Monthly Release Notes - November 2022
Digital Defense
Frontline Agent
Version 1.51.0
November 29, 2022
Current Windows agent version: 1.48.0
Current macOS agent version: 1.51.0
Enhancements
-
Implemented the following new vulnerability checks:
- 150306 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.107 (High) - Windows, Mac
- 150307 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 107.0.1418.42 (High) - Windows
- 150308 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 107 (High) - Windows, Mac
- 150309 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.5 (High) - Windows, Mac
- 150310 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.5 (High) - Windows
- 150235 MS22-NOV: Microsoft Office Security Update (High) - Mac
- 150397 Zoom Client Installer Privilege Escalation (High) - Mac
- 150394 Zoom Client Local Information Exposure (Low) - Windows, Mac
Fixes
- Updated Vulnerability Descriptions:
- 121029 APSB16-32: Security Updates Available for Adobe Flash Player (High)
Version 1.50.0
November 15, 2022
Current Windows agent version: 1.48.0
Current macOS agent version: 1.48.0
Enhancements
-
Implemented the following new vulnerability checks:
- 150240 Apple Security Update: macOS Ventura 13.0.1 (High) - Mac
- 150239 Apple Security Update: Xcode 14.1 (Medium) - Mac
- 150195 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.63 (High) - Windows, Mac
- 150196 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.88 (High) - Windows, Mac
- 150236 MS22-NOV: Microsoft .NET Security Update (Medium) - Windows
- 150237 MS22-NOV: Microsoft Exchange Server Security Update (High) - Windows
- 150233 MS22-NOV: Microsoft Internet Explorer Security Update (High) - Windows
- 150235 MS22-NOV: Microsoft Office Security Update (High) - Windows
- 150238 MS22-NOV: Microsoft Sharepoint Server Security Update (High) - Windows
- 150234 MS22-NOV: Microsoft Windows Security Update (High) - Windows
- 150232 Zoom Client URL Parsing (High) - Windows, Mac
Frontline NIRV Scanner
Version 4.11.1
November 28, 2022
Enhancements
Updated authenticated scanning checks and network explicit checks listed:
- 150241 Apache Tomcat Security Advisory: October 2022 (High)
-
150391 Cisco Security Advisory: CISCO-SA-ASA-FTD-DAP-DOS-GHYZBXDU (High)
-
150393 Cisco Security Advisory: CISCO-SA-ASA-FTD-VP-AUTHZ-N2GCKJN6 (Medium)
-
150392 Cisco Security Advisory: CISCO-SA-FW3100-SECURE-BOOT-5M8MUH26 (High)
-
150269 ELSA-2022-10004: openssl security update (Medium)
-
150296 ELSA-2022-7457: container-tools:ol8 security, bug fix, and enhancement update (High)
-
150280 ELSA-2022-7458: flatpak-builder security and bug fix update (Medium)
-
150258 ELSA-2022-7461: libreoffice security update (Medium)
-
150256 ELSA-2022-7464: protobuf security update (Low)
-
150305 ELSA-2022-7469: container-tools:4.0 security and bug fix update (High)
-
150283 ELSA-2022-7470: pki-core:10.6 and pki-deps:10.6 security and bug fix update (Medium)
-
150298 ELSA-2022-7472: virt:ol and virt-devel:ol security, bug fix, and enhancement update (Medium)
-
150270 ELSA-2022-7482: qt5 security, bug fix, and enhancement update (High)
-
150267 ELSA-2022-7514: fribidi security update (Low)
-
150285 ELSA-2022-7519: grafana security, bug fix, and enhancement update (Medium)
-
150293 ELSA-2022-7524: yajl security update (Medium)
-
150274 ELSA-2022-7529: container-tools:3.0 security update (High)
-
150295 ELSA-2022-7541: redis:6 security, bug fix, and enhancement update (Medium)
-
150297 ELSA-2022-7548: Image Builder security, bug fix, and enhancement update (Low)
-
150276 ELSA-2022-7558: wavpack security update (Medium)
-
150286 ELSA-2022-7581: python38:3.8 and python38-devel:3.8 security update (High)
-
150250 ELSA-2022-7583: xorg-x11-server and xorg-x11-server-Xwayland security and bug fix update (Low)
-
150259 ELSA-2022-7585: libtiff security update (Medium)
-
150253 ELSA-2022-7592: python39:3.9 and python39-devel:3.9 security update (High)
-
150265 ELSA-2022-7593: python27:2.7 security update (High)
-
150301 ELSA-2022-7594: poppler security and bug fix update (Medium)
-
150275 ELSA-2022-7618: gstreamer1-plugins-good security update (Medium)
-
150268 ELSA-2022-7622: unbound security, bug fix, and enhancement update (Low)
-
150254 ELSA-2022-7623: dovecot security update (Low)
-
150282 ELSA-2022-7624: php:8.0 security, bug fix, and enhancement update (Medium)
-
150284 ELSA-2022-7628: php:7.4 security, bug fix, and enhancement update (Medium)
-
150251 ELSA-2022-7633: dnsmasq security and bug fix update (Low)
-
150264 ELSA-2022-7639: openblas security update (Medium)
-
150277 ELSA-2022-7640: mutt security update (Medium)
-
150278 ELSA-2022-7643: bind9.16 security update (Medium)
-
150263 ELSA-2022-7645: openjpeg2 security update (Medium)
-
150266 ELSA-2022-7647: httpd:2.4 security update (High)
-
150304 ELSA-2022-7648: grafana-pcp security update (Low)
-
150262 ELSA-2022-7683: kernel security, bug fix, and enhancement update (High)
-
150261 ELSA-2022-7692: xmlrpc-c security update (High)
-
150252 ELSA-2022-7700: gdisk security update (High)
-
150288 ELSA-2022-7704: webkit2gtk3 security and bug fix update (Medium)
-
150271 ELSA-2022-7715: libxml2 security update (Low)
