TIBCO LogLogic 6.2.1 Hotfix SEC1-HF-2968 is now available
Article ID: KB0101938
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Log Management Intelligence | 6.2.1 |
Description
This is a cumulative security hotfix to deploy package update for LMI 6.2.1.
This hotfix includes all previously available cumulative security hotfixes
for TIBCO LogLogic LMI 6.2.1.
This hotfix has no dependencies on any other non-cumulative hotfixes and
cumulative maintenance hotfixes. It can be used in conjunction with other
non-cumulative hotfixes and cumulative maintenance hotfixes.
================================================================================
Closed Issues in 6.2.1 SEC1-HF-2968
LLCE-2968:
6.2.1 package updates v1 cumulative security HF for package updates
LLCE-2963:
gnupg2: Improper sanitization of filenames allows for the display of fake
status messages and the bypass of signature verification - CVE-2018-12020
LLCE-3033:
Yum-Utils: Reposync: Improper Path Validation May Lead to Directory Traversal
Vulnerability - CVE-2018-10897
LLCE-3037:
NSS: ServerHello.random is All Zeros When Handling a v2-compatible ClientHello
- CVE-2018-12384
The following security issues are resolved with listed packages or newer ones:
bind (ELSA-2018-2571): CVE-2018-5740 by bind-libs-9.8.2-0.68.rc1.el6_10.1,
bind-utils-9.8.2-0.68.rc1.el6_10.1
dhcp (ELSA-2018-1454): CVE-2018-1111 by dhclient-4.1.1-53.P1.0.1.el6_9.4,
dhcp-common-4.1.1-53.P1.0.1.el6_9.3
ding-libs (ELSA-2018-1877): CVE-2018-1877 by libipa_hbac-1.13.3-60.el6,
libsss_idmap-1.13.3-60.el6
gnupg2 (ELSA-2018-2180): CVE-2018-12020 by gnupg2-2.0.14-9.el6_10
java-1.8.0-openjdk (ELSA-2018-2241): CVE-2018-2952 by
java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10,
java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el6_10,
java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el6_10
nspr (ELEA-2018-1865): nspr-4.19.0-1.el6
nss (ELSA-2018-2898): CVE-2018-12384 by nss-3.36.0-9.0.1.el6_10,
nss-sysinit-3.36.0-9.0.1.el6_10, nss-tools-3.36.0-9.0.1.el6_10,
nss-util-3.36.0-1.el6
procps (ELSA-2018-1777): CVE-2018-1124, CVE-2018-1126 by
procps-3.2.8-45.0.1.el6_9.3
samba4 (ELSA-2018-1883): CVE-2018-1050 by samba4-client-4.2.10-15.el6,
samba4-common-4.2.10-15.el6, samba4-libs-4.2.10-15.el6
sssd (ELSA-2018-1877): CVE-2017-12173 by python-sss-1.13.3-60.0.1.el6,
python-sssd-config-1.13.3-60.0.1.el6, sssd-1.13.3-60.el6,
sssd-ad-1.13.3-60.el6, sssd-client-1.13.3-60.el6, sssd-common-1.13.3-60.el6,
sssd-common-pac-1.13.3-60.el6, sssd-ipa-1.13.3-60.el6,
sssd-krb5-1.13.3-60.el6, sssd-krb5-common-1.13.3-60.el6,
sssd-ldap-1.13.3-60.el6, sssd-proxy-1.13.3-60.el6, sssd-tools-1.13.3-60.el6
yum-utils (ELSA-2018-2284): CVE-2018-10897 by yum-3.2.29-81.el6,
yum-plugin-fastestmirror-1.1.30-41.0.1.el6_10,
yum-plugin-security-1.1.30-42.0.1.el6_10, yum-utils-1.1.30-42.0.1.el6_10
================================================================================
This hotfix can be downloaded from the TIBCO Support Customer Portal at https://support.tibco.com.
You will need to provide your TIBCO Support Portal credentials. Once logged in you can download
the hotfix by selecting “Downloads” -> “Hotfixes” under AvailableDownloads/LogLogic/LMI/6.2.1_Hotfixes
This hotfix includes all previously available cumulative security hotfixes
for TIBCO LogLogic LMI 6.2.1.
This hotfix has no dependencies on any other non-cumulative hotfixes and
cumulative maintenance hotfixes. It can be used in conjunction with other
non-cumulative hotfixes and cumulative maintenance hotfixes.
================================================================================
Closed Issues in 6.2.1 SEC1-HF-2968
LLCE-2968:
6.2.1 package updates v1 cumulative security HF for package updates
LLCE-2963:
gnupg2: Improper sanitization of filenames allows for the display of fake
status messages and the bypass of signature verification - CVE-2018-12020
LLCE-3033:
Yum-Utils: Reposync: Improper Path Validation May Lead to Directory Traversal
Vulnerability - CVE-2018-10897
LLCE-3037:
NSS: ServerHello.random is All Zeros When Handling a v2-compatible ClientHello
- CVE-2018-12384
The following security issues are resolved with listed packages or newer ones:
bind (ELSA-2018-2571): CVE-2018-5740 by bind-libs-9.8.2-0.68.rc1.el6_10.1,
bind-utils-9.8.2-0.68.rc1.el6_10.1
dhcp (ELSA-2018-1454): CVE-2018-1111 by dhclient-4.1.1-53.P1.0.1.el6_9.4,
dhcp-common-4.1.1-53.P1.0.1.el6_9.3
ding-libs (ELSA-2018-1877): CVE-2018-1877 by libipa_hbac-1.13.3-60.el6,
libsss_idmap-1.13.3-60.el6
gnupg2 (ELSA-2018-2180): CVE-2018-12020 by gnupg2-2.0.14-9.el6_10
java-1.8.0-openjdk (ELSA-2018-2241): CVE-2018-2952 by
java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10,
java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el6_10,
java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el6_10
nspr (ELEA-2018-1865): nspr-4.19.0-1.el6
nss (ELSA-2018-2898): CVE-2018-12384 by nss-3.36.0-9.0.1.el6_10,
nss-sysinit-3.36.0-9.0.1.el6_10, nss-tools-3.36.0-9.0.1.el6_10,
nss-util-3.36.0-1.el6
procps (ELSA-2018-1777): CVE-2018-1124, CVE-2018-1126 by
procps-3.2.8-45.0.1.el6_9.3
samba4 (ELSA-2018-1883): CVE-2018-1050 by samba4-client-4.2.10-15.el6,
samba4-common-4.2.10-15.el6, samba4-libs-4.2.10-15.el6
sssd (ELSA-2018-1877): CVE-2017-12173 by python-sss-1.13.3-60.0.1.el6,
python-sssd-config-1.13.3-60.0.1.el6, sssd-1.13.3-60.el6,
sssd-ad-1.13.3-60.el6, sssd-client-1.13.3-60.el6, sssd-common-1.13.3-60.el6,
sssd-common-pac-1.13.3-60.el6, sssd-ipa-1.13.3-60.el6,
sssd-krb5-1.13.3-60.el6, sssd-krb5-common-1.13.3-60.el6,
sssd-ldap-1.13.3-60.el6, sssd-proxy-1.13.3-60.el6, sssd-tools-1.13.3-60.el6
yum-utils (ELSA-2018-2284): CVE-2018-10897 by yum-3.2.29-81.el6,
yum-plugin-fastestmirror-1.1.30-41.0.1.el6_10,
yum-plugin-security-1.1.30-42.0.1.el6_10, yum-utils-1.1.30-42.0.1.el6_10
================================================================================
This hotfix can be downloaded from the TIBCO Support Customer Portal at https://support.tibco.com.
You will need to provide your TIBCO Support Portal credentials. Once logged in you can download
the hotfix by selecting “Downloads” -> “Hotfixes” under AvailableDownloads/LogLogic/LMI/6.2.1_Hotfixes
Issue/Introduction
TIBCO LogLogic 6.2.1 Hotfix SEC1-HF-2968 is now available
Environment
All TIBCO LogLogic LMI and EVA appliances running software version 6.2.1
Resolution
| Install this security hotfix following the instructions in the attached Readme |
Attachments
Feedback
Yes
No
Powered by
