[BESAdmin-Announcements] IBM Endpoint Manager 9.1 patch 1 (Heartbleed fix) released

[Announcements for BES Administrators]

9.1.1082 (9.1 patch 1) is an emergency patch release to close the OpenSSL
Heartbleed vulnerability (CVE-2014-0160). This is a critical vulnerability
that
affects 9.1 servers and relays. If you are running a 9.1 deployment, you
need to upgrade immediately in order to close the vulnerability.

Only deployments running 9.1.1065 are exposed to the Heartbleed
vulnerability.
Earlier versions are not vulnerable. After upgrading from 9.1.1065 to
9.1.1082,
the following steps should be performed to revoke any
potentially-compromised
credentials (these steps do not need to be performed if upgrading from 9.0
or
earlier):
  1) Rotate the server signing key:
      http://www-01.ibm.com/support/docview.wss?uid=swg21669587
  2) Rotate custom SSL certificates in Web Reports or the Root Server, if
      you are using them (note: this is not common).
  3) Change all Console user passwords (especially master operator
passwords)
  4) Change any database or network proxy passwords that are in root server
      or relay settings.
  5) Rotate the client keys for all relays, especially DMZ relays, using
Fixlet
      1759 in the BES Support site (or
      http://www-01.ibm.com/support/docview.wss?uid=swg21670787 for manual
      instructions).

9.1.1065 agents are also exposed to the Reverse Heartbleed vulnerability,
but
can only be exploited by an attacker setting up a new relay that the agent
connects to. If you suspect this type of attack has occurred, please
contact
support for recommendations.

* Detailed changelist:
http://support.bigfix.com/bes/changes/fullchangelist-91.txt
* Known issues: http://www-01.ibm.com/support/docview.wss?uid=swg21667537
* Upgrade fixlets available in BES Support version 1161
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20140418/54280faf/attachment.html>