-
150289 ELSA-2022-7720: e2fsprogs security and bug fix update (Medium)
-
150294 ELSA-2022-7730: libldb security, bug fix, and enhancement update (Low)
-
150303 ELSA-2022-7745: freetype security update (High)
-
150300 ELSA-2022-7790: bind security update (Medium)
-
150299 ELSA-2022-7793: rsync security and enhancement update (Low)
-
150260 ELSA-2022-7821: nodejs:18 security update (Medium)
-
150279 ELSA-2022-7826: dotnet7.0 security, bug fix, and enhancement update (Low)
-
150290 ELSA-2022-7830: nodejs:14 security update (Medium)
-
150281 ELSA-2022-7928: device-mapper-multipath security update (Medium)
-
150291 ELSA-2022-8491: xorg-x11-server security update (Medium)
-
150272 ELSA-2022-9986: kvm_utils security update (Medium)
-
150287 ELSA-2022-9987: zlib security update (Medium)
-
150255 ELSA-2022-9988: zlib security update (Medium)
-
150257 ELSA-2022-9996: Unbreakable Enterprise kernel security update (Medium)
-
150302 ELSA-2022-9997: Unbreakable Enterprise kernel-container security update (Medium)
-
150273 ELSA-2022-9998: Unbreakable Enterprise kernel security update (Medium)
-
150292 ELSA-2022-9999: Unbreakable Enterprise kernel-container security update (Medium)
-
150306 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.107 (High)
-
150395 ICMP Netmask Request (Trivial)
-
150396 ICMP Timestamp Request (Trivial)
-
150243 Joomla! Information Disclosure vulnerability (Medium)
-
150242 Joomla! XSS vulnerability (Medium)
-
150244 Lighttpd Denial of Service (DoS) Vulnerability (High)
-
150307 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 107.0.1418.42 (High)
-
150308 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 107 (High)
-
150309 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.5 (High)
-
150310 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.5 (High)
-
150248 Oracle MySQL Critical Patch Update: October 2022 (Medium)
-
150249 Oracle WebLogic Critical Patch Update: October 2022 (High)
-
150375 RHSA-2022:7928: device-mapper-multipath security update (Medium)
-
150367 RHSA-2022:7933: kernel-rt security and bug fix update (Low)
-
150317 RHSA-2022:7935: pcs security, bug fix, and enhancement update (Low)
-
150355 RHSA-2022:7950: Image Builder security, bug fix, and enhancement update (Low)
-
150347 RHSA-2022:7954: podman security and bug fix update (Low)
-
150341 RHSA-2022:7955: skopeo security and bug fix update (Low)
-
150337 RHSA-2022:7958: libguestfs security, bug fix, and enhancement update (Low)
-
150362 RHSA-2022:7959: guestfs-tools security, bug fix, and enhancement update (Low)
-
150364 RHSA-2022:7967: qemu-kvm security, bug fix, and enhancement update (Low)
-
150354 RHSA-2022:7968: virt-v2v security, bug fix, and enhancement update (Low)
-
150333 RHSA-2022:7970: protobuf security update (Low)
-
150358 RHSA-2022:7978: gimp security and enhancement update (Low)
-
150319 RHSA-2022:7979: speex security update (Low)
-
150348 RHSA-2022:8003: libvirt security, bug fix, and enhancement update (Low)
-
150318 RHSA-2022:8008: buildah security and bug fix update (Low)
-
150352 RHSA-2022:8011: fribidi security update (Low)
-
150346 RHSA-2022:8022: qt5 security and bug fix update (Low)
-
150365 RHSA-2022:8054: webkit2gtk3 security and bug fix update (Low)
-
150366 RHSA-2022:8057: grafana security, bug fix, and enhancement update (Medium)
-
150369 RHSA-2022:8062: unbound security, bug fix, and enhancement update (Low)
-
150374 RHSA-2022:8067: httpd security, bug fix, and enhancement update (Low)
-
150372 RHSA-2022:8068: bind security update (Low)
-
150377 RHSA-2022:8070: dnsmasq security and bug fix update (Low)
-
150315 RHSA-2022:8078: flac security update (Low)
-
150322 RHSA-2022:8090: runc security update (Low)
-
150326 RHSA-2022:8096: redis security and bug fix update (Low)
-
150370 RHSA-2022:8098: toolbox security and bug fix update (Low)
-
150329 RHSA-2022:8100: swtpm security and bug fix update (Low)
-
150360 RHSA-2022:8112: frr security, bug fix, and enhancement update (Low)
-
150330 RHSA-2022:8126: ignition security, bug fix, and enhancement update (Low)
-
150371 RHSA-2022:8139: wavpack security update (Low)
-
150321 RHSA-2022:8151: poppler security and bug fix update (Low)
-
150312 RHSA-2022:8162: 389-ds-base security, bug fix, and enhancement update (Low)
-
150345 RHSA-2022:8194: libtiff security update (Low)
-
150356 RHSA-2022:8197: php security, bug fix, and enhancement update (Low)
-
150363 RHSA-2022:8207: openjpeg2 security update (Low)
-
150342 RHSA-2022:8208: dovecot security and enhancement update (Low)
-
150313 RHSA-2022:8219: mutt security update (Low)
-
150343 RHSA-2022:8221: xorg-x11-server security and bug fix update (Low)
-
150339 RHSA-2022:8222: xorg-x11-server-Xwayland security update (Low)
-
150327 RHSA-2022:8226: python-lxml security update (Low)
-
150349 RHSA-2022:8250: grafana-pcp security update (Low)
-
150340 RHSA-2022:8252: yajl security update (Low)
-
150353 RHSA-2022:8263: dpdk security and bug fix update (Medium)
-
150324 RHSA-2022:8267: kernel security, bug fix, and enhancement update (Low)
-
150357 RHSA-2022:8291: rsync security and bug fix update (Low)
-
150361 RHSA-2022:8299: curl security update (Low)
-
