MessageWay SFTP Proxy Server Maintenance Release
Maintenance Release Name:
mwproxy-6.1.0-mr07-solaris
Release date: January 5, 2021
Prerequisites: MessageWay
SFTP Proxy Server 6.1.0 and MessageWay 6.1.0 mr09
Obsoletes Maintenance Releases (formerly called Hotfixes):
All previous MessageWay Proxy Server 6.1.0 Hotfixes
Files:
This Maintenance Release contains the files listed below:
Files changed in this Maintenance Release
mwproxy-6.1.0-mr07-solaris:
| libcrypto.so.1.0.0 |
OpenSSL crypto library |
|
mwproxy-6.1.0-mr07-solaris_readme.html |
This Readme file |
Files changed in previous Hotfixes and rolled into this
Maintenance Release:
Installing the MessageWay SFTP Proxy Server
Maintenance Release:
1) Download the
Maintenance Release install package sent by Progress and unzip.
2) Logon
to the perimeter server as
"root".
3) Locate the Maintenance Release tarball (mwproxy-6.1.0-mr07-solaris.tgz)
in the Maintenance Release install package (...\servers_mrs\solaris\)
and copy to the perimeter server.
4) Unzip the Maintenance Release
tarball:
gunzip mwproxy-6.1.0-mr07-solaris.tgz
5) Untar the resulting
Maintenance Release tar file:
tar -xzvf mwproxy-6.1.0-mr07-solaris.tar
6) Step 5 will automatically create a new subdirectory named
mwproxy-6.1.0-mr07-solaris.
7) Stop the MessageWay SFTP
Proxy Server.
8) cd to the newly created
mwproxy-6.1.0-mr07-solaris
subdirectory.
9) Install the
Maintenance Release by running the install script:
./install.sh
10) Answer the prompts as they appear.
11) Start the MessageWay SFTP Proxy Server.
The Maintenance
Release is now installed on the server. A backup copy of every replaced object was saved in the /opt/messageway/proxy/backups
subdirectory.
To verify that the
Maintenance Release installed properly, view the /opt/messageway/proxy/MWProxyInstall.log file. Additionally, this
Maintenance Release Readme file is saved in the subdirectory created in step 5 above for future reference.
( January 5, 2021 ) Issues closed in
mwproxy-6.1.0-mr07-solaris
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2u and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay SFTP Proxy Server - Issue #950 (Program
changed: libcrypto.so.1.0.0)
Issue
950: See Important Note about Security Updates for
this issue above.
( December 21, 2018 ) Issues closed in
mwproxy-6.1.0-mr06-solaris
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2p and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay SFTP Proxy Server - Issue #4118 (Program
changed: libcrypto.so.1.0.0)
Issue
4118: See Important Note about Security Updates for
this issue above.
( March 31, 2018 ) Issues closed in
mwproxy-6.1.0-mr05-solaris
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2n and FIPS 2.0.16 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.16.pdf
MessageWay SFTP Proxy Server - Issue #4118 (Program
changed: libcrypto.so.1.0.0)
Issue
4118: See Important Note about Security Updates for
this issue above.
( February 28, 2017 ) Issues closed in
mwproxy-6.1.0-mr04-solaris
IMPORTANT NOTE about Security Updates for this release:
MessageWay now includes the OpenSSL 1.0.2j and FIPS 2.0.12 releases.
They
address many vulnerabilities that can be
found in the release notes on the Openssl.org site.
Specifically, see the
following link for further details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.2-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.12.pdf
MessageWay SFTP Proxy Server - Issue #4246 (Program
changed: libcrypto.so.1.0.0)
Issue
4246: See Important Note about Security Updates for
this issue above.
(
April 13, 2016
) Issues closed in
mwproxy-6.1.0-mr02-solaris
IMPORTANT NOTE about Security Updates for this release (Issue-4025,
4144):
MessageWay now includes the OpenSSL 1.0.1r and FIPS 2.0.11 releases.
They address many vulnerabilities that can be found in the release notes on
the Openssl.org site.
Specifically, see the following link for further
details about this release of OpenSSL:
https://www.openssl.org/news/openssl-1.0.1-notes.html
Specifically, see the following link for further details about this release of
FIPS:
https://www.openssl.org/docs/fips/SecurityPolicy-2.0.11.pdf
MessageWay SFTP Proxy Server - Issue #4025, 4144 (Program
changed: libcrypto.so.1.0.0)
Issue
4025, 4144: See Important Note about Security Updates for
this issue above. ( May 15, 2015 ) Issues
closed in mwftp-6.1.0-mr01
IMPORTANT NOTE about Security Updates for this release (Issue-3975):
MessageWay now includes the OpenSSL 0.9.8ze and FIPS 1.2.2 releases.
They address the following higher profile vulnerabilities and many others
that can be found in the release notes on the Openssl.org site.
CVE-2014-0160, Heartbleed vulnerability, the OpenSSL 0.9.8.ze is not
vulnerable to the issue outlined in this CVE report.
CVE-2014-0224,
SSL/TLS MITM vulnerability, the OpenSSL 0.9.8.ze version contains the updates to
address this vulnerability.
CVE-2014-3566, POODLE
vulnerability, MessageWay no longer supports the SSLv3 protocol for secure
sessions.
CVE-2015-0204, FREAK vulnerability, the OpenSSL
0.9.8.ze version contains the updates to address this vulnerability.
MessageWay SFTP Proxy Server - Issue #3975 (Program
changed: libcrypto.so.0.9.8)
Issue
3975: See Important Note about Security Updates for
this issue above. |
