Is patch available for CVE-2014-3566?
Is patch available for CVE-2014-3566?
Update your OS X to the latest version plus any security updates.
Pete
Similar Messages
-
CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux Question
CSCur27617: AnyConnect vulnerable to POODLE attack (CVE-2014-3566) Win/Mac/Linux
I wanted to know if the AnyConnect Secure Mobility Client would still be vulnerable to this if it was only connecting via SSL VPN (TLS) to an ASA that already has the workaround implemented on it (Disable SSLv3)?
Thanks,
Rob MieleHi Rob ,
According to the bug:
All versions of desktop AnyConnect for Mac OS X and Linux prior to 3.1.00495 are vulnerable , so Anyconnect 3.1.06.073 is safe from POODLE vulnerability
On the Anyconnect you can disable the SSL using Ikev2 instead of the SSL protocols , however as the bug mention , the client creates a paralel ssl tunnel to get updates and profile from the router.
If you're asking to disable SSLv3 on the router , unfortunately there is not code yet , the workaround is to disable the webvpn or upgrade the VPN client.
As well here is the officil advisory for the POODLE vulnerbility on Cisco Products.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
Hope it helps
- Randy - -
Hi,
I am using a Weblogic Server 8.1 SP4 on my local development environment. The application has a JMS based report module. A report is created by the front-end and stored in a JMS Queue with a persistent FileStore. Once the report is created, the report is available until someone deletes the report from the Queue.
Now the problem:
The "new" application with reports module has been deployed to a TEST environment with WLS 8.1 SP3. The report creation works, the report is stored in the FileStore, but is accessible through the front-end only once. It is a JSP with content header (PDF) reading the byteArray Message from the Queue.
For the second time, the result on the front-end is "NUL" (3 digits in HTML Source). When re-starting the server everything is fine again(but each report can be fetched from the Queue only once).
Unfortunately upgrading the SP is not a solution, because the TEST and PRODUCTION environment of the client cannot be upgraded easily.
- Is there a patch available for the problem?
- Can anyone explain me what is the problem with that?
- Is there a workaround?
The servers are Windows 2003 servers...
Thanks and regards,
BernhardHi,
I am using a Weblogic Server 8.1 SP4 on my local development environment. The application has a JMS based report module. A report is created by the front-end and stored in a JMS Queue with a persistent FileStore. Once the report is created, the report is available until someone deletes the report from the Queue.
Now the problem:
The "new" application with reports module has been deployed to a TEST environment with WLS 8.1 SP3. The report creation works, the report is stored in the FileStore, but is accessible through the front-end only once. It is a JSP with content header (PDF) reading the byteArray Message from the Queue.
For the second time, the result on the front-end is "NUL" (3 digits in HTML Source). When re-starting the server everything is fine again(but each report can be fetched from the Queue only once).
Unfortunately upgrading the SP is not a solution, because the TEST and PRODUCTION environment of the client cannot be upgraded easily.
- Is there a patch available for the problem?
- Can anyone explain me what is the problem with that?
- Is there a workaround?
The servers are Windows 2003 servers...
Thanks and regards,
Bernhard -
Are there any patches available for Dev 21
Hi,
We've been working with Forms50 and Reports 25 under win95 for
quite a while and have noticed occasional problems:
- A program abort due to page fault protection under win95.For
example, R30DES32 : R30LIB.dll.
- You issue compile all and get and error that forms is not
able to go to (goto error button).
- A compile error that requires login in and out and
recompile to fix.
I wonder if
- there are any patches available for Dev 21,
- i have a memory shortage problem,
- these are (especially case 1) win95 problems.
Please help will be welcomed ................!
nullWhere can I find them?
thanks in advance,
Xiaolin
Jason Judge (guest) wrote:
: There are patches for the 32bit v2.1 Windows environments
dated:
: 24 June 98
: 5 August 98
: 16 September 98
: 21 Octomer 98
: 21 February 99
: and I believe a new one is just out.
: Take your pick!
: JJ
: Luis Medina (guest) wrote:
: : Hi,
: : We've been working with Forms50 and Reports 25 under win95
for
: : quite a while and have noticed occasional problems:
: : - A program abort due to page fault protection under
: win95.For
: : example, R30DES32 : R30LIB.dll.
: : - You issue compile all and get and error that forms is not
: : able to go to (goto error button).
: : - A compile error that requires login in and out and
: : recompile to fix.
: : I wonder if
: : - there are any patches available for Dev 21,
: : - i have a memory shortage problem,
: : - these are (especially case 1) win95 problems.
