Symantec Encryption Server 3.3.1 - Resolved Issues

book

Article ID: 158756

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

This article details a list of resolved issues in Symantec Encryption Server 3.3.1 including all Maintenance Packs (MP).

 

Resolution

Symantec Encryption Management Server 3.3.1 MP1 Resolved Issues

General

  • Resolved the CVE issues (CVE-2012-3400, CVE-2013-0268, and CVE-2013-0871) related to local users bypassing restrictions or gaining improper privileges, or remote users potentially attacking a system—with a kernel RPM package update. [3291138/3291139]
  • Resolved the CVE-2007-6750 vulnerability related to denial-of-service attacks with the implementation of the mod_reqtimeout module in the Apache HTTP Server. [3310403]
  • Resolved the vulnerability on Linux systems related to Internet Control Message Protocol (ICMP) redirection so that only gateways can redirect messages. [3228391]
  • Resolved the vulnerability related to world-writable files by implementing controlled file permissions. [3228416]
  • Resolved a possible partition mounting weakness in Symantec Encryption Management Server by including the 'nodev' hardening option for the boot partition. [3228375]
  • Obsolete tables for the PGP Remote Disable and Destroy feature, that is no longer supported in Symantec Encryption Management Server, have been removed from the Symantec Encryption Management Server Database. [3133483]
     

Administrative Interface

  • Resolved an issue so that the links in the (Consumers) Group tab of Symantec Encryption Management Server work properly and list the correct number of members when the number of groups added is large (more than eight, in addition to the “Everyone” and “Excluded” groups). [3138113]
     

Keys and Certificates

  • Resolved an issue so that the Server Key Mode (SKM) key of a user is replicated properly, when it is created by sending email from one Symantec Encryption Management Server to another server within a cluster. [3309436]
     

Symantec Encryption Web Email Protection

  • Resolved an issue so that Symantec Encryption Web Email Protection users who close their browsers by clicking the Close button can now log on again immediately. However, if a user logs on using a different IP address, a message is displayed that the first session is terminated and the user is logged off from that session. [3301178]
  • Resolved an issue with Symantec Encryption Management Server so that correct variable names now appear in the Complete Customization template of Symantec Encryption Web Email Protection. [3277486]
     

Symantec Gateway Email

  • Resolved an issue so that users do not encounter the Invalid UTF-8 character error while replying to emails using an Apple iOS device, which is integrated with Lotus Protector for Mail Encryption Client 2.1.1 using IBM Notes Traveler. [3304663]
  • Resolved an issue so that Lotus Protector for Mail Encryption Server 2.1.1 no longer produces the Invalid UTF-8 character errors due to delivery failure codes received from the recipient mail server for outbound and bounced emails. [3304666]
     

Symantec Encryption Desktop

  • Resolved incompatibilities with Apple Mac OS X 10.9 systems. Note, however, that Symantec Encryption Desktop is not compatible with Apple Boot Camp on Mac OS X 10.9.
     

 

Symantec Encryption Management Server 3.3.1 Resolved Issues

General

  • Resolved the CVE vulnerabilities (CVE-2008-2937, CVE-2011-0411) with Postfix. [2476393]
  • Resolved a potential cross-site scripting (XSS) vulnerability with Symantec Encryption Management Server. [2969332]
  • Resolved a possible cross-site scripting vulnerability due to a misflagged cookie. [2970756]
  • Resolved the CVE vulnerability (CVE-2012-4929). [2978747]
  • Security update for CentOS kernel (CESA-2012:1323). [3000342]
  • Security update for CentOS BIND (CESA-2012:1363). [3000347]
  • Automatic backups no longer occur while software updates are in progress. [3059316]
  • Resolved an issue where Symantec Encryption Management Server did not provide a useful error message in the logs when user keys cannot be imported because there is no email address specified. [3059366]
  • Resolved an issue where Symantec Encryption Management Server used an incorrect domain name for user names with colons. [3059369]
  • Resolved an issue where changing a user's primary email address caused the user to disappear from the cluster. [3059389]
  • On the Clustering page, mousing over the icon that shows Web Email Protection enabled now displays correct text. [3059396]
  • Resolved an issue where migration errors made viewing WDRTs cause the Symantec Encryption Server to stop responding. If WDRTs are not viewable after migration, examine the log files for error messages, and contact Symantec Support to resolve the migration errors. [3059420]
  • You can now sort users on the Groups page by Name, Username, User Type and Email Address. [3059427]
  • Several Wireshark CVEs recently flagged by a security scan prompted the removal of the Wireshark RPM package shipped with Symantec Encryption Management Server, even though none of those CVEs applied to that version of the package. [3190713]
  • Resolved the CVE vulnerability in GnuTLS TLS timing attacks (CVE-2013-1619) with an RPM package update. [3190753]
  • Resolved an issue with Symantec Encryption Management Server so that the nightly SCAN operation no longer generates exception stack traces when updating or inserting due to a database foreign key constraint violation. All user data are now replicated to the other cluster members. [3194938]
  • Resolved an issue with Symantec Encryption Management Server for System > General Settings, under Server Information, so that the Set System Time dialog box now initializes the “Time Zone” to null and no longer provides a default value for “Use NTP Server.” [3194942]
  • Resolved the CVE vulnerability (CVE-2003-1418) with the Apache Web server on OpenBSD. [3194948]
  • Resolved the CVE vulnerability (CVE-2012-3499) with Symantec Encryption Management Server by no longer loading the mod_status module. [3194959]
     