150344 RHSA-2022:8317: samba security, bug fix, and enhancement update (Low)
-
150328 RHSA-2022:8318: libldb security, bug fix, and enhancement update (Low)
-
150335 RHSA-2022:8340: freetype security update (Low)
-
150316 RHSA-2022:8353: python3.9 security, bug fix, and enhancement update (Low)
-
150331 RHSA-2022:8361: e2fsprogs security update (Low)
-
150351 RHSA-2022:8384: harfbuzz security update (Low)
-
150311 RHSA-2022:8385: dhcp security and enhancement update (Low)
-
150350 RHSA-2022:8393: logrotate security update (Low)
-
150373 RHSA-2022:8400: libtirpc security update (Low)
-
150334 RHSA-2022:8415: mingw-gcc security and bug fix update (Low)
-
150332 RHSA-2022:8418: mingw-glib2 security and bug fix update (Low)
-
150376 RHSA-2022:8420: mingw-zlib security update (Medium)
-
150338 RHSA-2022:8431: podman security, bug fix, and enhancement update (Low)
-
150320 RHSA-2022:8434: dotnet7.0 security, bug fix, and enhancement update (Low)
-
150359 RHSA-2022:8444: keylime security update (Low)
-
150325 RHSA-2022:8453: device-mapper-multipath security update (Medium)
-
150323 RHSA-2022:8491: xorg-x11-server security update (Medium)
-
150368 RHSA-2022:8492: python39:3.9 security update (Medium)
-
150314 RHSA-2022:8493: python3.9 security update (Medium)
-
150336 RHSA-2022:8547: thunderbird security update (Medium)
-
150245 Samba Security Advisory October 2022 (Medium)
-
150246 Squid Security Advisory: SQUID-2022:1 (Medium)
-
150247 Wordpress Header Data Manipulation Vulnerability (High)
-
150394 Zoom Client Local Information Exposure (Low)
-
150382 [USN-5625-2] Mako vulnerability (Medium)
-
150390 [USN-5686-3] Git vulnerabilities (Medium)
-
150379 [USN-5709-2] Firefox vulnerabilities (Medium)
-
150378 [USN-5719-1] OpenJDK vulnerabilities (Medium)
-
150381 [USN-5722-1] nginx vulnerabilities (Medium)
-
150380 [USN-5724-1] Thunderbird vulnerabilities (Medium)
-
150383 [USN-5726-1] Firefox vulnerabilities (Medium)
-
150384 [USN-5727-1] Linux kernel vulnerabilities (Medium)
-
150387 [USN-5727-2] Linux kernel (GCP) vulnerabilities (Medium)
-
150385 [USN-5728-1] Linux kernel vulnerabilities (Medium)
-
150388 [USN-5728-2] Linux kernel vulnerabilities (Medium)
-
150386 [USN-5729-1] Linux kernel vulnerabilities (Medium)
-
150389 [USN-5729-2] Linux kernel vulnerabilities (Medium)
Fixes
Updated Vulnerability Descriptions:
- 121029 APSB16-32: Security Updates Available for Adobe Flash Player (High)
-
150195 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.63 (High)
-
150196 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.88 (High)
-
150236 MS22-NOV: Microsoft .NET Security Update (Medium)
-
150237 MS22-NOV: Microsoft Exchange Server Security Update (High)
-
150233 MS22-NOV: Microsoft Internet Explorer Security Update (High)
-
150235 MS22-NOV: Microsoft Office Security Update (High)
-
150238 MS22-NOV: Microsoft Sharepoint Server Security Update (High)
-
150234 MS22-NOV: Microsoft Windows Security Update (High)
-
150232 Zoom Client URL Parsing (High)
Version 4.10.0
November 9, 2022
Enhancements
Updated authenticated scanning checks and network explicit checks listed:
- 150231 AIX Security Advisory: python_advisory2 (High)
-
150210 Amazon Linux 2 Security Advisory: ALAS-2022-1845 (Medium)
-
150228 Amazon Linux 2 Security Advisory: ALAS-2022-1846 (Medium)
-
150211 Amazon Linux 2 Security Advisory: ALAS-2022-1847 (Medium)
-
150223 Amazon Linux 2 Security Advisory: ALAS-2022-1848 (Medium)
-
150203 Amazon Linux 2 Security Advisory: ALAS-2022-1849 (Low)
-
150213 Amazon Linux 2 Security Advisory: ALAS-2022-1850 (High)
-
150214 Amazon Linux 2 Security Advisory: ALAS-2022-1851 (Low)
-
150221 Amazon Linux 2 Security Advisory: ALAS-2022-1852 (High)
-
150227 Amazon Linux 2 Security Advisory: ALAS-2022-1853 (Medium)
-
150200 Amazon Linux 2 Security Advisory: ALAS-2022-1854 (Medium)
-
150216 Amazon Linux 2 Security Advisory: ALAS-2022-1855 (Low)
-
150225 Amazon Linux 2 Security Advisory: ALAS-2022-1856 (Low)
-
150215 Amazon Linux 2 Security Advisory: ALAS-2022-1857 (Low)
-
150222 Amazon Linux 2 Security Advisory: ALAS-2022-1863 (Medium)
-
150219 Amazon Linux 2 Security Advisory: ALAS-2022-1866 (Low)
-
150201 Amazon Linux 2 Security Advisory: ALAS-2022-1867 (Low)
-
150224 Amazon Linux 2 Security Advisory: ALAS-2022-1868 (Medium)
-
150209 Amazon Linux 2 Security Advisory: ALAS-2022-1869 (Medium)
-
150212 Amazon Linux 2 Security Advisory: ALAS-2022-1870 (Medium)
-
150208 Amazon Linux 2 Security Advisory: ALAS-2022-1871 (Medium)
-
150218 Amazon Linux 2 Security Advisory: ALAS-2022-1872 (Low)
-
150226 Amazon Linux 2 Security Advisory: ALAS-2022-1873 (Low)
-
150199 Amazon Linux 2 Security Advisory: ALAS-2022-1874 (Low)
-
150206 Amazon Linux 2 Security Advisory: ALAS-2022-1875 (High)
-
150230 Amazon Linux 2 Security Advisory: ALAS-2022-1876 (Low)
-
150207 Amazon Linux 2 Security Advisory: ALAS-2022-1877 (Low)
-
150197 Amazon Linux Security Advisory: ALAS-2022-1639 (Medium)
-
150058 Citrix Security Advisory: CTX463706 (High)
-
150046 Debian Security Advisory: DLA-3145-1 (Medium)
-
150055 Debian Security Advisory: DLA-3149-1 (High)
-
150048 Debian Security Advisory: DLA-3150-1 (High)
-
150044 Debian Security Advisory: DLA-3152-1 (High)
