LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: F-Secure Security Advisory FSC-2018-1: Multiple Memory Vulnerabilities

Nathan Brindle <[log in to unmask]>

Thu, 1 Feb 2018 17:34:33 +0000

text/plain (63 lines)

(Sorry for the duplication to anyone who already received this information -- I needed to resend it because the SEARN peer is configured not to pass images.)

________________________________________

This morning, F-Secure have posted a security advisory (FSC-2018-1) at https://www.f-secure.com/en/web/labs_global/fsc-2018-1 .  The advisory addresses "multiple memory vulnerabilities" found in certain F-Secure products for Windows, including F-Secure Server Security 12.11 and earlier.  F-Secure rates this as a "Medium" risk level (on a scale of Low/Medium/High/Critical).

Linux Sites Please Note:  The vulnerabilities reported in this advisory affect F-Secure products for Windows only.  However, there is a cumulative hotfix (Hotfix 5) for F-Secure Linux Security 11.10 which has been available since November 29, 2017.  For more information on this hotfix, please browse to https://www.f-secure.com/en/web/business_global/downloads/linux-security , scroll down to Hotfixes, and open the tab).

Back to Windows:

The F-Secure Server Security kit available from the F-Secure download site has incremented from 12.11 to 12.12.  The vulnerability fix will require customers to download the new kit and run the installer to upgrade.  The installation key has not changed.  (If you have misplaced your installation key, please contact L-Soft support.)  There is no change to the upgrade instructions (pretty much, "run it and follow the prompts").

The upgrade WILL require a Windows reboot, so customers for whom that is problematic will likely prefer to defer the upgrade until their users are less affected and/or local change procedures have been satisfied.

The direct link to the download is https://download.f-secure.com/corpro/ss/current/fsss-12.12.104.exe .  Documentation and other information is available at https://www.f-secure.com/en/web/business_global/downloads/server-security as usual.

L-Soft customers should note that the key we provide is for F-Secure Server Security Standard only.  It will not work with the Premium variant.  Please be sure to download the correct kit (see the direct link above).

Release notes for the FSSS 12.12 version are available at https://help.f-secure.com/product.html#business/releasenotes-business/latest/en/fsess-latest-en .

The upgrade provides the following version updates:

F-Secure Server Security 12.11 build 103 -> 12.12 build 104
F-Secure Anti-Virus 9.52 build 239 -> 9.52 build 240
F-Secure Automatic Update Agent 9.02 build 105 -> 9.03 build 111
F-Secure User Interface 14.00 build 102 -> 14.00 build 104
F-Secure Management Agent 10.10 build 105 -> 10.10 build 133
F-Secure ORSP Client 1.2.13 build 105 -> 1.2.17 build 257
F-Secure Web UI 1.70 build 106 -> 1.70 build 113
F-Secure DeepGuard 5.0 build 707 -> 5.0 build 740
F-Secure Online Help 1.4 build 402 (no change)
F-Secure Server Security Customization 12.10 build 104 (no change)
F-Secure Web Traffic Scanner 3.01 build 276 (no change)
F-Secure Browsing Protection 2.01 build 483 (no change)

Note that LISTSERV's SHOW VERSION command will continue to include

Virus database version:      2018-02-01 08:35:54 (F-Secure Anti-Virus 9.52)

so there will be no way to tell via LISTSERV that F-Secure has been upgraded from 12.11 to 12.12.  The only way to check that you have the upgraded version installed is to right-click the F-Secure shield logo in the Windows system tray, then click "About" to pull up the version information.

Again:  This advisory affects ONLY Windows installations.

For what it's worth, we would have preferred to give advance notice of this issue, but F-Secure did not allow partners to discuss it with their customers until this morning, after the advisory was published.  At that, we had only two days' advance notice ourselves.  We apologize for any inconvenience this may cause.  Please feel free to contact L-Soft Support with questions or problems with the F-Secure upgrade.

Nathan



Nathan Brindle, Senior Product Engineer, L-Soft international, Inc.
Support is available on business days from 9 a.m. to 6 p.m. ET (U.S. Eastern Time).
Please click here, or dial (800) 399-5449 (+1 (301) 731-0440 outside US/Canada) and choose option 3.
For more information, please visit L-Soft's Support Resource Center

 

############################

To unsubscribe from the LSTSRV-L list:
write to: mailto:[log in to unmask]
or click the following link:
http://peach.ease.lsoft.com/scripts/wa-PEACH.exe?SUBED1=LSTSRV-L&A=1

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM