Release Notes › Policy Server Release Notes › Changes to Existing Features
Changes to Existing Features
Policy Server Supports New Version of CABI
With this release, the Policy Server supports only CA Business Intelligence (CABI) version 3.3 SP1. The Policy Server installation kit provides CABI 3.3 and CABI 3.3 SP1 installers. You must install CABI 3.3 and then install CABI 3.3 SP1.
Upgrade of CAPKI
CA SiteMinder® is upgraded to use CAPKI 4.3.4 to fix the following OpenSSL vulnerabilities:
- CVE-2014-0224: An SSL/TLS MITM vulnerability exists in OpenSSL 0.9.8y and earlier. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server.
- CVE-2014-0221: DTLS recursion flaw exists in OpenSSL 0.9.8y and earlier. By sending an invalid DTLS handshake to an OpenSSL DTLS client, the code can be made to recurse, eventually crashing in a DoS attack.
- CVE-2014-3470: Anonymous ECDH denial of service flaw exists in OpenSSL 0.9.8y and earlier. OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack.
- CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack".
For more information about the vulnerabilities, see the OpenSSL documentation.
Copyright © 2014 CA.
All rights reserved.
|
|