-
150050 Debian Security Advisory: DLA-3157-1 (Medium)
-
150051 Debian Security Advisory: DLA-3160-1 (Medium)
-
150052 Debian Security Advisory: DLA-3164-1 (High)
-
150045 Debian Security Advisory: DLA-3166-1 (Medium)
-
150049 Debian Security Advisory: DLA-3167-1 (Medium)
-
150054 Debian Security Advisory: DLA-3173-1 (High)
-
150053 Debian Security Advisory: DLA-3177-1 (High)
-
150047 Debian Security Advisory: DLA-3181-1 (Low)
-
150057 Debian Security Advisory: DSA-5254-1 (High)
-
150056 Debian Security Advisory: DSA-5265-1 (Medium)
-
150013 ELSA-2022-23681: ol8addon security update (Medium)
-
150035 ELSA-2022-6710: thunderbird security update (Medium)
-
150020 ELSA-2022-6711: firefox security update (Medium)
-
150024 ELSA-2022-6997: firefox security update (Medium)
-
150007 ELSA-2022-6998: thunderbird security update (Medium)
-
150027 ELSA-2022-7069: firefox security update (Medium)
-
150040 ELSA-2022-7070: firefox security update (Medium)
-
150039 ELSA-2022-7087: 389-ds-base security and bug fix update (Low)
-
150028 ELSA-2022-7105: gnutls security update (Low)
-
150022 ELSA-2022-7106: zlib security update (Low)
-
150041 ELSA-2022-7108: sqlite security update (Low)
-
150010 ELSA-2022-7110: kernel security, bug fix, and enhancement update (Medium)
-
150025 ELSA-2022-7111: samba security and bug fix update (Low)
-
150017 ELSA-2022-7119: mysql:8.0 security, bug fix, and enhancement update (Medium)
-
150015 ELSA-2022-7128: postgresql:12 security update (Low)
-
150012 ELSA-2022-7129: git-lfs security and bug fix update (Medium)
-
150026 ELSA-2022-7133: 389-ds:1.4 security update (Low)
-
150008 ELSA-2022-7178: thunderbird security update (Medium)
-
150036 ELSA-2022-7184: thunderbird security update (Medium)
-
150043 ELSA-2022-7185: device-mapper-multipath security update (Medium)
-
150009 ELSA-2022-7186: device-mapper-multipath security update (Medium)
-
150033 ELSA-2022-7190: thunderbird security update (Medium)
-
150019 ELSA-2022-7192: device-mapper-multipath security update (Medium)
-
150030 ELSA-2022-7288: openssl security update (Medium)
-
150038 ELSA-2022-7314: zlib security update (Low)
-
150031 ELSA-2022-7318: kernel security, bug fix, and enhancement update (Medium)
-
150023 ELSA-2022-7323: python3.9 security update (Low)
-
150011 ELSA-2022-7326: pki-core security update (Medium)
-
150032 ELSA-2022-7329: lua security update (Medium)
-
150018 ELSA-2022-7337: kernel security and bug fix update (Low)
-
150034 ELSA-2022-7340: php-pear security update (Medium)
-
150014 ELSA-2022-7343: pcs security update (Medium)
-
150016 ELSA-2022-9962: expat security update (Medium)
-
150021 ELSA-2022-9967: compat-expat1 security update (Medium)
-
150037 ELSA-2022-9968: openssl security update (Medium)
-
150042 ELSA-2022-9969: Unbreakable Enterprise kernel security update (Medium)
-
150029 ELSA-2022-9978: qemu security update (Medium)
-
150195 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.63 (High)
-
150196 Google Chrome: Multiple Vulnerabilities in Versions Less Than 107.0.5304.88 (High)
-
150236 MS22-NOV: Microsoft .NET Security Update (Medium)
-
150237 MS22-NOV: Microsoft Exchange Server Security Update (High)
-
150233 MS22-NOV: Microsoft Internet Explorer Security Update (High)
-
150235 MS22-NOV: Microsoft Office Security Update (High)
-
150238 MS22-NOV: Microsoft Sharepoint Server Security Update (High)
-
150234 MS22-NOV: Microsoft Windows Security Update (High)
-
150006 OpenSSL DoS Vulnerability (High)
-
150005 OpenSSL NULL Cipher Vulnerability (High)
-
150099 RHSA-2022:6735: java-1.8.0-ibm security update (Low)
-
150096 RHSA-2022:6911: .NET 6.0 security and bugfix update (Low)
-
150098 RHSA-2022:6912: .NET Core 3.1 security and bugfix update (Low)
-
150166 RHSA-2022:6913: .NET 6.0 security and bugfix update (Low)
-
150147 RHSA-2022:6921: expat security update (Medium)
-
150065 RHSA-2022:6963: nodejs security update (Medium)
-
150144 RHSA-2022:6964: nodejs:16 security update (Medium)
-
150123 RHSA-2022:6967: compat-expat1 security update (Medium)
-
150089 RHSA-2022:6997: firefox security update (Medium)
-
150134 RHSA-2022:6998: thunderbird security update (Medium)
-
150155 RHSA-2022:6999: java-17-openjdk security and bug fix update (Low)
-
150110 RHSA-2022:7000: java-17-openjdk security and bug fix update (Low)
-
150157 RHSA-2022:7002: java-1.8.0-openjdk security and bug fix update (Low)
-
150141 RHSA-2022:7006: java-1.8.0-openjdk security update (Low)
-
150153 RHSA-2022:7007: java-1.8.0-openjdk security update (Low)
-
150159 RHSA-2022:7008: java-11-openjdk security and bug fix update (Low)
-
150092 RHSA-2022:7012: java-11-openjdk security and bug fix update (Low)
-
150095 RHSA-2022:7013: java-11-openjdk security and bug fix update (Low)
-
150162 RHSA-2022:7020: firefox security update (Medium)
-
150086 RHSA-2022:7023: thunderbird security update (Medium)
-
150088 RHSA-2022:7024: firefox security update (Medium)
-
150139 RHSA-2022:7026: thunderbird security update (Medium)
-
150117 RHSA-2022:7069: firefox security update (Medium)
-
150126 RHSA-2022:7070: firefox security update (Medium)
-
150087 RHSA-2022:7071: firefox security update (Medium)
-
