MessageWay Remote Execution Server Maintenance Release
Maintenance Release Name:
mwres-6.1.0-mr08-linux
Release date: January 5, 2021
Prerequisite: MessageWay
Remote Execution Server 6.1.0 and MessageWay 6.1.0 mr09
Obsoletes Maintenance Releases (formerly called Hotfixes): All
previous MessageWay Remote Execution Server 6.1.0 Hotfixes
Files:
This Maintenance Release contains the files listed below:
Files changed in this Maintenance Release
mwres-6.1.0-mr08-linux:
| libcrypto.so.1.0.0 |
OpenSSL crypto library |
|
mwres-6.1.0-mr08-linux_readme.html |
This Readme file |
Files changed in previous Hotfixes and rolled into this
Maintenance Release:
| install.sh |
RES Installer |
|
mwresd |
MessageWay RES server Version 6.1.0.3 |
Installing the MessageWay RES Server
Maintenance Release:
1) Download the
Maintenance Release install package sent by Progress and unzip.
2) Logon
to the perimeter server as "root".
3) Locate the Maintenance Release tarball
(mwres-6.1.0-mr08-linux.tgz) in the Maintenance Release install
package (...\servers_mrs\linux) and copy to the perimeter
server.
4) Untar the Maintenance Release tarball:
tar -xzvf mwres-6.1.0-mr08-linux.tgz
5) Step 4 will automatically create a new subdirectory named
mwres-6.1.0-mr08-linux.
6) Stop the MessageWay
RES Server.
7) Stop any remote processes that had been
invoked by mwresd.
8) cd to the newly created
mwres-6.1.0-mr08-linux
subdirectory.
9) Install the
Maintenance Release by running the install script:
./install.sh
10) Answer the prompts as they appear.
11) Start the MessageWay RES Server.
The Maintenance
Release is now installed on the server. A backup copy of every replaced object was saved in the /opt/messageway/res/backups
subdirectory.
To verify that the
Maintenance Release installed properly, view the /opt/messageway/res/MWRESInstall.log file. Additionally, this
Maintenance Release Readme file is saved in the subdirectory created in step 4 above for future reference.
( January 5, 2021 ) Issues closed in
mwres-6.1.0-mr08-linux
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2u and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay Remote Execution Server - Issue #950 (Program
changed: libcrypto.so.1.0.0)
Issue 950: See Important
Note about Security Updates for this issue above.
( December 21, 2018 ) Issues closed in
mwres-6.1.0-mr07-linux
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2p and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay Remote Execution Server - Issue #4416 (Program changed: install.sh)
Issue 4416:
Enhance the installation script to install systemctl
service files for starting, stopping and obtaining status of MessageWay Remote
Execution
server. Changes:
A systemctl service file named mwresd.service is now installed in
/usr/lib/systemd/system if it does not already exist.
MessageWay Remote Execution Server - Issue #4118 (Program
changed: libcrypto.so.1.0.0)
Issue 4118: See Important
Note about Security Updates for this issue above.
( March 31, 2018 ) Issues closed in
mwres-6.1.0-mr06-linux
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2n and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay Remote Execution Server - Issue #4118 (Program
changed: libcrypto.so.1.0.0)
Issue 4118: See Important
Note about Security Updates for this issue above.
( February 28, 2017 ) Issues closed in
mwres-6.1.0-mr05-linux
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2j and FIPS 2.0.12 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.12.pdf
MessageWay Remote Execution Server - Issue #4246 (Program
changed: libcrypto.so.1.0.0)
Issue 4246: See Important
Note about Security Updates for this issue above.
(
April 13, 2016
) Issues closed in
mwres-6.1.0-mr03-linux
IMPORTANT NOTE about Security Updates for this release (Issue-4025,
4144):
MessageWay now includes the OpenSSL 1.0.1r and FIPS 2.0.11 releases.
They address many vulnerabilities
that can be found in the release notes on the Openssl.org site.
Specifically, see the following link for further details about this release of
OpenSSL:
https://www.openssl.org/news/openssl-1.0.1-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.11.pdf
MessageWay Remote Execution Server - Issue #4152 (Program
changed: install.sh )
Issue 4152:
Installer does not check that RES is stopped before performing the install,
causing install to fail if RES is running. Changes:
This problem has been fixed.
MessageWay Remote Execution Server - Issue #4025, 4144 (Program
changed: libcrypto.so.1.0.0)
Issue 4025, 4144: See Important
Note about Security Updates for this issue above.
( May 14, 2015 ) Issues closed in
mwres-6.1.0-mr02
IMPORTANT NOTE about Security Updates for this release (Issue-3975):
MessageWay now includes the OpenSSL 0.9.8ze and FIPS 1.2.2 releases.
They address the following higher profile vulnerabilities and many others
that can be found in the release notes on the Openssl.org site.
CVE-2014-0160, Heartbleed vulnerability, the OpenSSL 0.9.8.ze is not
vulnerable to the issue outlined in this CVE report.
CVE-2014-0224,
SSL/TLS MITM vulnerability, the OpenSSL 0.9.8.ze version contains the updates to
address this vulnerability.
CVE-2014-3566, POODLE
vulnerability, MessageWay no longer supports the SSLv3 protocol for secure
sessions.
CVE-2015-0204, FREAK vulnerability, the OpenSSL
0.9.8.ze version contains the updates to address this vulnerability.
MessageWay Remote Execution Server - Issue #3827 (Program
changed: mwresd - version 6.1.0.3)
Issue 3827:
The MessageWay RES client was unable to connect to a MessageWay RES server,
though it can connect to earlier versions of the server. Changes: This
problem has been fixed.
MessageWay Remote Execution Server - Issue #3975 (Program
changed: libcrypto.so.0.9.8)
Issue 3975: See Important
Note about Security Updates for this issue above.
|
