Symantec Encryption Server 3.3.2 - Resolved Issues

book

Article ID: 154657

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

This article details a list of resolved issues in Symantec Encryption Server 3.3.2 including all Maintenance Packs (MP).

 

Resolution

Symantec Encryption Management Server 3.3.2 MP9 Resolved Issues

General

  • Resolved an issue with Symantec Encryption Management Server so that administrators can now successfully configure an LDAP URL for the keyserver using the LDAPS protocol. [3464158]
  • Resolved an issue with the Symantec Encryption Management Server database so that an exception no longer occurs during replication if a key entry is deleted from the key table but the corresponding entry in the metadata table is not deleted. [3632382]
  • Resolved an issue with Symantec Encryption Management Server to improve the performance of queries that are executed by outbound email rules when there are a large number of literal terms in the dictionary. [3687188]
  • Resolved an issue so that an error no longer occurs in cron daemon emails for the logrotate command if one or more optional log files do not exist. [3718401]
  • Resolved an issue with Symantec Encryption Management Server so that the sysctl.conf configuration file no longer contains a duplicate net.ipv4.tcp_syncookies = 0 entry. [3726131]
  • Resolved an issue with Symantec Encryption Management Server to prevent script injection through the administrative interface. [3738184]
  • Updated the version of OpenSSL to openssl-0.9.8e-33.el5_11 to prevent multiple threads of applications from simultaneously accessing the certificate store in the OpenSSL library. [3759946]
  • Resolved an issue with Symantec Encryption Management Server so that the allow-substring-key-search preference in the prefs.xml file now allows users to perform LDAP substring key queries by specifying complete email addresses. [3762680]
  • In response to the following security vulnerabilities, updated the version of Network Security Services (NSS) to nss-3.16.2.3-1.el5_11: [3765264]

    CVE-2014-1544
    CVE-2014-1568
    CVE-2014-3566

     
  • In response to the following security vulnerabilities, updated the version of OpenSSL to openssl-0.9.8e-33.el5_11: [3740101, 3642153]

    CVE-2015-0204
    CVE-2015-0287
    CVE-2015-0288
    CVE-2015-0289
    CVE-2015-0292
    CVE-2015-0293
    CVE-2014-0221
    CVE-2014-0224
    CVE-2014-3505
    CVE-2014-3506
    CVE-2014-3508
    CVE-2014-3510
    CVE-2014-3566
    CVE-2014-8275
     

Keys and certificates

  • Resolved an issue so that DH/DSS keys that were created using PGP Freeware 6.5.8 are now uploaded to Symantec Encryption Management Server when they are imported in Symantec Encryption Desktop during enrollment. [3610180]
  • Resolved an issue with Symantec Encryption Management Server so that the keyring in Symantec Encryption Desktop no longer incorrectly displays the status of Additional Decryption Keys (ADKs) as unverified. [3577741]
     

Messaging

  • Resolved an issue with Symantec Encryption Management Server so that an exception no longer occurs when the Decrypt and verify message rule is applied to inbound .p7m files. [3484820]
  • Resolved an issue so that emails containing the winmail.dat file as an attachment are now signed or encrypted successfully when using the PGP Partitioned encryption format. [3273141]
     

Symantec Encryption Desktop

  • Resolved an issue so that users who are moved to a different policy group now receive the new policy settings automatically when the next synchronization with the Symantec Encryption Management Server is due. [3039741]
  • Resolved an issue so that keys that do not have passphrases can no longer be imported in Symantec Encryption Desktop during enrollment when Guarded Key Mode (GKM) is selected or enforced by policy in Symantec Encryption Management Server. [3326577]
  • On a Microsoft Windows client computer running Symantec Encryption Desktop, the local self-recovery security questions are now displayed properly when the computer is restarted or after it resumes from Sleep mode. [3636319]
     

Symantec Web Email Protection

  • Symantec Web Email Protection
  • Resolved an issue so that an exception no longer occurs when external users try to change their existing delivery preferences in Symantec Web Email Protection from key-based delivery to another delivery method after their keys are manually removed from Symantec Encryption Management Server. [3702526]
     

 