150080 RHSA-2022:7086: pki-core security update (Low)
-
150084 RHSA-2022:7087: 389-ds-base security and bug fix update (Low)
-
150127 RHSA-2022:7088: libksba security update (Medium)
-
150085 RHSA-2022:7089: libksba security update (Medium)
-
150109 RHSA-2022:7090: libksba security update (Medium)
-
150165 RHSA-2022:7105: gnutls security update (Low)
-
150104 RHSA-2022:7106: zlib security update (Low)
-
150124 RHSA-2022:7108: sqlite security update (Low)
-
150083 RHSA-2022:7110: kernel security, bug fix, and enhancement update (Medium)
-
150059 RHSA-2022:7111: samba security and bug fix update (Low)
-
150138 RHSA-2022:7119: mysql:8.0 security, bug fix, and enhancement update (Low)
-
150128 RHSA-2022:7128: postgresql:12 security update (Low)
-
150112 RHSA-2022:7129: git-lfs security and bug fix update (Low)
-
150143 RHSA-2022:7133: 389-ds:1.4 security update (Low)
-
150158 RHSA-2022:7134: kernel-rt security and bug fix update (Medium)
-
150148 RHSA-2022:7137: kpatch-patch security update (Medium)
-
150103 RHSA-2022:7178: thunderbird security update (Medium)
-
150115 RHSA-2022:7184: thunderbird security update (Medium)
-
150132 RHSA-2022:7185: device-mapper-multipath security update (Medium)
-
150119 RHSA-2022:7186: device-mapper-multipath security update (Medium)
-
150161 RHSA-2022:7190: thunderbird security update (Medium)
-
150097 RHSA-2022:7192: device-mapper-multipath security update (Medium)
-
150164 RHSA-2022:7288: openssl security update (Medium)
-
150118 RHSA-2022:7314: zlib security update (Low)
-
150169 RHSA-2022:7318: kernel security, bug fix, and enhancement update (Medium)
-
150111 RHSA-2022:7319: kernel-rt security and bug fix update (Medium)
-
150071 RHSA-2022:7323: python3.9 security update (Low)
-
150113 RHSA-2022:7326: pki-core security update (Medium)
-
150116 RHSA-2022:7329: lua security update (Low)
-
150082 RHSA-2022:7330: kpatch-patch security update (Medium)
-
150114 RHSA-2022:7337: kernel security and bug fix update (Medium)
-
150142 RHSA-2022:7338: kernel-rt security and bug fix update (Medium)
-
150120 RHSA-2022:7340: php-pear security update (Low)
-
150150 RHSA-2022:7343: pcs security update (Medium)
-
150107 RHSA-2022:7344: kpatch-patch security update (Medium)
-
150131 RHSA-2022:7444: kernel-rt security and bug fix update (Low)
-
150093 RHSA-2022:7447: pcs security, bug fix, and enhancement update (Low)
-
150149 RHSA-2022:7457: container-tools:rhel8 security, bug fix, and enhancement update (Low)
-
150167 RHSA-2022:7458: flatpak-builder security and bug fix update (Low)
-
150151 RHSA-2022:7461: libreoffice security update (Low)
-
150106 RHSA-2022:7464: protobuf security update (Low)
-
150101 RHSA-2022:7469: container-tools:4.0 security and bug fix update (Low)
-
150135 RHSA-2022:7470: pki-core:10.6 and pki-deps:10.6 security and bug fix update (Medium)
-
150063 RHSA-2022:7472: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Low)
-
150069 RHSA-2022:7482: qt5 security, bug fix, and enhancement update (Low)
-
150160 RHSA-2022:7514: fribidi security update (Low)
-
150146 RHSA-2022:7519: grafana security, bug fix, and enhancement update (Low)
-
150091 RHSA-2022:7524: yajl security update (Low)
-
150073 RHSA-2022:7529: container-tools:3.0 security update (Low)
-
150072 RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low)
-
150070 RHSA-2022:7548: Image Builder security, bug fix, and enhancement update (Low)
-
150075 RHSA-2022:7558: wavpack security update (Low)
-
150137 RHSA-2022:7581: python38:3.8 and python38-devel:3.8 security update (Low)
-
150074 RHSA-2022:7583: xorg-x11-server and xorg-x11-server-Xwayland security and bug fix update (Low)
-
150090 RHSA-2022:7585: libtiff security update (Low)
-
150133 RHSA-2022:7592: python39:3.9 and python39-devel:3.9 security update (Low)
-
150094 RHSA-2022:7593: python27:2.7 security update (Low)
-
150066 RHSA-2022:7594: poppler security and bug fix update (Low)
-
150168 RHSA-2022:7618: gstreamer1-plugins-good security update (Low)
-
150060 RHSA-2022:7622: unbound security, bug fix, and enhancement update (Low)
-
150136 RHSA-2022:7623: dovecot security update (Low)
-
150064 RHSA-2022:7624: php:8.0 security, bug fix, and enhancement update (Low)
-
150121 RHSA-2022:7628: php:7.4 security, bug fix, and enhancement update (Low)
-
150061 RHSA-2022:7633: dnsmasq security and bug fix update (Low)
-
150079 RHSA-2022:7639: openblas security update (Low)
-
150108 RHSA-2022:7640: mutt security update (Low)
-
150122 RHSA-2022:7643: bind9.16 security update (Medium)
-
150068 RHSA-2022:7645: openjpeg2 security update (Low)
-
150156 RHSA-2022:7647: httpd:2.4 security update (Low)
-
150125 RHSA-2022:7648: grafana-pcp security update (Low)
-
150145 RHSA-2022:7683: kernel security, bug fix, and enhancement update (Low)
-
150067 RHSA-2022:7692: xmlrpc-c security update (Low)
-
150078 RHSA-2022:7700: gdisk security update (Low)
-
150076 RHSA-2022:7704: webkit2gtk3 security and bug fix update (Low)
-
150129 RHSA-2022:7715: libxml2 security update (Low)
-
150077 RHSA-2022:7720: e2fsprogs security and bug fix update (Low)
-
150163 RHSA-2022:7730: libldb security, bug fix, and enhancement update (Low)
-
150102 RHSA-2022:7745: freetype security update (Low)
