Security Advisories

FSC-2013-2: Notice on Update for Linux products

Description

Hotfixes have been released for certain F-Secure Linux security solutions to accommodate vendor-released security updates for third party components used in the products listed below. F-Secure recommends that administrators of the affected systems patch or upgrade their systems.
 

Affected Products


Risk Level: HIGH (Low/Medium/High/Critical)

  • F-Secure Internet Gatekeeper for Linux 4.07 - 4.10
  • F-Secure Linux Security 9.14 – 9.20
  • F-Secure Protection Service for Business Linux Security 9.20

 

Platforms

The following 32-bit Linux distributions are supported:

  • Asianux 3.0
  • CentOS 5.5+, 6
  • Debian 6.0
  • Red Hat Enterprise Linux 5.5+, 6.0, 6.1, 6.2
  • SUSE Linux Enterprise Server 10 SP2, 11
  • Turbolinux 11 Server
  • Ubuntu 10.04

 

The following 64-bit (AMD64/EM64T) distributions are supported with 32-bit compatibility packages:

  • Asianux 3.0
  • CentOS 5.5+, 6
  • Debian 6.0
  • Red Hat Enterprise Linux 5.5+ , 6.0, 6.1, 6.2
  • SUSE Linux Enterprise Server 10 SP2, 11
  • Turbolinux 11 Server
  • Ubuntu 10.04

Notes

The affected product version is not the latest in the product line. The recommended solution is to upgrade to version 4.x. A hotfix is provided for installations where upgrade is not possible.

Mitigating Factor

Limiting access to the admin UI port for the affected product by using network security functionality, such as firewalls, will also limit the range of computers that can attempt to utilize this vulnerability. Such limitation may already be in place in many environments.


Fix Available

Product Versions Download
F-Secure Internet Gatekeeper for Linux 4.07 - 4.10 Hotfix:
ftp://ftp.f-secure.com/support/hotfix/fsig-linux/fsigk-4.10-hotfix1.tar.gz**
ftp://ftp.f-secure.com/support/hotfix/fsig-linux/fsigk-4.10-hotfix1-readme.txt **

Upgrade to Internet Gatekeeper for Linux 5.0:
http://www.f-secure.com/en/web/business_global/support/downloads/-/carousel/view/79
F-Secure Linux Security 9.14 – 9.20 Hotfix:
ftp://ftp.f-secure.com/support/hotfix/fsls/fsls-9.14-hotfix2.tar.gz *
ftp://ftp.f-secure.com/support/hotfix/fsls/fsls-9.14-hotfix2-release-notes.txt

ftp://ftp.f-secure.com/support/hotfix/fsls/fsls-9.20-hotfix2.tar.gz *
ftp://ftp.f-secure.com/support/hotfix/fsls/fsls-9.20-hotfix2-release-notes.txt
F-Secure Protection Service for Business Linux Security 9.20 9.20 Hotfix:
ftp://ftp.f-secure.com/support/hotfix/fsls/fsls-9.20-hotfix2.tar.gz
ftp://ftp.f-secure.com/support/hotfix/fsls/fsls-9.20-hotfix2-release-notes.txt

 

* Note (28 May 2013): The hotfix is now applicable for both standalone and centrally-managed installations.

** Note (15 August 2013): Files updated, corrected the Tomcat version from 7.0.37 to 7.0.35.

7.0.37

 

Date Issued: 2013-05-14
Last Updated: 2013-05-28

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now