. That second port, dubbed the DEP service port, uses the weaker TLS settings needed for the DEP enrollment phase. The CSA ensures that only DEP enrollment communication flows through the DEP port, any other types of requests are being rejected.
In addition, the CSA now supports a limited set of TLS elliptic curve ciphers (ECDHE) which allows us to meet Apple ATS requirements and give the CSA a clean A rating by the Qualys SSL test.
The DEP port to be used by the device needs to be configured in the CSA UI (Gateway Service -> iOS DEP service port), following that, the CSA firewall needs to be opened for the DEP service (Security -> Trusted Services -> DEP checkbox).
Note that there is currently no way for the user to define his own DEP port number, the mobility team has predefined it to be 444.
This fix removes a longstanding problem with setting the CSA timezone through the CSA UI. The UI did set the OS's timezone but not the PHP CGI's, with the net effect that the next time the user returns to the date/time settings tab, the time was off by an variable amount of time (hrs/days) in either direction. With the fix, the PHP environment is now updated as well, and the system log is restarted with the correct local time.
The user-downloadable remote control executables have not been updated for awhile. The patch updates them to their current (2016.3) versions.
Each new CSA patch release will be a cumulative release of new and previous updates. There is no longer a need for prerequisite patch installs.
- Vulnerability ID – GSB431_180
- Vulnerability ID – N/A
New Patch Downloads
Where to Send Feedback
At LANDESK, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future. Please continue to provide feedback by contacting our local support organization.
LANDESK Product Support
Copyright © 2016 LANDESK Software. All rights reserved. LANDESK is either a registered trademark or trademark of LANDESK Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.
Information in this document is provided for information purposes only. The information presented here is subject to change without notice. This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDESK disclaims any liability with respect to this document and LANDESK has no responsibility or liability for any third party products of any content contained on any site referenced herein. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.LANDESK.com