-
150140 RHSA-2022:7790: bind security update (Low)
-
150152 RHSA-2022:7793: rsync security and enhancement update (Low)
-
150105 RHSA-2022:7811: mingw-expat security update (Medium)
-
150130 RHSA-2022:7813: mingw-zlib security update (Medium)
-
150081 RHSA-2022:7821: nodejs:18 security update (Medium)
-
150154 RHSA-2022:7822: container-tools:rhel8 security, bug fix, and enhancement update (Low)
-
150062 RHSA-2022:7826: dotnet7.0 security, bug fix, and enhancement update (Low)
-
150100 RHSA-2022:7830: nodejs:14 security update (Low)
-
150186 Solaris Security Patch: (119213-41): System security update (Medium)
-
150187 Solaris Security Patch: (119214-41): System security update (Medium)
-
150188 Solaris Security Patch: (119783-50): System security update (Medium)
-
150189 Solaris Security Patch: (119784-50): System security update (Medium)
-
150190 Solaris Security Patch: (150383-30): System security update (Medium)
-
150191 Solaris Security Patch: (151912-21): System security update (Medium)
-
150192 Solaris Security Patch: (151913-21): System security update (Medium)
-
150193 Solaris Security Patch: (153264-51): System security update (Medium)
-
150194 Solaris Security Patch: (153265-51): System security update (Medium)
-
150000 Swagger Exposed API (Low)
-
150001 Swagger UI Detected (Info)
-
150232 Zoom Client URL Parsing (High)
-
150170 [USN-5671-1] AdvanceCOMP vulnerabilities (Medium)
-
150171 [USN-5673-1] unzip vulnerabilities (Medium)
-
150172 [USN-5686-1] Git vulnerabilities (Medium)
-
150173 [USN-5688-1] Libksba vulnerability (Medium)
-
150176 [USN-5688-2] Libksba vulnerability (Medium)
-
150174 [USN-5689-1] Perl vulnerability (Medium)
-
150178 [USN-5696-2] MySQL vulnerabilities (Medium)
-
150175 [USN-5698-2] Open vSwitch vulnerability (Medium)
-
150177 [USN-5700-1] Linux kernel vulnerabilities (Medium)
-
150179 [USN-5702-2] curl vulnerability (Medium)
-
150180 [USN-5704-1] DBus vulnerabilities (Medium)
-
150182 [USN-5708-1] backport-iwlwifi-dkms vulnerabilities (Medium)
-
150181 [USN-5709-1] Firefox vulnerabilities (Medium)
-
150183 [USN-5711-2] NTFS-3G vulnerability (Medium)
-
150184 [USN-5714-1] LibTIFF vulnerabilities (Medium)
-
150185 [USN-5717-1] PHP vulnerabilities (Medium)
Fixes
Updated Vulnerability Descriptions:
- 148769 Amazon Linux Security Advisory: ALAS-2022-1585 (High)
-
149989 APSB22-44: Security Updates Available for Adobe ColdFusion (High)
-
149993 Azul Zulu Critical Patch Update: OCTOBER-2022 (High)
-
149987 Google Chrome: Multiple Vulnerabilities in Versions Less Than 106.0.5249.119 (High)
-
149997 Java Critical Patch Update - CPU-JULY-2022 (High)
-
149998 Java Critical Patch Update - CPU-OCTOBER-2022 (High)
-
149988 Microsoft Edge (Chromium): Multiple Vulnerabilities in Versions Less Than 106.0.1370.47 (High)
-
149990 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox 106 (High)
-
149991 Mozilla Firefox: Multiple Vulnerabilities in Versions Less Than Firefox ESR 102.4 (High)
-
149992 Mozilla Thunderbird: Multiple Vulnerabilities in Versions Less Than Thunderbird 102.4 (High)
-
149996 Oracle Database Critical Patch Update: October 2022 (High)
-
149995 Visual Studio Code Information Disclosure Vulnerability (High)
-
149994 Visual Studio Code Remote Code Execution Vulnerability (High)
Frontline WAS Scanner
Version 2.0.4
November 15, 2022
Enhancements
- Includes several fixes and enhancements to the scanning engine and existing vulnerability checks.
Fixes
- Updated Vulnerability Descriptions:
- 148390 Apache HTTP Server 2.4.53 Security Release (High)
145498 Apache HTTP Server Security Update 2.4.48 (High)
148043 Content Security Policy Missing (Trivial)
145502 Drupal Core Security Advisory: SA-CORE-2021-003 (Medium)
145633 Drupal Core Security Advisory: SA-CORE-2021-004 (Medium)
146102 Drupal Core Security Advisory: SA-CORE-2021-005 (High)
146407 Drupal Core Security Advisory: SA-CORE-2021-006 (Low)
146408 Drupal Core Security Advisory: SA-CORE-2021-007 (Medium)
146409 Drupal Core Security Advisory: SA-CORE-2021-008 (Medium)
146410 Drupal Core Security Advisory: SA-CORE-2021-009 (Medium)
146958 Drupal Core Security Advisory: SA-CORE-2021-010 (Medium)
147294 Drupal Core Security Advisory: SA-CORE-2021-011 (Medium)
147935 Drupal Core Security Advisory: SA-CORE-2022-001 (Medium)
147936 Drupal Core Security Advisory: SA-CORE-2022-002 (Medium)
147937 Drupal Core Security Advisory: SA-CORE-2022-003 (Medium)
147938 Drupal Core Security Advisory: SA-CORE-2022-004 (Medium)
148393 Drupal Security Advisory SA-CORE-2022-005 (Medium)
148394 Drupal Security Advisory SA-CORE-2022-006 (Medium)
148389 HTTP Strict Transport Security (HSTS) Header missing (Trivial)
148404 Joomla! Core Security Advisory March 2022: Multiple Vulnerabilities in Versions 2.5.0-3.10.6 and 4.0.0-4.1.0 (High)
148405 Joomla! Core Security Advisory March 2022: Multiple Vulnerabilities in Versions 3.7.0-3.10.6 (Medium)
148403 Joomla! Core Security Advisory March 2022: Multiple Vulnerabilities in Versions 4.0.0-4.1.0 (Medium)
123536 jQuery Framework Detected (Info)
117573 JspWebShell Detected (Critical)
102095 Wordpress Detected (Info)
Digital Guardian
There are currently no updates.