Deployment

  • Migration errors no longer occur when upgrading from PGP Universal Server 3.2 MP5. [3035892]
  • Resolved an issue where an unreachable DNS caused clusters to fail and be unable to recover. [3059310]
  • Migration no longer causes preferences errors. [3059960, 3120774]
  • Upgrading no longer causes the creation of duplicate Consumer Policy values. [3060547]
  • Duplicate preferences settings are now removed at upgrade. [3089507]
  • Resolved an issue with Symantec Encryption Management Server so that following a PUP update, the Log list on the Reporting > Logs page includes an entry for “Clustering SSL.” [3219959]
     

Keys

  • Resolved an issue so that Root Certificates imported to PGP Universal Server 3.2 can be used to establish TLS negotiations after upgrading. [2861800]
  • Resolved an issue so that the X.509 certificates generated by Symantec Encryption Management Server include the Key Agreement value in the Key Usage properties. [2972679]
  • X.509 key lookups now function successfully for email addresses with fewer than 25 characters. [3059359]
  • When Symantec Encryption Management Server cannot find a key on an X.509 keyserver, the failure no longer causes that keyserver to be marked as down. [3059361]
  • Resolved an issue with the Symantec Encryption Management Server so that when an additional decryption key (ADK) is used, client enrollment is successful and the ADK is added to the keyring on the clients. [3194968]
  • Resolved an issue with Symantec Encryption Management Server where adding an ADK to a Consumer Policy now saves the ADK on the server and downloads it to the user’s keyring when a Symantec Encryption Desktop client enrolls. [3195026]
  • Resolved an issue with Symantec Encryption Management Server when performing certificate path validation in the case where multiple X.509 CA certificates with identical names are present. [3195019]
  • Resolved the issue so that external drives encrypted to public keys are now accessible after the Encryption Management Server administrator changes the key mode from GKM to SKM. [3195040]
     

PGP Messaging

  • Resolved an issue with Symantec Encryption Management Server where inbound TLS sessions would occasionally fail with a protocol error. This caused incoming mail to be queued on the sending mail server, resulting in a delivery delay. [2821956]
  • Resolved an issue so that when the Mail Policy is set to bounce an email when suitable key is not found, the Notifier displays the "Email blocked to all recipients" message and the Non Delivery Report (NDR) contains the "Your message did not reach any of the intended recipients" message. [2998015]
  • Symantec Encryption Management Server now correctly reports client IP addresses when using X-Forwarded-For headers with a Cisco ACE appliance. [3059351]
  • Resolved an issue with Symantec Encryption Management Server so that daily emails are now sent when the administrator selects the “Send Daily Status Email” option. [3194957]
     

Symantec Drive Encryption

  • Resolved an issue with Symantec Encryption Desktop so that super-silent enrollment (no prompt for user name/password) now behaves like silent enrollment (prompts for user name/password), rather than failing, when Symantec Drive Encryption is disabled. [3059293]
  • Resolved an issue related to Symantec Drive Encryption using the auto-encrypt policy and an initial user enrolled, where additional users are enrolling. These additional users are no longer prompted for the initial user's passphrase in order to be added as a user. [3060552]
  • Resolved an issue where automatic disk encryption failed after the installation of the PGP Whole Disk Encryption with embedded policy. [3081336]
  • The client installation user interface and documentation now lists the correct Linux version options. [2935330]
  • The key recovery icon now correctly appears under the ‘Recovery’ column for 'Keys > Managed Keys' on the Symantec Encryption Management Server console, when a user has created and uploaded the reconstruction information. [2952006]
  • The Symantec Encryption Management Server Administrator's Guide and online help now correctly state that the total number of authorized users includes users who have been deleted, although they can no longer access the disk. [2958267]
  • Resolved an issue so that an error message is no longer written to the client log file when Symantec Drive Encryption is paused and the user restarts the computer. This error was logged when the user authenticated at the PGP BootGuard login screen using a WDRT, created a new password in Windows, and updated the policy from the PGP Tray icon. [3194787]
  • Resolved an issue with Symantec Drive Encryption for Mac OS X where client computer identification information (for example, hostname) was not being sent consistently to the Symantec Encryption Management Server. [3194915]
  • Resolved an issue with PGP Whole Disk Encryption Command Line so that the output to the command “pgpwde --status --xml” now returns the full text and not just the first character of the cause for interrupted encryption. [3194921]