Ibm® Sterling Connect: Direct




Download 67.98 Kb.
bet4/5
Sana22.03.2020
Hajmi67.98 Kb.
#8507
1   2   3   4   5
Description of Fix: Added "PRIN - Process was interrupted" to the Records filter list in the UI.

Fix Availability Date: 18 February 2014

High Impact: N

Reported Severity: 4
4.6.0.3_iFix017: RTC402130 / APAR IC99880

Description of Issue: When using Secure Point of Entry on Windows, the SNODE exposes its effective local user ID derived from the proxy to the PNODE.

Description of Fix: Fixed the logic of logging the 'SNode User ID' field on the SNODE. The logic got implemented in version 4.5.00 and was incorrectly overwriting some snodeid structure that gets returned to the PNODE.

Fix Availability Date: 04 March 2014

High Impact: N

Reported Severity: 3
4.6.0.3_iFix018: RTC414380 / APAR IT00339

Description of Issue: Several inconsistencies around specifying a checkpoint interval value in initialization parameters or in CD Requester. For example, initialization parameters do not display the value as M when possible. When the user sets a new value, it is not always validated and converted correctly. When resetting the value, a default of 64 K is applied instead of 10 M as documented. Edit control in CD Requester is too small and only allows the user to enter 3-digits.

Description of Fix: Updated validation routines to use a consistent upper limit of 2047 megabytes (M) or 2097151 kilobytes (K) for the checkpoint interval. Fixed the default to be 10 M. Fixed KM-to-bytes conversion routines to check for overflow and fail. Updated the Edit Control in the COPY statement UI in CD Requester allowing the user to enter up to 7 digits.

Fix Availability Date: 13 March 2014

High Impact: N

Reported Severity: 3
4.6.0.3_iFix019: RTC124137 / APAR IT00512

Description of Issue: Bad trace file value sent from Connect:Direct Browser is saved to trace settings.

Description of Fix: Added logic to open/close new trace file name to validate it. Returns Invalid parm error if the file name is invalid: "LCCA052I Invalid Parameter - Output file: Filename"

Fix Availability Date: 21 March 2014

High Impact: N

Reported Severity: 3
4.6.0.3_iFix020: RTC408632 / APAR IT00728 / RFE 405966

Description of Issue: Sterling Connect:Direct for Windows Total Max Sessions enforcement

Description of Fix: Added a new initialization parameter sess.total. It works similar to sess.pnode.max and sess.snode.max, except that it limits the maximum concurrent connections for all remote nodes in total. Valid numeric values are 1 to 510. The initial value if not specified is the sum of sess.pnode.max plus sess.snode.max.

Fix Availability Date: 03 April 2014

High Impact: N

Reported Severity: 5
4.6.0.3_iFix021: RTC419555 / APAR IT01361

Description of Issue: Message File Update and Automatic Import.

Description of Fix: The Connect:Direct message file has been updated with new and updated messages. It will now be automatically imported into the message database while applying a fix pack, unless disabled by the user through specifying LAUNCHMSGIMP=0 on the fix pack command line. To import new messages manually, run the CD Message Import Utility.

Fix Availability Date: 22 April 2014

High Impact: N

Reported Severity: 4
4.6.0.3_iFix022: RTC397388 / APAR IT01187 / CVE-2013-3031

Description of Issue: A Denial of Service vulnerability in IBM solidDB affects IBM Sterling Connect:Direct for Microsoft Windows.

Description of Fix: Updated IBM solidDB to version 6.5.0.14 Interim Fix 20.

Fix Availability Date: 23 April 2014

High Impact: Y

Reported Severity: 2
4.6.0.3_iFix023: RTC422291 / APAR IT01363

Description of Issue: Event log message were still showing the product name in uppercase, like "CONNECT:Direct".

Description of Fix: The product name and event text source had already been updated to "Connect:Direct" many years ago. However these changes did not take effect until now.

Fix Availability Date: 25 April 2014

High Impact: Y

Reported Severity: 4
All iFixes and fix packs listed above are accumulated in fix pack 4 (4.6.0.4).

iFixes after Fix Pack 4 (4.6.0.4)
4.6.0.4_iFix001: RTC423820 / APAR IT01628

Description of Issue: When extracting a configuration using CD Configuration Tool (CDConfig.exe), some values greater than 254 are not displayed corrected. The affected parameters included the session related Initialization Parameters (Initparms.cfg: sess.pnode.max, sess.snode.max, sess.total, sess.default) and the Short/Long Term Retry Attempts in the Netmap (Map.cfg: SRetry/LRetry).