Powertech
Exit Point Manager for IBM i
Version 8.0
November 15, 2022
Features
-
Added an Analytics tool with features that increase the user's ability to perform triage and forensic activities while implementing the organization's security strategy. All the following features allow immediate access to transaction data and visibility to which rule matched each transaction:
-
Exit points will write Captured Transaction data directly to a DB2 table, eliminating the need for the Captured Transaction journal.
-
The summarization job will monitor incoming transactions and summarize based on the user-customizable Summarization Strategy.
-
The Summarization Strategy component allows you to configure how much total MB data to retain, and time limits for how long to keep individual transaction records (Detail) before rolling them up into summarized Hourly, Daily, and Monthly transaction records for each unique combination of Server/Function/User.
-
Analytics screens allow traversing the data from the top summary levels and drilling down into the details.
-
Users can pre-configure display filters, create new filters, use more detailed selection and sorting criteria, and maintain user views for future sessions.
-
-
Added the following screens:
-
Configurable Filters Maintenance, which includes: filters that allow the user to quickly pare down large amounts of Captured Transactions by specifying a field and a value or range of values; filters that can be combined to further refine how much data is returned and aid in finding a particular transaction; a few helpful filters shipped with the product; and allowing the user to create and name additional filters that can be quickly retrieved for use when viewing Captured Transactions.
-
Saved Views, which allows the user to quickly save and name a "snapshot" of how the Work with Captured Transaction screen is currently configured using filters and sort sequences. These Saved Views can then be quickly retrieved for reuse and serve as a starting point to build upon or eliminate the need to reconfigure a frequently used setup.
-
Sort Sequence Selection and Maintenance in the Analytics feature, where the user can define ascending and descending sort sequences based on one or more Captured Transactions’ record fields.
-
Captured Transactions—Work with Summarized Transactions, as part of the Analytics feature, which summarizes all Captured Transactions down into one record for each combination of the same Server/Function/Action (Allow or Reject); shows a count of how many associated transactions there are; and allows the user to drill down to their desired detail level.
-
-
Using Central Administration and Exit Point Manager on a managing system, users can now view and maintain Filters, Saved Views, and Summarization Strategy on any connected endpoint. Users cannot view Captured Transaction data on connected endpoints.
-
Journaled the following files to PTNSLIB07/PWRJRN: PNSCSD, PNSCSM, PNSCSQ, PNSCTF, PNSFLD, PNSUPD, and PNSUPF.
Enhancements
-
Improved the following screens’ appearance and/or usability:
-
Add/Change Rules (User and Location) for the Global Rules Facility.
-
Add Object List Entry’s Type field: added assistive text.
-
Configuration Menu: removed the blank row between options 1 and 2 and shortened the menu option names.
-
Main Menu: added an Active Analytics feature, which contains all the new tools for working with Captured Transactions.
-
Modern and Legacy Reports Menus: shortened long names, regrouped or repositioned items, and renumbered items sequentially.
-
Security Menu: shortened long names, regrouped or repositioned items, renumbered items sequentially, and added context-sensitive help.
-
Security by Server and Security by User: standardized field names' spelling.
-
Socket Rule’s fields: standardized field names’ spelling and added assistive text.
-
Valid Authorities’ selection: added descriptions.
-
Work with Captured Transactions:
-
Shows more detail without opening each transaction record. See when each transaction occurred, whether the transaction was allowed or rejected, and press a function key to see the transaction's request data and which rule was matched.
-
Grouped transactions into configurable "time ranges." Detail transactions are a single record. Identical Hourly, Daily, and Monthly transactions are summarized into one record.
-
-
Work with Location/User Pre-filters’ function keys: all keys appear without having to press "F24=More keys."
-
Removed an extra menu layer between selecting the Test Socket Rules menu option and displaying the PNSTSTQSO command.
-
Updated Help text in all applicable screens.
-
-
Added the ability to create user rules, location rules, or pre-filter rules directly from the Captured Transactions screen.
-
Eliminated the message id PLK9000 "Server does not supply transaction data for the function" in the Captured Transaction's Request field, if there was no request data supplied by the exit point. This removal minimizes processing and conserves disk space.
-
Modified upgrade/conversion code to retain existing Captured Transaction data and migrate it into the new database storage scheme.
-
Updated compatibility with Insite to properly display Captured Transactions using configurable levels of summarization.
-
Updated the DLTCPTTRN command to include the new Summary Level field (Detail, Hourly, Daily, Monthly) parameters.
-
Changed "OS400," "iSeries," and "IBMi" text on screens, help text, and reports to “IBM i.”
-
Updated *OS400 and *MEMOS400 authority text to *ALLOW and *MEMALLOW on all screens and reports, and on the following Rule commands: CHGLOCRUL, CHGOBJRUL, CHGUSRRUL, CRTLOCRUL, CRTOBJRUL, CRTUSRRUL, and DLTOBJRUL.
-
Modified the PNSSTRMON and PNSENDMON commands to start and end all three monitor jobs (PNSEVTMON; PTNSGMSTR; and SUMCAPTRAN) in the PTWRKMGT subsystem. Previously, PNSTRMON and PNSENDMON were used to start and stop only the PNSEVTMON job.
-
Insite will now show the proper Authority value for IBM i systems. The Authority value for version 8.0 and above is *ALLOW, and for version 7.99 and below is *OS400.
Fixes
-
Fixed issue that could cause incorrect or incomplete feedback when either the CHGUSRRUL or CHGLOCRUL commands were executed.
-
Fixed an Insite issue in Product Configuration where it displayed an intermittent, incorrect server status as active or inactive. Fixed a similar IBM i issue in Server Properties, where the Enforce Server Rules’ field value was not always correct.
