Ipswitch, Inc.
www.ipswitch.com
1-678-287-0700


MessageWay Remote Execution Server Maintenance Release

Maintenance Release Name:     mwres-6.1.0-mr07-linux

Release date:    December 21, 2018

Prerequisite:     MessageWay Remote Execution Server 6.1.0 and MessageWay 6.1.0 mr08

Obsoletes Maintenance Releases (formerly called Hotfixes): All previous MessageWay Remote Execution Server 6.1.0 Hotfixes

Files:
This Maintenance Release contains the files listed below:

  Files changed in this Maintenance Release mwres-6.1.0-mr07-linux:

    install.sh  RES Installer
    libcrypto.so.1.0.0  OpenSSL crypto library
    mwres-6.1.0-mr07-linux_readme.html This Readme file

  Files changed in previous Hotfixes and rolled into this Maintenance Release:

    mwresd MessageWay RES server Version 6.1.0.3

Installing the MessageWay RES Server Maintenance Release:

1) Download the Maintenance Release install package sent by Ipswitch and unzip.
2) Logon to the perimeter server as "root".
3) Locate the Maintenance Release tarball (mwres-6.1.0-mr07-linux.tgz) in the Maintenance Release install package (...\servers_mrs\linux) and copy to the perimeter server.
4) Untar the Maintenance Release tarball: tar -xzvf mwres-6.1.0-mr07-linux.tgz
5) Step 4 will automatically create a new subdirectory named mwres-6.1.0-mr07-linux.
6) Stop the MessageWay RES Server.
7) Stop any remote processes that had been invoked by mwresd.
8) cd to the newly created mwres-6.1.0-mr07-linux subdirectory.
9) Install the Maintenance Release by running the install script: ./install.sh
10) Answer the prompts as they appear.
11) Start the MessageWay RES Server.

The Maintenance Release is now installed on the server. A backup copy of every replaced object was saved in the /opt/messageway/res/backups subdirectory.

To verify that the Maintenance Release installed properly, view the /opt/messageway/res/MWRESInstall.log file. Additionally, this Maintenance Release Readme file is saved in the subdirectory created in step 4 above for future reference.

( December 21, 2018 ) Issues closed in mwres-6.1.0-mr07-linux

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2p and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay Remote Execution Server - Issue #4416 (Program changed: install.sh)

Issue 4416:
Enhance the installation script to install systemctl service files for starting, stopping and obtaining status of MessageWay Remote Execution server.  Changes:
A systemctl service file named mwresd.service is now installed in /usr/lib/systemd/system if it does not already exist.

MessageWay Remote Execution Server - Issue #4118 (Program changed: libcrypto.so.1.0.0)

Issue 4118:
See Important Note about Security Updates for this issue above.

( March 31, 2018 ) Issues closed in mwres-6.1.0-mr06-linux

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2n and FIPS 2.0.16 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf

MessageWay Remote Execution Server - Issue #4118 (Program changed: libcrypto.so.1.0.0)

Issue 4118:
See Important Note about Security Updates for this issue above.

( February 28, 2017 ) Issues closed in mwres-6.1.0-mr05-linux

IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2j and FIPS 2.0.12 releases.

They address many vulnerabilities that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.12.pdf

MessageWay Remote Execution Server - Issue #4246 (Program changed: libcrypto.so.1.0.0)

Issue 4246:
See Important Note about Security Updates for this issue above.

( April 13, 2016 ) Issues closed in mwres-6.1.0-mr03-linux

IMPORTANT NOTE about Security Updates for this release (Issue-4025, 4144):
MessageWay now includes the OpenSSL 1.0.1r and FIPS 2.0.11 releases.

They address many vulnerabilities  that can be found in the release notes on the Openssl.org site.

Specifically, see the following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.1-notes.html

Specifically, see the following link for further details about this release of FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.11.pdf

MessageWay Remote Execution Server - Issue #4152 (Program changed: install.sh )

Issue 4152:
Installer does not check that RES is stopped before performing the install, causing install to fail if RES is running.  Changes: This problem has been fixed.

MessageWay Remote Execution Server - Issue #4025, 4144 (Program changed: libcrypto.so.1.0.0)

Issue 4025, 4144:
See Important Note about Security Updates for this issue above.

( May 14, 2015 ) Issues closed in mwres-6.1.0-mr02

IMPORTANT NOTE about Security Updates for this release (Issue-3975):
MessageWay now includes the OpenSSL 0.9.8ze and FIPS 1.2.2 releases.

They address the following higher profile vulnerabilities and many others that can be found in the release notes on the Openssl.org site.

CVE-2014-0160, Heartbleed vulnerability, the OpenSSL 0.9.8.ze is not vulnerable to the issue outlined in this CVE report.
CVE-2014-0224, SSL/TLS MITM vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.
CVE-2014-3566, POODLE vulnerability, MessageWay no longer supports the SSLv3 protocol for secure sessions.
CVE-2015-0204, FREAK vulnerability, the OpenSSL 0.9.8.ze version contains the updates to address this vulnerability.

MessageWay Remote Execution Server - Issue #3827 (Program changed: mwresd - version 6.1.0.3)

Issue 3827:
The MessageWay RES client was unable to connect to a MessageWay RES server, though it can connect to earlier versions of the server.  Changes: This problem has been fixed.

MessageWay Remote Execution Server - Issue #3975 (Program changed: libcrypto.so.0.9.8)

Issue 3975:
See Important Note about Security Updates for this issue above.

 

Ipswitch, Inc. | 1-678-287-0700