: : Please help will be welcomed ................!
null -
HT1338 security patch available for OS 10.4 ?
is there a security patch available for the os 10.4 imac?
No, and very, very, very, very unlikely there ever will be (Tiger support was dropped ages ago). Disable Java (Javascript is okay) in your browsers (how depends upon the browser you use -- also disable autoopen downloads); don't do anything incautious if you see sites offering to upgrade your software.
See also:
https://discussions.apple.com/thread/3855254 -
Sourcefire rule for CVE 2014-1692
Hi,
Please mention me the Sourcefire rule number for CVE 2014-1692.
Best Regards,
Jackson KuHi,
Thanks for your reply. Do you mean no Sourcefire rule for CVE 2014-1692 currently, and we should raise a TAC case to request?
Best Regards,
Jackson -
Bash bug CVE-2014-6271 patch availability for OL4?
Hi,
Kindly advise how to download the CVE-2014-7169 CVE-2014-6271 security patches for Oracle Linux 4?
Rgds;
ShirleyExactly the same way as you would for OL5, OL6 or OL7: either connect your machine to the Unbreakable Linux Network or public-yum.oracle.com and use the up2date tool to upgrade bash.
-
New Patch Available for OATS 12.1
Hi All,
There is a new patch available on metalink for 12.1 which fixes a whole bunch of issues (especially with OTM). The filename is p14159195_12101_WINNT.
Regards
Wayne.Hi,
My apologies, the download page is currently down and I am working on getting it live again. In the meantime, you can download the patch directly using this link:
2012 SP1 f1 patch downloader
Please let me know if you have any issues accessing this link.
Al B.
Staff Software Engineer - TestStand
CTA/CLD -
Is the Oracle database 11.1.0.7 patch available for linux 64 bit
I only Microsoft downloads for this patch - does this mean we have to go to 11.2. Thanks for the input!
It is the same patch number.
I see it as available for Linux x86-64, Linux x86, Windows 32bit and WIndows 64 bit.
Perhaps you want to install the new OCM for Oracle Support - it should help you get those patches without searching. ;-) -
TestStand 4.0.1f1 Evaluation and 4.0.1f1 Patch Available for Download
NI TestStand 4.0.1f1 has been released and is available for download.
This release fixes the incorrect behavior of the Insertion Palette control and Variables View control when used in User Interfaces after .NET Framework 2.0 Service Pack 1 or later has been installed.
If you have previously installed TestStand 4.0.1, you may simply install the patch linked from this KnowledgeBase to fix the behavior. Distributions built from patched development machines will include the fix in their deployments.
If you have not installed TestStand 4.0.1 on your computer, you may install the evaluation of 4.0.1f1 and activate it with your TestStand development serial number. The evaluation includes the fixed components from the patch above. Upgrading from 4.0 to 4.0.1f1 is free and includes many bug fixes and improvements.
TestStand 4.0.1f1 Evaluation Software
If you require this patch for TestStand 4.0, please contact National Instruments Support to request it.
Message Edited by Josh W. on 02-05-2008 09:48 AM
Josh W.
Certified TestStand Architect
Formerly blueLabVIEW 7.1.1 is the oldest supported version of LabVIEW for TestStand 4.0.
Allen P.
NI -
Hello Apple, where is the patch for CVE-2014-6271?
Any timeframe?
I have not seen any information posted online.
ThanksYou are referring to the bash bug?
BASH Bug?
It will be the same as all other security bugs Apple fixes - silence until they release a fix, I linked to a post that replaces bash with a newer version from homebrew. Use that if you have systems exposed by this flaw, I suspect it will be in the malware & exploit toolkits by now. -
Latest patch available for R12
hello masters,
i would like to know that how can i know that the latest patch for oracle apps R12 is released y oracle ...i searched on metalink....is there any document which will give me details about latest available patch??
thanks and regards
VDhello sir,
but report file generated in patchset.sh directory is as follows..i run the script as "./patchset.sh" do i need to specify anything more??
Could not determine Applptch.txt Format
=============================================================================
Report Generated: Wed May 27 22:17:42 IST 2009 Tool Version: 4.41
Patchsets List Updated:
Machine/OS: Linux appsserver.microproindia.com 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:12 EDT 2008 i686 athlon i386 GNU/Linux
Domain:
applptch Source: /clone/apps/apps_st/appl/admin/applPT.txt
Version from APPLPTCH:
Database: PROD
Limited Report to: ALL Products, APPLFULL/Share not set.