-
Fixed issue where the Modern Reports Menu was not defaulting to appear after product installation.
-
Fixed issue that could cause improperly entered IP address range values for IP Address Groups not to match transactions to Location Rules.
-
Fixed intermittent issue that could cause rules for an endpoint to show up on the Manager when it had not been selected.
-
Fixed issue with Object Rules and MEMOBJ authority that could cause an LNS0703 error when matched with a transaction containing a large SQL statement.
-
Fixed issue where Location Rules were not working with the *TFTP exit point processing.
-
Fixed issue caused by adding Server Function data via the LWRKGENSRV command.
-
Fixed issue where the user didn’t receive immediate feedback when using the PNSLOGEXT command to send output to an *OUTFILE and entering an invalid library name.
-
Fixed issue where running modern reports with PNSLOGEXT caused error MCH3601 if the journal receiver containing the data it needs is no longer available on the system.
-
Fixed issue where creating a report using the PNSLOGEXT command and saving it to the IFS caused an error.
-
Fixed issue where Object type descriptions were truncated on the Select Object Type screen (NSOBJUT).
-
Fixed issue where the Location Group Report did not show any IP Address groupings.
-
Fixed issue where an invalid *ALL value was allowed in the User Rules screen's User field.
-
Fixed isolated issue for one type of *RMTSRV captured transaction that could cause a user's password to be visible.
-
Fixed issue where the cursor was not placed in the correct position when returning from creating a new Location Group entry.
-
Fixed issue with Object List entry validation where allowing an invalid asterisk for "File type" could cause an attached rule to not be processed.
-
Fixed issue that sometimes caused one user record to not be displayed when the User Group list was being subset.
-
Fixed issue where the user was unable to disable Exit Point Manager jobs from Central Administration.
-
Removed the "Journal receiver delete handling" and "Change last captured date/time" parameters from the LCHGCAPSUM command, leaving only the "Delay time" parameter.
-
Restored missing commands for maintaining NS User Groups (ADDNSUGRPM, CHGNSUGRP, and CRTNSUGRP).
-
Removed the Start Here link from the installer.
BoKS Web Services Interface
Version 8.1.0.2
November 1, 2022
Fixes
-
Fixed known issue with requesttimeout value.
-
Fixed issue with the syslog logging appender opening a UDP port even if syslog is not turned on.
-
Hidden implementation details from general error page.
-
Upgraded dependencies.
Version 8.0.0.6
November 1, 2022
Fixes
-
Fixed issue with the syslog logging appender opening a UDP port even if syslog is not turned on.
-
Hidden implementation details from general error page.
-
Upgraded dependencies.
Version 7.2.0.7
November 1, 2022
Fixes
-
Fixed issue with the syslog logging appender opening a UDP port even if syslog is not turned on.
-
Hidden implementation details from general error page.
-
Upgraded dependencies.
Titus
Titus Classification Suite for Windows
Version 2022.0
November 4, 2022
New Features
-
Titus now works with Microsoft sensitivity labels in Microsoft Office 365. You can map Microsoft sensitivity labels to Titus fields and values, so that Titus users can process documents and emails that contain a Microsoft sensitivity label.
-
You can use Policy Manager to set Schemas and Policies and publish them as a TCPG file to be consumed by TCS for Windows.
-
You now have the option to use the Titus logo (the default), a custom logo, or no logo in the Titus Ribbon and Select dialog.
-
The Titus Dashboard has been deprecated. You can use the Data Classification Reporting Server and the Reporting Collector Intelligence Pack in its place.
While you can still see the option to enable the Dashboard in the Titus Administration Console (if you have the Dashboard configured), it no longer works.
-
The Reporting Collector Intelligence Pack is a collection of dashboards that allow the data from the Reporting Collector to be displayed. They can either be used as-is or be customized. Intelligence Packs are installed and displayed using the HelpSystems Data Classification Reporting Server and come with pre-defined roles and permissions.
Enhancements
-
You can now revert visual markings in a document by selecting Ctrl + Z once or selecting a single action from the Undo menu.
-
Improvements to Auto-Save functionality have been made to reduce the number of audit log events when documents are saved to a Cloud drive. This applies to Microsoft Office 2016 or later and Microsoft Office 365.
-
You can now apply a classification, using the context-menu, to the following Calendar items:
-
Meeting requests
-
Meeting responses (Accept, Decline, Tentative)
-
Send cancellation
-
Update meeting (standard and recurring)
NOTE: This feature does not support Microsoft Outlook items that use RTF content. -
Fixes
-
XLAM files are not being saved when Titus add-in is enabled and Microsoft Excel is open
-
Cannot preview Microsoft Excel spreadsheets in File Explorer in Microsoft Office 365.
-
If a Microsoft Excel spreadsheet is received as an attachment in an email, the Classification may disappear when trying to save or print the spreadsheet.
-
In Microsoft PowerPoint, when a classified document is still open, downgrade warnings do not appear when you open another classified document of which you want to change the classification.
-
If you delete custom properties and Titus GUID in a document, they do not get re-added upon saving the document.
-
Classification Dialog appears a second time when sending an email after setting classification the first time.
-
Scroll bar appears for entire Classification dialog instead of only areas where needed, such as sub-classifications.
Vera
Version 3.21.1
November 2022
Updates
-
Vera announces the end of support for macOS Catalina with the 3.22.0 release.
-
Vera announces the support for macOS Ventura with the 3.21.0 release.
Vera has verified that the newly released macOS Ventura works as expected with Vera’s previously released 3.21.0 version.
Fixes
-
Fixed an issue when performing a perm-sync of files through SharePoint, the evaluated source resulted in FileShare instead of Classification Rules, which impacted folder-level Classification Rules.
-
Fixed an issue of the invalid date range in the Licensed Users Report.
-
Fixed an issue where the Kerberos Single Sign-On (SSO) authentication did not work with Two-Factor Authentication (2FA).
-
Fixed an issue where Vera will notify the users to disable the Adobe Acrobat new UI feature that blocks them from accessing the secured files. Users can revert to the old UI by clicking View > Disable New Acrobat in the Acrobat application.