Symantec Encryption Management Server 3.3.2 MP8 Resolved Issues

General

  • Simplified the license registration process for Symantec Encryption Management Server so that the Licensee Name, Licensee Organization, and Licensee Email values are no longer required. For more information, see “License registration changes in Symantec Encryption Management Server” in the Documentation Errata section of this document. [3102090]
  • Resolved an issue with Symantec Encryption Management Server so that a FileNotFoundException exception no longer occurs when administrators edit the /etc/ovid/debug.xml file through the web console. [3284970]
  • Resolved an issue so that administrators can now log on to the Symantec Encryption Management Server using passwords that contain non-ASCII characters. [3454477]
  • Resolved an issue with the Symantec Encryption Management Server database to prevent overflows in the localchangequeueid_seq table. [3563553]
  • Resolved an issue so that demilitarized zone (DMZ) servers can now successfully be added to server clusters when the Host private keys for Internal Users and Consumer Groups option is unchecked. [3601395]
  • Resolved an issue with directory synchronization in Symantec Encryption Management Server so that sample user records are now displayed successfully if the Bind DN passphrase contains the ampersand (&) character. [3664166]
  • Resolved an issue with Symantec Encryption Management Server so that the LDAP substring searches can now be disabled to prevent email address harvesting. For more information, see “Disabling substring searches” in the Documentation Errata section of this document. [3677364]
  • In response to the following security vulnerabilities, updated the version of the Network Time Protocol in Symantec Encryption Management Server to ntp-4.2.2p1-18.1pgp: [3691329] o CVE-2014-9293 o CVE-2014-9294 o CVE-2014-9295
  • Updated the glibc library version to glibc-common-2.5-123.el5_11.1.i386 to resolve security vulnerability CVE-2015-0235 in Symantec Encryption Management Server. [3714569]
     

Keys and certificates

  • Resolved an issue with Symantec Encryption Management Server so that the user interface no longer stops responding if the server fails to connect to the specified host while generating Active Directory group keys. [3509236]
  • Resolved an issue with Symantec Encryption Management Server so that external user keys with Photo IDs are now imported successfully. [3357366]
  • Resolved an issue with directory synchronization in Symantec Encryption Management Server so that user enrollment is now successful when the certificate in Active Directory has a blank subject line. [3639091]
     

Messaging

  • Resolved an issue so that attached PGP Zip files are no longer decrypted during email delivery when the body of the email message is unencrypted. [3237233]
  • Resolved an issue so that Non Delivery Reports (NDRs) in Microsoft Outlook running in cached exchange mode now indicate when emails are not delivered to any of the intended recipients due to one or more invalid or missing keys. [3318999]
  • Resolved an issue with Symantec PDF Email Protection so that the correct font is now used consistently when users send a PDF message that contains Chinese, Korean, or Japanese text multiple times. [3379847]
     

Symantec Encryption Desktop

  • Resolved an issue so that the Set default domain (Windows clients only) policy setting in Symantec Encryption Management Server is now enforced correctly in PGP BootGuard during the initial boot. [2965274, 3607647]
  • Resolved an issue with Symantec File Share Encryption so that files and folders are now encrypted and decrypted successfully if the default keyring location is overridden by a consumer policy that is specified by the Symantec Encryption Management Server. [3361125]
  • Resolved an issue with Symantec Encryption Management Server so that delays in communication with clients no longer cause more than one Whole Disk Recovery Token (WDRT) to be marked as current when multiple WRDTs are generated in quick succession. [3629108]
  • Resolved an issue so that administrators can now use the new Enable logging (Windows clients only) policy setting to enable logging on clients when the Allow users to change options policy setting is disabled. For more information, see “Enabling logging on Microsoft Windows clients by policy” in the Documentation Errata section of this document. [3684441]
  • Included passphrase expiry functionality for passphrase users to enhance data security. For information about the passphrase expiry functionality, see “Setting and managing passphrase expiry policy for passphrase users” under the Documentation Errata section of this document. [3687313]
  • Resolved an issue with PGP Virtual Disk so that users are now prompted to authenticate and host virtual disks when they double-click disk icons. [3734605]
     

 

Symantec Encryption Management Server 3.3.2 MP7 Resolved Issues

General

  • Resolved an issue with Symantec Web Email Protection so that message replication now resumes automatically after a temporary loss of connectivity when the members of a server cluster belong to different subnets. [3449260]
  • Resolved an issue with Symantec Encryption Management Server so that iptables modules are no longer unloaded, which prevents losses in network connectivity when iptables is restarted. [3267626]
  • Resolved an issue with Symantec Encryption Management Server so that RSA SecurID authentication can now be configured and used for administrator authentication. [3511781]
  • Resolved the following Apache Tomcat CVE vulnerabilities in Symantec Encryption Management Server: [3613320, 3613323, 3613324, 3613326, 3615255, 3615265, 3618432, 3622978]

    CVE-2014-0119
    CVE-2014-0075
    CVE-2014-0099
    CVE-2014-0096
    CVE-2013-4590
    CVE-2013-4322
    CVE-2014-0050
    CVE-2013-4444

