|
Ibm® Sterling Connect: Direct
|
| bet | 5/6 | | Sana | 25.12.2019 | | Hajmi | 79.91 Kb. | | #4856 |
Recommendation: IBM recommends that you review your entire environment to identify areas that enable DES/3DES cipher suites and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling DES/3DES cipher suites. You should verify disabling DES/3DES cipher suites does not cause any compatibility issues. Enable the below GSKit remediation when you cannot take the recommended action and disable DES/3DES cipher suites in your environment.
Description of Fix: The fix adds the ability to engage a GSKit remediation for this vulnerability via a system environment variable named CD_GSK_OPTIONS. To enable the remediation, set the value of this system environment variable to GSK_ENFORCE_TDEA_RESTRICTION. Than cycle (stop and restart) Sterling Connect:Direct.
Caution: The effect of this remediation is to arbitrarily break a session after 32 GB of data have been transmitted.
Aside from the GSKit remediation, CD Secure+ Admin Tool (SPAdmin) and CD Secure+ CLI (SPCli) have been enhanced to display warnings when deprecated cipher suites or protocols have been configured, which includes all cipher suites using an RC4, DES/3DES or no encryption algorithm and the SSLv3 protocol. Note that deprecated cipher suites and protocols may be disabled in a future update.
Fix Availability Date: 23 February 2017
High Impact: Y
Reported Severity: 2
4.7.0.4_iFix029: RTC528302
Description of Issue: Update the IBM Runtime Environment Java Technology Edition to Java 8.
Description of Fix: Bundled the latest IBM JRE version 8. Also resolved some issues with updating or uninstalling the ibm_jre folder.
Fix Availability Date: 23 February 2017
High Impact: N
Reported Severity: 5
4.7.0.4_iFix030: RTC526823 / APAR IT19511
Description of Issue: Stability improvements when using codepage conversion.
Description of Fix: Improved error handling to avoid a potential crash.
Fix Availability Date: 02 March 2017
High Impact: N
Reported Severity: 2
4.7.0.4_iFix031: RTC532123
Description of Issue: During the SPCli upgrade command, errors are missing when opening mulitple PEM or CMS KeyStores fail. Only the last error is reported.
Description of Fix: Resolved.
Fix Availability Date: 08 March 2017
High Impact: N
Reported Severity: 3
4.7.0.4_iFix032: RTC532108
Description of Issue: CD Secure+ Admin Tool (SPAdmin) does not display the certificate chain in tree view.
Description of Fix: Within the Certificate Manager main window, a list of certificates is displayed in a tree view. On the Key Cert tab, the key certificates are displayed as the root and expand to display the trusted chain associated with the key cert.
Fix Availability Date: 08 March 2017
High Impact: N
Reported Severity: 4
4.7.0.4_iFix033: RTC532111
Description of Issue: When executing the SPCli command "Create RemoteNode name=xxx", the SPCli fails with "SPCL108E rc=8 All mandatory key word value pairs must be entered". Specifying only the node name is a valid scenario.
Description of Fix: Resolved.
Fix Availability Date: 08 March 2017
High Impact: N
Reported Severity: 3
4.7.0.4_iFix034: RTC532298
Description of Issue: Fast and Secure Protocol (FASP) update.
Description of Fix: Updated the FASP components.
Fix Availability Date: 10 March 2017
High Impact: N
Reported Severity: 3
4.7.0.4_iFix035: RTC527029
Description of Issue: Process fails retry of a COPY receive step with checkpointing.
Description of Fix: Resolved.
Fix Availability Date: 10 March 2017
High Impact: N
Reported Severity: 2
4.7.0.4_iFix036: RTC533419
Description of Issue: Log file issue with one of the prerequisites when doing an interactive installation.
Description of Fix: Resolved.
Fix Availability Date: 23 March 2017
High Impact: N
Reported Severity: 2
All iFixes and fix packs listed above are accumulated in fix pack 5 (4.7.0.5).
iFixes after 4.7.0.5
4.7.0.5_iFix001: RTC513697
Description of Issue: Enable TCP KeepAlive during HSAO file transfer.
Description of Fix: Implemented.
Fix Availability Date: 30 March 2017
High Impact: N
Reported Severity: 3
4.7.0.5_iFix002: RTC535229
Description of Issue: When importing a keycert that contains a chain of trusted certificates, the chain is not imported.
Description of Fix: Resolved.
Fix Availability Date: 11 April 2017
High Impact: N
Reported Severity: 2
4.7.0.5_iFix003: RTC541462 / APAR IT21009
Description of Issue: Unable to change the Base Record name for the local node in Secure+.
Description of Fix: The Base Record name is not used in this version anymore and has been removed from the CD Secure+ Admin Tool (SPAdmin), except for the main window grid to identify alias record links. Also, when an alias record is selected for edit, the Edit Record dialog Node Name value now refers to the non-alias/actual node name.
Fix Availability Date: 13 June 2017
High Impact: N
Reported Severity: 2
4.7.0.5_iFix004: RTC539308 / APAR IT21091
Description of Issue: Server crashes when a remote RUN TASK/JOB step for a Sterling Connect:Direct UNIX SNODE is missing SYSOPTS.
Description of Fix: Resolved an issue introduced with 4.7.0.4_iFix002. The process will now complete with the RUN TASK/JOB failing with XRPM008I "No sysopts." as expected.
Fix Availability Date: 20 June 2017
High Impact: Y
Reported Severity: 3
4.7.0.5_iFix005: RTC516322
Description of Issue: CD Requester may not display Secure+ information when loading Statistics or Process data from a file that was saved on another computer.
Description of Fix: Updated CD Requester to display Secure+ fields when the node and its Secure+ version are unknown.
Fix Availability Date: 24 July 2017
High Impact: N
Reported Severity: 3
4.7.0.5_iFix006: RTC546528 / APAR IT22876
Description of Issue: There have been some reports of antivirus software detecting a threat within Sterling Connect:Direct for Windows, resulting in the normal operation of Connect:Direct being blocked. IBM believes the threat results to be a false positive.
Description of Fix: Digitally signed the CDNT.exe executable with a certificate to confirm the software author and guarantee that the code has not been altered since it was signed. You can verify the certificate from the Digital Signatures tab of the CDNT.exe file properties.
Fix Availability Date: 20 October 2017
High Impact: Y
Reported Severity: 2
4.7.0.5_iFix007: RTC556372
Description of Issue: Variable &PARAM is not resolved in the message short text for some instances of LSCF004I. Message data shows a value for &PARM instead.
Description of Fix: Resolved.
Fix Availability Date: 20 November 2017
High Impact: N
Reported Severity: 4
4.7.0.5_iFix008: RTC556874 / APAR IT23332
Description of Issue: CLI (Direct.exe) outputs the Certificate Subject value under Certificate Issuer in Select Statistics.
Description of Fix: Resolved.
Fix Availability Date: 29 November 2017
High Impact: N
Reported Severity: 4
4.7.0.5_iFix009: RTC506295
Description of Issue: CD Configuration Utility (CDConfig.exe) exports the fasp parameter incorrectly with blanks when its pnode or snode value is set to blank in initialization parameters or netmap. As a result, CDConfig displays an E018 error when opening or importing such a file: E018 Line contained extra unrecognized data (',').
Description of Fix: Updated CDConfig to export the fasp parameter with all blanks removed.
Workaround: Manually remove all blanks from the line highlighted in CDConfig.
Fix Availability Date: 07 December 2017
High Impact: N
Reported Severity: 4
4.7.0.5_iFix010: RTC558818
Description of Issue: When loading or editing a process in CD Requester, it removes quotes from file names that does not contain a ' ', '&' or '?'. This breaks file names containing '://' and turns part of the file name into a comment.
Description of Fix: Updated CD Requester to always add quotes around file names in the FILE parameter of COPY TO/FROM and SUBMIT statements.
Fix Availability Date: 02 February 2018
High Impact: N
Reported Severity: 3
4.7.0.5_iFix011: RTC558935 / APAR IT24095
Description of Issue: Secure+ incorrectly bypassed on the SNODE when it had no Secure+ remote node entry for the PNODE.
Description of Fix: Resolved an issue with merging .Local and remote node settings. Also updated CSPA314W to show the node name in the message text.
Fix Availability Date: 14 May 2018
High Impact: Y
Reported Severity: 3
4.7.0.5_iFix012: RTC560221 / APAR IT24146
Description of Issue: The CD Configuration Utility (CDConfig) fails to validate tcp.api.port or tcp.host.port initialization parameters when they specify multiple listener addresses. The error is:
E018 Line contained extra unrecognized data ('::1;1363').
Description of Fix: Resolved.
Fix Availability Date: 21 February 2018
High Impact: N
Reported Severity: 4
4.7.0.5_iFix013: RTC562062 / APAR IT24136 / CVE-2017-3732, CVE-2017-3736, CVE-2018-1427
Description of Issue: Vulnerabilities have been found in the IBM GSKit component used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs.
Description of Fix: Updated the version of GSKit.
Fix Availability Date: 09 March 2018
High Impact: Y
Reported Severity: 2
4.7.0.5_iFix014: RTC557781 / APAR IT24600
Description of Issue: Timer Retry logic can lose track of a process when a user manually releases the process from the Timer Retry queue and the timer fires while the process is still running. The process will not get a new timer but will remain in the Timer Retry queue appearing ‘stuck’.
Description of Fix: Resolved.
Fix Availability Date: 29 March 2018
High Impact: N
Reported Severity: 3
4.7.0.5_iFix015: RTC565355 / APAR IT24943
Description of Issue: Processes to a remote node can remain on the WAIT queue after a user has increased Max PNode Sessions in the netmap entry. The processes work fine again after restarting the local node.
Description of Fix: Resolved an issue with checking if a process can run. Improved error reporting to log LSMG418I with CC=16 when an exception was caught in the PNODE session manager.
Fix Availability Date: 29 May 2018
High Impact: N
Reported Severity: 3
4.7.0.5_iFix016: RTC567875 / APAR IT25318 / CVE-2018-2602
Description of Issue: A vulnerability has been found in the IBM Runtime Environment Java Technology Edition, Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE.
Description of Fix: Updated the IBM Runtime Environment Java.
Fix Availability Date: 11 June 2018
High Impact: Y
Reported Severity: 2
4.7.0.5_iFix017: RTC565959 / APAR IT25477
Description of Issue: In some circumstances, an attempt to update the .Local node record via the CD Secure+ Admin Tool will fail reporting something similar to “Error #6 – Remote Node file not found.”
Description of Fix: Fixed code so that updating the .Local node record via the Secure+ Admin Tool works normally.
Fix Availability Date: 25 June 2018
High Impact: N
Reported Severity: 3
4.7.0.5_iFix018: RTC569191 / APAR IT25658
Description of Issue: When sending multiple files to Connect:Direct HP NonStop, the first destination file on HP NonStop has the correct allocation settings, but the second and following files do not.
|
| |