Written By: Oracle Support, SSANDREW
WARNING: DOWNLOAD CHANGING NOVEMBER 3rd, 2006
Program Updates: ftp://ftp.oracle.com/support/outgoing/PATCHSET_COMPARE_TOOL
Download Patchsets: Go to link below or click on Patches
http://metalink.oracle.com/metalink/plsql/dis_download.startup
=============================================================================
Applied Patchsets that Match ARU:
Prod Patchset Bug RELEASED Release Status
=======================================================================================
No patchsets seem to Match.
== This is unusual: Manually look in /tmp for the listings
== of current patchsets and compare them manually to confirm
== that this is correct !
The Most Recent Release Patchsets (Not Included Above) are:
=======================================================================================
Base Patchset List for included below:
=============================================================================and my R12_patches.txt have following entries....at th top of this file it is written that "Could not determine Applptch.txt Format" and at the end "Applied Patchsets that Match ARU:" has no list .........what does it means??
Patchset
Product Name Bug_number RELEASED_ Status DISTRIBUTION
ad R12.AD.A 4502962 18-JAN-07 Checkin Released By_Metalink
ad R12.AD.A.1 5905728 13-APR-07 Checkin Released Not_Distributed
ad R12.AD.A.2 6014659 13-JUL-07 Checkin Released Not_Distributed
ad R12.AD.A.3 6272715 14-OCT-07 Checkin Released Not_Distributed
ad R12.AD.A.4 6510214 13-JAN-08 Checkin Released By_Metalink
ad R12.AD.A.5 7305206 04-AUG-08 Checkin Released Not_Distributed
ad R12.AD.A.6 7305220 05-NOV-08 Checkin Released By_Metalink
ad R12.AD.B 6665350 13-AUG-08 Checkin Released Not_Distributed
ad R12.AD.B.1 7461070 10-APR-09 Checkin Released By_Metalink
ad R12.AD.B.1 7458155 08-APR-09 Checkin Released Not_Distributed
ado R12.ADO.A 6871277 11-AUG-08 Checkin Released Not_Distributed
ado R12.ADO.B 6867824 11-AUG-08 Checkin Released Not_Distributed
ado R12.ADO.B.1 7460276 07-APR-09 Checkin Released Not_Distributed
ahl R12.AHL.A 4510344 18-JAN-07 Checkin Released Not_Distributed
ahl R12.AHL.A.1 5886833 13-APR-07 Checkin Released Not_Distributed
ahl R12.AHL.A.2 6002370 12-JUL-07 Checkin Released Not_Distributed
ahl R12.AHL.A.3 6264216 12-OCT-07 Checkin Released Not_Distributed
ahl R12.AHL.A.4 6506800 10-JAN-08 Checkin Released Not_Distributed
ahl R12.AHL.A.5 7290906 29-JUL-08 Checkin Released Not_Distributed
ahl R12.AHL.A.6 7291478 03-NOV-08 Checkin Released Not_Distributed
ahl R12.AHL.B 6657341 12-AUG-08 Checkin Released Not_Distributed
ahl R12.AHL.B.1 7458382 08-APR-09 Checkin Released Not_Distributed
ak R12.AK.A 4496642 18-JAN-07 Checkin Released Not_Distributed
ak R12.AK.A.1 5907546 13-APR-07 Checkin Released Not_Distributed
ak R12.AK.A.2 5917306 13-JUL-07 Checkin Released Not_Distributed
ak R12.AK.A.3 6077390 11-OCT-07 Checkin Released Not_Distributed
ak R12.AK.A.4 6354123 11-JAN-08 Checkin Released Not_Distributed
ak R12.AK.A.5 6594738 29-JUL-08 Checkin Released Not_Distributed
ak R12.AK.A.6 7237094 03-NOV-08 Checkin Released Not_Distributed
ak R12.AK.B 6430051 11-AUG-08 Checkin Released Not_Distributed
ak R12.AK.B.1 7307331 07-APR-09 Checkin Released Not_Distributed
alr R12.ALR.A 4496584 18-JAN-07 Checkin Released Not_Distributed
alr R12.ALR.A.1 5907552 13-APR-07 Checkin Released Not_Distributed
alr R12.ALR.A.2 5917314 13-JUL-07 Checkin Released Not_Distributed