     
  • Resolved issue CVE-2014-7288 which addresses a potential Remote Command Injection vulnerability that allowed user-provided input to possibly be used directly as a command line argument in Symantec Encryption Management Server. [3673746]
     

Keys and Certificates

  • Users with Server Key Mode (SKM) keys can now successfully create a new PGP Virtual Disk and mount it automatically at startup. [2750042]
  • Resolved an issue with Symantec Encryption Management Server so that modifications to users' names are now saved correctly when administrators updated keys for existing Verified Directory users. [3580055]
  • Resolved an issue with Symantec Encryption Management Server to remove the unused -n option from the pgpkeymaint command. [3589384]
  • Resolved issue CVE-2014-7287, which caused a vulnerability related to key validation in Symantec Encryption Management Server. [3616161]
     

Messaging

  • Resolved an issue with Symantec Encryption Management Server so that if an exception occurs while the message is being processed, the first outbound PDF message now bounces instead of being sent as clear text. [3554823]
  • Resolved an issue that prevented Symantec PDF Email Protection from encrypting PDF documents containing a cross-reference stream (xref element). [3612179]
     

Symantec Drive Encryption for Linux

  • Resolved incompatibilities with Ubuntu 12.04.5 LTS (32- and 64-bit versions).
  • Resolved incompatibilities with Ubuntu 14.04.1 LTS (32- and 64-bit versions).
     

Symantec Encryption Desktop

  • Resolved incompatibilities with Apple Mac OS X 10.10.1 systems.
     

Symantec Web Email Protection

  • Resolved an issue so that Symantec Web Email Protection now successfully processes customized template files that are in UTF-8 format with a byte order mark (BOM). [3572656]
     

 

Symantec Encryption Management Server 3.3.2 MP6 Resolved Issues

Symantec Encryption Desktop

  • Resolved incompatibilities with Apple Mac OS X 10.10 systems.
     

 

Symantec Encryption Management Server 3.3.2 MP5 Resolved Issues

General

  • Resolved an issue with Symantec Encryption Management Server so that console logon errors no longer occur when there are a large number of entries in the daily_stats table in the database. [3557433]
  • Not affected by ShellShock however, updated the Bash version to address BASH (ShellShock) security issues: CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 andCVE-2014-6278. [3630417]

Keys and Certificates

  • Resolved an issue so that LDAP key lookup queries now consider both the host name and port number while identifying key servers. [3527452]

Messaging

  • Resolved a performance issue with Symantec Encryption Management Server so that the pgpproxyd process no longer causes “Out of memory” error messages and SMTP connection timeouts. [3388741]
  • Resolved an issue with Symantec Encryption Management Server so that mail server proxies now correctly verify the S/MIME signatures of certain certificates in incoming email messages. [3430446]
  • Resolved an issue with Symantec Encryption Management Server so that emails containing some inline attachments that are sent to external PDF email users for the first time no longer cause an exception. [3552366]

Symantec Encryption Desktop

  • Resolved incompatibilities with Apple Mac OS X 10.9.4 and 10.9.5 systems.
  • For details on the updated list of the supported smart cards and tokens for the Symantec Drive Encryption administrator keys, refer to the Symantec Knowledgebase article TECH149099 (http://www.symantec.com/docs/TECH149099). [3583553]
  • Resolved an issue with Microsoft Outlook/MAPI support in Symantec Encryption Desktop for Windows so that offline email policies no longer cause email duplication. [3547567]

Symantec Web Email Protection

  • Resolved an issue with Symantec Web Email Protection so that administrators can now download existing Web Messenger templates. [2928062]
     

 

Symantec Encryption Management Server 3.3.2 MP4 Resolved Issues

General

  • Improved some functionality issues and further enhanced the overall security of the application.
     

 

Symantec Encryption Management Server 3.3.2 MP3 Resolved Issues

General

  • Resolved the CVE-2009-5138 and CVE-2014-0092 vulnerabilities by removing the unused and vulnerable GnuTLS package. [3453811]

Administrative Interface

  • Resolved an issue so that the Symantec Encryption Management Server administrator interface works properly even when you enter invalid data on the Group Key Settings page. [3557662]

Messaging

  • Resolved an issue so that the outbound emails that users send from an unmanaged domain now bounce instead of being delivered unsecured by adding the "bounce-unmanaged-domains" preference in the prefs.xml file. For details, refer to the Symantec Knowledgebase article TECH222992. For assistance with implementing this change, contact Symantec Technical Support. [3494981]

Symantec Encryption Desktop

  • Resolved incompatibilities with Ubuntu 14.04 LTS (32-bit and 64-bit versions).

