IBM Support

Proventia Network Intrusion Prevention System 4.6.1 All Models Hotfix-FP0006

Fix readme


Abstract

Correct GSkit DoS vulnerability (CVE 2014-0963)

Content

This patch corrects the GSkit DoS vulnerability as reported in CVE 2014-0963
This patch has the following pre-requisite:

GX6
4.6.1.0.0-ISS-ProvG-GX6-Hotfix-FP0001 or higher
GX7
4.6.1.0.0-ISS-ProvG-GX7-Hotfix-FP0001 or higher
NonGX6 and NonGX7
4.6.1.0.0-ISS-ProvG-NonGX7-NonGX6-Driver-FP0001 or higher


Previously fixed problems
------------------------------------

- Adds a check in installation script to not allow patch installation unless
following patches are installed in corresponding appliances first -
- GX6
4.6.1.0.0-ISS-ProvG-GX6-Hotfix-FP0001 or higher
- GX7
4.6.1.0.0-ISS-ProvG-GX7-Hotfix-FP0001 or higher
- NonGX6 and NonGX7
4.6.1.0.0-ISS-ProvG-NonGX7-NonGX6-Driver-FP0001 or higher

spa:
- Fixes issue when GX is rebooted and SP is enabled, sometimes iss-spa does
not
start.

- Fix policy loading issue and missing permission attributes error messages
with Java 7.x.

- Add crm.ppd.timeout tuning parameter. Currently after submitting a request
to the ppd, crm waits for a max of 60 seconds (hard coded) for a reply. If the
response is not received within the timeout value, the crm returns a timeout
error for the request.

- Fixes issue in which raid does not handle snmp traps when disk fails.

- Deletes no longer needed iss-proventiag-slistener package on GX6116
appliances.

- Fixes issue in which no event updates to SiteProtector and ipsAttacks.db
because of deadlock problem in the sensor code.

-Delivers support for SHA256 package signing. Also delivers dual signed
packages.




Document information

More support for: IBM Security Network Intrusion Prevention System

Software version: 4.6.1

Operating system(s): Firmware

Reference #: 1672956

Modified date: 18 August 2014