IBM Support

Proventia Network Intrusion Prevention System 4.6.1 All Models Hotfix-FP0006

Fix readme


Correct GSkit DoS vulnerability (CVE 2014-0963)


This patch corrects the GSkit DoS vulnerability as reported in CVE 2014-0963
This patch has the following pre-requisite:

GX6 or higher
GX7 or higher
NonGX6 and NonGX7 or higher

Previously fixed problems

- Adds a check in installation script to not allow patch installation unless
following patches are installed in corresponding appliances first -
- GX6 or higher
- GX7 or higher
- NonGX6 and NonGX7 or higher

- Fixes issue when GX is rebooted and SP is enabled, sometimes iss-spa does

- Fix policy loading issue and missing permission attributes error messages
with Java 7.x.

- Add crm.ppd.timeout tuning parameter. Currently after submitting a request
to the ppd, crm waits for a max of 60 seconds (hard coded) for a reply. If the
response is not received within the timeout value, the crm returns a timeout
error for the request.

- Fixes issue in which raid does not handle snmp traps when disk fails.

- Deletes no longer needed iss-proventiag-slistener package on GX6116

- Fixes issue in which no event updates to SiteProtector and ipsAttacks.db
because of deadlock problem in the sensor code.

-Delivers support for SHA256 package signing. Also delivers dual signed

Document information

More support for: IBM Security Network Intrusion Prevention System

Software version: 4.6.1

Operating system(s): Firmware

Reference #: 1672956

Modified date: 18 August 2014