Symantec File Share Encryption

  • Resolved an issue so that Symantec File Share Encryption now successfully retrieves certificate chains to allow group key users to access shared folders. [3475975]

Symantec Web Email Protection

  • Resolved an issue so that external users of Symantec Web Email Protection do not receive an error message when they log in. [3450792]

Upgrade and Migration

  • Resolved an issue so that temporary RPM log files are deleted from the /var/tmp/ directory after administrators install a PUP for Symantec Encryption Management Server. [3470493]

     

 

Symantec Encryption Management Server 3.3.2 MP2 Resolved Issues

General

  • Resolved an issue so that when Universal Services Protocol (USP) requests fail, the Symantec Encryption Management Server now logs the user name of the requester. [3422888]
  • Resolved an issue so that Symantec Encryption Management Server now does not create duplicate dictionary entries for the literal or pattern terms when you import the text or the text file. [3433564]
  • In response to CVE-2014-0224, updated the version of OpenSSL to openssl-0.9.8e-27.el5_10.3. [3529315]
     

Administrative Interface

  • Resolved an issue so that Active Directory objects that have an ampersand symbol (&) in their name can be expanded and collapsed in the Active Directory navigation dialog box, when administrators try to create a new Group Key from the Keys tab of the Symantec Encryption Management Server Console. [3458433]
     

Messaging

  • Resolved an issue so that .gpg files that are received as email attachments are now decrypted successfully. [3411793]
  • Resolved an issue so that the correct product name is now displayed in the confirmation message that appears after users reset their passphrase in the German version of the Symantec Web Email Protection. [3454344]
     

Symantec Encryption Web Email Protection

  • Resolved an issue so that nightly data replication scans no longer terminate unexpectedly. [3460668]
     

Upgrade and Migration

  • Resolved an issue so that the mail policy chain rule conditions or actions are now successfully displayed in the administrative interface after users upgrade PGP Universal Server version 3.1.2 to Symantec Encryption Management Server 3.3.2. [3485485]
     

Symantec Encryption Desktop

  • Resolved incompatibilities with Apple Mac OS X 10.9.3 systems

     

 

Symantec Encryption Management Server 3.3.2 MP1 Resolved Issues

General

  • Resolved an issue so that unwanted completion reports for cron jobs in the /etc/crontab directory are not sent to the root user. [3323981]
  • Resolved a vulnerability issue so that confidential information about the server is not displayed. [3395130, 3192882]
     

Administrative Interface

  • Resolved an issue so that administrators with the Full Administrator role can now manage keys as expected in the administrative interface. [3212029]
     

Keys and Certificates

  • Resolved an issue so that administrators can successfully import network certificates through the administrative interface as well as the command line interface of the Symantec Encryption Management Server. [3377131]
     

Messaging

  • Resolved an issue so that users can now successfully send outbound emails that contain 30+ non-ASCII characters in the From field. [2474869]
  • Resolved an issue so that multiple signature packets are no longer added to cached keys when users send S/MIME encrypted email messages that contain the same certificate, which improves email performance. [3331068]
     

Symantec Encryption Desktop

  • Resolved incompatibilities with Apple Mac OS X 10.9.2 systems.
  • Resolved incompatibilities with Red Hat Enterprise Linux 6.5 (32- and 64-bit versions).
  • Resolved an issue so that Symantec Encryption Desktop now logs only one event when Symantec Endpoint Encryption Removable Storage is also installed on the same computer. [3153572]
  • Resolved an issue so that Symantec Encryption Management Server administrators can now prevent users from disabling the logging function on managed clients through Consumer Policy settings. [3202174]
     

Symantec Encryption Web Email Protection

Upgrade and Migration

  • Resolved an issue so that all of the required preferences are listed in the prefs.xml configuration file after users upgrade PGP Universal Server version 3.0.0 or 3.1.2 to Symantec Encryption Management Server 3.3.2. [3180216]
  • Resolved an issue so that the pgprep service now works correctly and enables server clusters to function after administrators perform a PUP update. [3089685]
  • Resolved an issue so that backup and restore completes successfully from a terminal when using the pgpbackup.pl script. [3415457, 3415463]
     

 