Description of Fix: Switched to another output function for the mentioned parameters.

Workaround: Manually update the values in the extracted Initparms.cfg and Map.cfg files.

Fix Availability Date: 08 May 2014

High Impact: N

Reported Severity: 4
4.6.0.4_iFix002: RTC429588 / APAR IT02574 / CVE-2014-0224

Description of Issue: A man-in-the-middle attack vulnerability in OpenSSL affects IBM Sterling Connect:Direct for Microsoft Windows.

Description of Fix: Updated OpenSSL to version 1.0.1h and started using its FIPS mode implementation instead of the Sterling Crypto-C FIPS module.

Fix Availability Date: 27 June 2014

High Impact: Y

Reported Severity: 2

Important Note: Key certificates using the PKCS5 1.5 PBE-MD5-DES algorithm to encrypt the private key need to be converted manually. See http://www.ibm.com/support/docview.wss?uid=swg21676660 for details.
4.6.0.4_iFix003: RTC424914 / APAR IT03709

Description of Issue: The CD Secure+ Admin Tool and CD Secure+ CLI shortcuts may loose the 'Run as administrator' (RAA) setting when applying some fix packs or iFixes. As a result, the shortcuts may not trigger the tools correctly, so that the user would not work on the correct configuration data.

Description of Fix: The installer has been updated to set the RAA option on shortcuts in the above scenarios, too.

Workaround: Enable the RAA checkbox manually in the advanced properties of those shortcuts.

Fix Availability Date: 11 Aug 2014

High Impact: N

Reported Severity: 2
4.6.0.4_iFix004: RTC437894 / APAR IT04504

Description of Issue: Sterling Control Center was unable to catch up on statistics with a busy Connect Direct Windows node. Select Statistics queries started to take longer and longer to complete. The Connect Direct Windows responded slowly and solidDB started to create lots of temporary files (sxs*.*).

Description of Fix: Widely increased the performance for the type of Select Statistics queries initiated by Sterling Control Center. These queries specify the LIMIT parameter and do not include wildcards or SFILE/DFILE.

Workaround: See the following Technote at https://www.ibm.com/support/entdocview.wss?uid=swg21682729: Many solidDB® temp files are being created and it caused the Connect:Direct Disk to fill up and CD statistic cannot be collected.

Fix Availability Date: 22 September 2014

High Impact: N

Reported Severity: 2
4.6.0.4_iFix005: RTC432574 / APAR IT04498

Description of Issue: A destination file may become corrupt when the user manually deletes the partial file but not the associated CKPT file while awaiting a checkpoint/restart. When the restart occurs, the first bytes up to the last valid checkpoint will all be 0 and the transfer continues from that point on.

Description of Fix: Updated the code to restart the transfer from the beginning of the file.

Fix Availability Date: 23 September 2014

High Impact: N

Reported Severity: 3
4.6.0.4_iFix006: RTC440044 / APAR IT04643 / CVE-2014-3508, CVE-2014-3511

Description of Issue: Vulnerabilities were reported in OpenSSL which make OpenSSL vulnerable to an information leak in pretty printing functions (CVE-2014-3508) and a TLS protocol downgrade attack (CVE-2014-3511). IBM Sterling Connect:Direct for Microsoft Windows is therefore also vulnerable.

Description of Fix: Updated OpenSSL to version 1.0.1j.

Fix Availability Date: 24 October 2014

High Impact: Y

Reported Severity: 2
4.6.0.4_iFix007: RTC442747 / APAR IT05025

Description of Issue: Server crashes when using OpenSSL libraries.

Description of Fix: Fixed OpenSSL initialization.

Fix Availability Date: 24 October 2014

High Impact: N

Reported Severity: 3
4.6.0.4_iFix008: RTC446721 / APAR IT05239 / CVE-2014-3513

Description of Issue: A vulnerability was reported in OpenSSL which makes OpenSSL vulnerable to an OpenSSL DTLS SRTP denial of service attack (CVE-2014-3513). IBM Sterling Connect:Direct for Microsoft Windows is therefore also vulnerable.