alr R12.ALR.A.3 6077418 11-OCT-07 Checkin Released Not_Distributed
alr R12.ALR.A.4 6354126 11-JAN-08 Checkin Released Not_Distributed
alr R12.ALR.A.5 6594741 29-JUL-08 Checkin Released Not_Distributed
alr R12.ALR.A.6 7237106 03-NOV-08 Checkin Released Not_Distributed
alr R12.ALR.B 6430052 11-AUG-08 Checkin Released Not_Distributed
alr R12.ALR.B.1 7310220 07-APR-09 Checkin Released Not_Distributed
ame R12.AME.A 5348050 18-JAN-07 Checkin Released Not_Distributed
ame R12.AME.A.1 5889626 13-APR-07 Checkin Released Not_Distributed
ame R12.AME.A.2 5997203 12-JUL-07 Checkin Released Not_Distributed
ame R12.AME.A.3 6196260 12-OCT-07 Checkin Released Not_Distributed
ame R12.AME.A.4 6506440 11-JAN-08 Checkin Released Not_Distributed
ame R12.AME.A.5 6835789 15-MAY-08 Checkin Released Not_Distributed
ame R12.AME.A.6 7291407 04-NOV-08 Checkin Released Not_Distributed
ame R12.AME.A.7 7644754 15-MAY-09 Checkin Released Not_Distributed
ame R12.AME.B 6658013 12-AUG-08 Checkin Released Not_Distributed
ame R12.AME.B.1 7457049 08-APR-09 Checkin Released Not_Distributed
aml R12.AML.A 4460087 18-JAN-07 Checkin Released Not_Distributed
aml R12.AML.A.1 5884237 12-APR-07 Checkin Released Not_Distributed
aml R12.AML.A.2 6000240 12-JUL-07 Checkin Released Not_Distributed
aml R12.AML.A.3 6261886 10-OCT-07 Checkin Released Not_Distributed
aml R12.AML.A.4 6494418 11-JAN-08 Checkin Released Not_Distributed
aml R12.AML.A.5 7299908 04-AUG-08 Checkin Released Not_Distributed
aml R12.AML.A.6 7303707 03-NOV-08 Checkin Released Not_Distributed
aml R12.AML.B 4562141 11-AUG-08 Checkin Released Not_Distributed
aml R12.AML.B.1 7442385 07-APR-09 Checkin Released Not_Distributed
ams R12.AMS.A 4460205 18-JAN-07 Checkin Released Not_Distributed
ams R12.AMS.A.1 5884360 12-APR-07 Checkin Released Not_Distributed
ams R12.AMS.A.2 6000306 12-JUL-07 Checkin Released Not_Distributed
ams R12.AMS.A.3 6261509 10-OCT-07 Checkin Released Not_Distributed
ams R12.AMS.A.4 6494430 11-JAN-08 Checkin Released Not_Distributed
ams R12.AMS.A.5 7299932 04-AUG-08 Checkin Released Not_Distributed
ams R12.AMS.A.6 7303708 03-NOV-08 Checkin Released Not_Distributed
ams R12.AMS.B 4562181 11-AUG-08 Checkin Released Not_Distributed
ams R12.AMS.B.1 7428040 07-APR-09 Checkin Released Not_Distributed
amv R12.AMV.A 4460199 18-JAN-07 Checkin Released Not_Distributed
amv R12.AMV.A.1 5884098 12-APR-07 Checkin Released Not_Distributed
amv R12.AMV.A.2 6000228 12-JUL-07 Checkin Released Not_Distributed
amv R12.AMV.A.3 6261872 10-OCT-07 Checkin Released Not_Distributed
amv R12.AMV.A.4 6496900 11-JAN-08 Checkin Released Not_Distributed
amv R12.AMV.A.5 7299944 04-AUG-08 Checkin Released Not_Distributed
amv R12.AMV.A.6 7303709 03-NOV-08 Checkin Released Not_Distributed
amv R12.AMV.B 4562216 11-AUG-08 Checkin Released Not_Distributed
amv R12.AMV.B.1 7442386 07-APR-09 Checkin Released Not_Distributed
.................now which patches are applied??? and which patches i need to apply?? what is this not distributed??? and what is checkin release???
if you please explain this i will be thankful to you...
thanks and regards
VD
Edited by: vikrant dixit on May 28, 2009 1:59 AM -
Versions and Patches available for XI
Hi,
Can anybody send me the available versions and exact patches for those versions in XI?
Appreciate your response.
Thanks,
Kumar.Hi,
XI 3.0 = 2004
PI 7.0 = 2004s
and for example
XI 3.0 SP 15 = PI 7.0 SP06
(like in the table provided by Aashish Sinha)
To your question:
XI 2.0 ?
