[BESAdmin-Announcements] OS Deployment and Bare Metal Imaging 3.3 - News flash for OpenSSL TLS heartbeat read overrun vulnerability (CVE-2014-0160)
Announcements for BES Administrators
besadmin-announcements at bigmail.bigfix.com
Mon Apr 14 10:07:56 PDT 2014
Content in the OS Deployment and Bare Metal Imaging site has been
modified.
Reasons for Update:
* Provided version 3.3.12 of the MDT Bundle Creator tool. Starting from
this version the MDT Bundle Creator tool is not subject to the
CVE-2014-0160 vulnerability.
Exposure details:
Older version of the MDT Bundle Creator may expose the CVE-2014-0160
vulnerability when the proxy option in the parameters.ini configuration
file is used to address an HTTPS proxy
(proxy=https://<PROXY_SERVER>:<PORT>).
When the proxy option in the parameters.ini configuration file is used to
address an HTTP proxy (proxy=http://<PROXY_SERVER>:<PORT>) or if the proxy
option is not used there is no security vulnerability exposure.
Published site version:
OS Deployment and Bare Metal Imaging, version 37.
Actions to Take:
Gathering of the site will automatically show the updates made.
Application Engineering Team
IBM Endpoint Manager
IBM Italia S.p.A.
Sede Legale: Circonvallazione Idroscalo - 20090 Segrate (MI)
Cap. Soc. euro 347.256.998,80
C. F. e Reg. Imprese MI 01442240030 - Partita IVA 10914660153
Società con unico azionista
Società soggetta all?attività di direzione e coordinamento di
International Business Machines Corporation
(Salvo che sia diversamente indicato sopra / Unless stated otherwise
above)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20140414/38e47cd5/attachment.html>
More information about the Besadmin-announcements
mailing list