TIBCO LogLogic 6.2.1 Hotfix SEC1-HF-2968 is now available
book
Article ID: KB0101938
calendar_today
Updated On:
Products
Versions
TIBCO LogLogic Log Management Intelligence
6.2.1
Description
This is a cumulative security hotfix to deploy package update for LMI 6.2.1. This hotfix includes all previously available cumulative security hotfixes for TIBCO LogLogic LMI 6.2.1.
This hotfix has no dependencies on any other non-cumulative hotfixes and cumulative maintenance hotfixes. It can be used in conjunction with other non-cumulative hotfixes and cumulative maintenance hotfixes.
================================================================================ Closed Issues in 6.2.1 SEC1-HF-2968
LLCE-2963: gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification - CVE-2018-12020
LLCE-3033: Yum-Utils: Reposync: Improper Path Validation May Lead to Directory Traversal Vulnerability - CVE-2018-10897
LLCE-3037: NSS: ServerHello.random is All Zeros When Handling a v2-compatible ClientHello - CVE-2018-12384
The following security issues are resolved with listed packages or newer ones:
bind (ELSA-2018-2571): CVE-2018-5740 by bind-libs-9.8.2-0.68.rc1.el6_10.1, bind-utils-9.8.2-0.68.rc1.el6_10.1
dhcp (ELSA-2018-1454): CVE-2018-1111 by dhclient-4.1.1-53.P1.0.1.el6_9.4, dhcp-common-4.1.1-53.P1.0.1.el6_9.3
ding-libs (ELSA-2018-1877): CVE-2018-1877 by libipa_hbac-1.13.3-60.el6, libsss_idmap-1.13.3-60.el6
gnupg2 (ELSA-2018-2180): CVE-2018-12020 by gnupg2-2.0.14-9.el6_10
java-1.8.0-openjdk (ELSA-2018-2241): CVE-2018-2952 by java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10, java-1.8.0-openjdk-devel-1.8.0.191.b12-0.el6_10, java-1.8.0-openjdk-headless-1.8.0.191.b12-0.el6_10
nspr (ELEA-2018-1865): nspr-4.19.0-1.el6
nss (ELSA-2018-2898): CVE-2018-12384 by nss-3.36.0-9.0.1.el6_10, nss-sysinit-3.36.0-9.0.1.el6_10, nss-tools-3.36.0-9.0.1.el6_10, nss-util-3.36.0-1.el6
procps (ELSA-2018-1777): CVE-2018-1124, CVE-2018-1126 by procps-3.2.8-45.0.1.el6_9.3
samba4 (ELSA-2018-1883): CVE-2018-1050 by samba4-client-4.2.10-15.el6, samba4-common-4.2.10-15.el6, samba4-libs-4.2.10-15.el6
yum-utils (ELSA-2018-2284): CVE-2018-10897 by yum-3.2.29-81.el6, yum-plugin-fastestmirror-1.1.30-41.0.1.el6_10, yum-plugin-security-1.1.30-42.0.1.el6_10, yum-utils-1.1.30-42.0.1.el6_10
================================================================================ This hotfix can be downloaded from the TIBCO Support Customer Portal at https://support.tibco.com. You will need to provide your TIBCO Support Portal credentials. Once logged in you can download the hotfix by selecting “Downloads” -> “Hotfixes” under AvailableDownloads/LogLogic/LMI/6.2.1_Hotfixes
Environment
All TIBCO LogLogic LMI and EVA appliances running software version 6.2.1
Resolution
Install this security hotfix following the instructions in the attached Readme
Issue/Introduction
TIBCO LogLogic 6.2.1 Hotfix SEC1-HF-2968 is now available
Attachments
TIBCO LogLogic 6.2.1 Hotfix SEC1-HF-2968 is now availableget_app