XI 3.0 & PI 7.0:
http://help.sap.com/saphelp_nw04/helpdata/en/c9/9844428e9cbe30e10000000a155106/frameset.htm
PI 7.1 (in ramp up):
/people/daniel.bianchin/blog/2007/12/19/all-you-wanted-to-know-about-sap-netweaver-pi-71-and-more
Regards
Patrick -
Mitigting SSL v3 POODLE Vulnerability (CVE-2014-3566)
Hi all,
Another day, another vulnerability. Feel like we are swimming against the tide.
Now, SSL v3 has been shown to be vulnerable (looks like a protocol issue, not an implementation issue, so patches are doubtful) and so I am looking at what we can do to mitigate this. Clients (such as IE, Firefox and Chrome (sort of)) can be set to disable SSL v3, but rolling this out across an Enterprise might not be that easy.
In IIS (that would be running TMS) you can switch off SSL v3 via a reg edit, but are there any knock on effect? What about the web services built into CODECs, MCUs and other infrastructure devices - can SSL v3 be switched off?
Look forward to the responses.
Cheers
ChrisHi All,
This tidbit is not Cisco orientated per se, but some of you might find it useful (if you haven't found the info yourselves already (it's what I sent around to my team here):
There are many things you can do to mitigate this vulnerability, as you can also disable SSL3 in various clients (although this might affect communication with legacy systems)
Firefox – Version 34 (due for release at the end of November) will disable SSL v3 by default, but they have released a plug in that can disable this immediately. See https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
IE – You can turn off SSL 3 from the Settings -->Internet Options --> Advanced --> Security, section however, if you find that the options to check SSL/TLS are greyed out (as they are on my machine), this maybe a hang over from previous security software installation.
However, I will override this using GPO so domain joined PCs will have this setting updated. The GPO applied to the domain is:
Computer Setting --> Administrative Templates --> Windows Components --> Internet Explorer --> Internet Control Panel --> Advanced Page --> Turn Off Encryption Support = TLS 1.0, TLS 1.1, and TLS 1.2 ONLY
Chrome – This is a little more difficult. It seem you can only do this at this moment in time by adding a switch to the start-up command (you can modify the shortcut on either Windows or Mac). Check out https://zmap.io/sslv3/browsers.html -
BUG #CSCur27131 - Evaluation of CVE-2014-3566 on Cisco Email Security Appliance
I have raised a support case with TAC to try and get more information on the preferred config as well as what Ciphers then become available. Points raised in the support case are as follows:
Current config based from existing artilce pre-POODLE > MEDIUM:HIGH:-SSLv2:-aNULL:@STRENGTH
Should the new config be > MEDIUM:HIGH:-SSLv2:-SSLv3:-aNULL:@STRENGTH
Use of strength meaning that the Ciphers are ordered and presented strongest to weakest as negotiation should occur at the first mutually accepted cipher.
What are the TLSv1 Ciphers used by Ironport (verify under sslconfig CLI appears only to list SSL ciphers)
Finally, does the Ironport support or plan to support in the future TLSv1.1 and TLSv1.2 ciphers?
Response from TAC so far is the same as the referenced article - https://tools.cisco.com/bugsearch/bug/CSCur27131 which doesn't address all my points
PaulNegating SSLv2 and SSLv3 in the cipher suite has no effect as long as only enabled TLSv1 is enabled.
And reordering ciphers by strength won't bring anything since the client's ciphers order will always be preferred.
Also, MD5 should be disabled as it's widely considered too weak for the job.
My recommendation would be to use the following suite > HIGH:MEDIUM:!aNULL:!MD5
Maybe you are looking for
-
Oracle8.1.5 and XML parser for PL/SQL
Hi, Does XML parser for PL/SQL work with Oracle 8.1.5? Did any one install the same and if so what are steps to follow? I ran initjvm.sql to install JServer and then tried to load jar files using loadjava, but it's giving error. It's working fine wit
-
Please delete my Adobe account and remove all my data from your servers
As above. Thank you.
-
Local copy of Wordpress blog doesn't recognize cyrillic font
I've installed LAMP using the [wiki]LAMP[/wiki] wiki page. There was no problem during the instalation and configuration, but my local Wordpress blog is not recognizing any of my blog posts that are written on cyrullic, there are only ???????? instea
-
CS6 not opening in mac, Urgent!
I run a school provided MacBook and i recently updated my OSX to Lion but now my Cs6 wont work (ps bounces, app manager bounces, & they repeat) i'm pretty sure that the school has purchased photoshop so i dont know what the problem would be caused by
-
My iPad2 and iphone4s are no longer sharing contacts with icloud. I have checked everything I can think of. Please help