Due to vulnerabilities found CEM Gateway OpenSSL component has been upgraded to version 1.0.1u
Known vulnabilities in pre-1.0.1u version of OpenSSL.
https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/
http://www.zdnet.com/article/two-highly-dangerous-openssl-security-bugs-have-been-patched/
http://www.swingleton.com/blog/2014/04/patching-openssl-on-windows-running-apache-fixing-the-heartbleed-bug/
https://www.openssl.org/news/secadv/20160922.txt
These vulnerabilities have been reported to Symantec Development team.
A fixed version of gateway including latest OpenSSL 1.0.1u version has been created and added to later releases.
These include post 7.6 HF7 > see attached "Gateway_POST_7.6_HF7_v1.zip" file for the actual pointfix.
Latest 8.0 version of gateway has following versions post 8.0 HF1 (1.0.1t), 8.0 HF4 (1.0.1u).
For changes done under the ULM agent version in SMP 7.5 SP1 HF5 regarding OpenSSL 1.0.1t, please refer to the attached "Pointfix_eTrack3947448_7.5_SP1_HF5_ULM.zip". ReadMe doc is included in the Zip file.
Note: So far no requests were made for 1.0.1u version to be added for 7.5 SP1 HF5, hence 7.6 and 8.0 latest versions were upgraded only.
REQUIREMENT
SMP 7.6 or higher
HOW TO INSTALL THIS POINTFIX
CHANGES MADE
QA PERFORMED
Tested PF on CEM Gateway 7.6 in following scenarios: