Skip to content
  • There are no suggestions because the search field is empty.

ESA-2016-081: RSA Security Analytics Security Update for Multiple Embedded Components

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

EMC Identifier:

ESA-2016-081

CVE Identifier: 

CVE-2016-1950, CVE-2015-7529, CVE-2015-8386, CVE-2015-7560

CVE-2016-0787, CVE-2015-5600, CVE-2016-3115, CVE-2016-0773

CVE-2016-0766, CVE-2015-8767, CVE-2015-5157, CVE-2016-0774

CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797

CVE-2016-0800, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106

CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842

CVE-2016-0687, CVE-2016-0686, CVE-2016-3427, CVE-2016-0695

CVE-2016-3425, CVE-2016-3426, CVE-2016-1285, CVE-2016-1286

CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550

CVE-2016-2518, CVE-2015-5352, CVE-2015-6563, CVE-2015-6564,

CVE-2016-1908

Affected Products:

RSA Security Analytics 10.6.x

Summary:

Multiple components within RSA Security Analytics require a security update to address various vulnerabilities.

Details:

The embedded components are updated for the following vulnerabilities:

·          NSS: CVE-2016-1950

·          SOS: CVE-2015-7529

·          PHP: CVE-2015-8386

·          Samba: CVE-2015-7560

·          Libssh2: CVE-2016-0787

·          Bind: CVE-2016-1285,CVE-2016-1286

·          NTP: CVE-2015-7979,CVE-2016-1547,CVE-2016-1548,CVE-2016-1550,CVE-2016-2518

·          openSSH: CVE-2015-5600,CVE-2016-3115,CVE-2015-5352,CVE-2015-6563,CVE-2015-6564,CVE-2016-1908

·          Postgres: CVE-2016-0773,CVE-2016-0766,

·          Kernel: CVE-2015-8767,CVE-2015-5157,CVE-2016-0774

·          openssl: CVE-2015-3197,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0800,CVE-2016-0799, CVE-2016-2105, CVE-2016-2106,CVE-2016-2107,CVE-2016-2108,CVE-2016-2109,CVE-2016-2842

NOTE: The OpenSSL vulnerabilities are applicable to versions of SA prior to 10.6.1. OpenSSL has been replaced by BSAFE in SA 10.6.1 and these vulnerabilities are not applicable to that release.

Recommendation:

The following RSA Security Analytics release contains resolutions to these vulnerabilities:

·         Security Analytics 10.6.1

RSA recommends all customers upgrade at the earliest opportunity.

For additional documentation, downloads, and more, visit the Security Analytics Security Advisories" data-type="space  page on RSA Link.

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.