Symantec Encryption Management Server 3.3.2 Resolved Issues

General

  • Resolved the CVE-2013-1862 vulnerability related to the RewriteLog directive by using the updated version of httpd.conf configuration file of the Apache HTTP Server. [3275147]
  • Resolved the CVE issues (CVE-2013-2407, CVE-2013-2451, CVE-2013-2457, and CVE-2013-2461) related to vulnerabilities in the Oracle Java 6 SDK that allow remote attackers to affect confidentiality, integrity and availability of the Java platform through various vectors by using the Java SE Development Kit 7, Update 25 release. [3297839]
  • Resolved multiple CVE issues related to the FreeType font engine that allow remote attackers to cause an application to crash or, potentially, execute arbitrary code with the privileges of the user running the application with the updated FreeType RPM package. [3315192]
  • Resolved the CVE-2013-0153 vulnerability related to the handling method of interrupt remapping entries by the hypervisor driver with a kernel RPM package update. [3315231]
  • Resolved the CVE-2002-2443 vulnerability related to denial-of-service attacks by using an updated Kerberos version 5 RPM package. [3315236]
  • Resolved multiple CVE issues that allow a local, unprivileged user to leak kernel memory to user space by using the updated kernel RPM package. [3315248]
  • Resolved the CVE issues (CVE-2013-0791 and CVE-2013-1620) related to remote user gaining access to plain text data with a Network Security Services (NSS) and Netscape Portable Runtime (NSPR) RPM package update. [3315271]
  • Resolved the CVE-2012-3417 vulnerability, which allows remote attackers to bypass intended access restrictions, with a quota RPM package update. [3325302]
  • Resolved the CVE issues (CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2234, and CVE-2013-2237) that allow remote attackers to crash a system, trigger denial-of-service attacks, gain improper privileges, and leak kernel memory to user space with a kernel RPM package update. [3315289]
  • Resolved an issue so that Symantec Encryption Management Server does not disclose the version number of the Apache HTTP Server on Red Hat Enterprise Linux/CentOS when the echo -e "GET / HTTP/1.0\n\n" | openssl s_client -quiet-ign_eof -connect | grep Server command is executed. [3212797]
  • Resolved an issue with Symantec Encryption Management Server so that encryption or decryption works properly when multiple ignition keys are added or removed in a clustered environment. [3304712/3312658]
  • Resolved the CVE-2007-6750 vulnerability related to denial-of-service attacks with the implementation of the mod_reqtimeout module in the Apache HTTP Server. [3318302/3299196]
  • Resolved the vulnerability on Linux systems related to Internet Control Message Protocol (ICMP) redirection so that only gateways can redirect messages. [3318280]
  • Resolved the vulnerability related to world-writable files by implementing controlled file permissions. [3318281]
  • Resolved a possible partition mounting weakness in Symantec Encryption Management Server by including the 'nodev' hardening option for the boot partition. [3318279]
  • Obsolete tables for the PGP Remote Disable and Destroy feature, which is no longer supported in Symantec Encryption Management Server, have been removed from the Symantec Encryption Management Server database. [3318267]
     

Administrative Interface

  • Resolved an issue so that the links in the (Consumers) Group tab of Symantec Encryption Management Server work properly and list the correct number of members when the number of groups added is large (more than eight, in addition to the “Everyone” and “Excluded” groups). [3318268] Keys and Certificates
  • Resolved an issue that occurred when searching for keys from a keyserver that uses SSL authentication (either LDAPS or USP). Symantec Encryption Management Server now verifies the validity of the certificate presented by the keyserver, and verifies that the server DNS name matches the DNS name in the presented certificate. [2735979]
  • Resolved an issue so that the Server Key Mode (SKM) key of a user is replicated properly, when it is created by sending email from one Symantec Encryption Management Server to another server within a cluster. [3274338]
     

Symantec Encryption Web Email Protection

  • Resolved an issue so that Symantec Encryption Web Email Protection users who close their browsers by clicking the Close button can now log on again immediately. However, if a user logs on using a different IP address, a message is displayed that the first session is terminated and the user is logged off from that session. [3318294]
  • Resolved an issue with Symantec Encryption Management Server so that correct variable names now appear in the Complete Customization template of Symantec Encryption Web Email Protection. [3318288]
     

Symantec Gateway Email

  • Resolved an issue so that users do not encounter the Invalid UTF-8 character error while replying to emails using an Apple iOS device, which is integrated with Lotus Protector for Mail Encryption Client 2.1.1 using IBM Notes Traveler. [3311598/3318296]
  • Resolved an issue so that Lotus Protector for Mail Encryption Server 2.1.1 no longer produces the Invalid UTF-8 character errors due to delivery failure codes received from the recipient mail server for outbound and bounced emails. [3318297/3311603]
     

Symantec Encryption Desktop

  • Resolved an issue with Symantec Drive Encryption so that when SSO is enabled on a Microsoft Windows 7 64-bit system that is using a simple PGP BootGuard log-in screen, SSO now works correctly for all enrolled users, not just for the first user. [3116309]