Description of Fix: Already fixed with the OpenSSL 1.0.1j update in 4.6.0.4_iFix006.

Fix Availability Date: 29 October 2014

High Impact: Y

Reported Severity: 2
4.6.0.4_iFix009: RTC446820 / APAR IT05253 / CVE-2014-3566

Description of Issue: The SSLv3 protocol contains a number of weaknesses including POODLE (Padding Oracle On Downgraded Legacy Encryption, CVE-2014-3566). IBM Sterling Connect:Direct for Microsoft Windows is therefore also vulnerable when the SSLv3 protocol is used.

Recommendation: SSLv3 is an obsolete and insecure protocol. Use the TLS protocol instead. To fully disable SSLv3 and use TLS instead, ensure that all secure connections are configured to 'Enable TLS Protocol' and 'Disable Override'.

Description of Fix: Added a protocol level check to prevent a remote attacker from initiating an SSLv3 fallback when the session must be TLS.

Fix Availability Date: 04 November 2014

High Impact: Y

Reported Severity: 2
All iFixes and fix packs listed above are accumulated in fix pack 5 (4.6.0.5).

iFixes after Fix Pack 5 (4.6.0.5)
4.6.0.5_iFix001: RTC 416379 / APAR IT05862

Description of Issue: Data corruption occurring at a subsequent COPY step when it gets restarted before the first checkpoint has been received. This only occurs when Windows is SNODE writing the destination file.

Description of Fix: Added code to update the ckpt file in-between COPY steps.

Fix Availability Date: 02 December 2014

High Impact: N

Reported Severity: 2
4.6.0.5_iFix002: RTC451886 / APAR IT06256

Description of Issue: The CLI help is missing the LIMIT keyword in the Select Statistics command help.

Description of Fix: Added the following text to the "help select statistics;" output:

[limit = number of entries]

Fix Availability Date: 30 December 2014

High Impact: N

Reported Severity: 4
4.6.0.5_iFix003: RTC451923 / APAR IT06263

Description of Issue: Message SSRV134I not logged correctly.

Description of Fix: Added proper process name and number information and fixed the &PNUM value in the message data.

Fix Availability Date: 30 December 2014

High Impact: N

Reported Severity: 4
4.6.0.5_iFix004: RTC452029 / APAR IT06282

Description of Issue: Summary message SCPA085I shows wrong SNODE name on wildcard copy receive. It shows the pnode's name instead.

Description of Fix: Fixed.

Fix Availability Date: 02 January 2015

High Impact: N

Reported Severity: 3
4.6.0.5_iFix005: RTC452049 / APAR IT06289

Description of Issue: Enhance the LCOA014I message to provide more details on failed logon attempts.

Description of Fix: The OS system error code is now logged as the feedback code (FDBK) and the specified userid is added to the message data. Here are some typical error codes and their meaning:

1326: Logon failure - unknown user name or bad password.

1331: Logon failure - account currently disabled.

1385: Logon failure - the user has not been granted the requested logon type at this computer.

Fix Availability Date: 02 January 2015

High Impact: N

Reported Severity: 5
4.6.0.5_iFix006: RTC458179 / APAR IT07518 / CVE-2014-3570, CVE-2015-0204, CVE-2015-0205

Description of Issue: Sterling Connect:Direct for Microsoft Windows uses OpenSSL. Several vulnerabilities were reported in OpenSSL which makes OpenSSL vulnerable to an unspecified error (CVE-2014-3570) and remote attacks (CVE-2015-0204 aka FREAK attack, CVE-2015-0205). IBM Sterling Connect:Direct for Microsoft Windows is therefore also vulnerable.

Description of Fix: Updated OpenSSL to version 1.0.1l. Also removed the weak RSA_EXPORT cipher suites from Cipher.txt, so that users will no longer be able to add them when configuring Secure+. Note that this will not remove these cipher suites from any existing configuration and you will have to remove them manually here.

Recommendation: RSA_EXPORT cipher suites are weak and drepreciated. It is recommended to remove all RSA_EXPORT ciphers from the Secure+ configuration. For each entry listed in CD Secure+ Admin Tool, go to its TLS/SSL Protocol tab and remove any RSA_EXPORT cipher listed as Enabled.

Fix Availability Date: 06 March 2015



Download 67.98 Kb.
1   2   3   4   5




Download 67.98 Kb.