Critical patch for CSP pages now available from Intersystems
252 views
Skip to first unread message
kevin furze
Nov 17, 2003, 11:01:39 AM11/17/03
to x...@info2.kinich.com
hi all.
I have just received an email alert from Intersystems
<snip>
November 14, 2003 - Cache' Server Pages
InterSystems has encountered a critical issue with the use of Cache'
Server Pages, which would allow an attacker to remotely compromise the
Cache' Server and gain complete control over it.
All Cache' versions starting with 4.0.3 are affected by this
vulnerability and will be fixed with Cache' 5.1. Please install the
appropriate patch, available from our ftp site
ftp://ftp.intersystems.com/pub/cache/PatchProdlog34606.zip
to help to protect your Cache' system. Included in the zip file are
complete instructions on the steps required to correct this issue.
<snip>
I guess that you need a current support contract to cover this, and I'm
not really sure if the Single user version will be patched,
thought you might want to know.
kev
I have just received an email alert from Intersystems
<snip>
November 14, 2003 - Cache' Server Pages
InterSystems has encountered a critical issue with the use of Cache'
Server Pages, which would allow an attacker to remotely compromise the
Cache' Server and gain complete control over it.
All Cache' versions starting with 4.0.3 are affected by this
vulnerability and will be fixed with Cache' 5.1. Please install the
appropriate patch, available from our ftp site
ftp://ftp.intersystems.com/pub/cache/PatchProdlog34606.zip
to help to protect your Cache' system. Included in the zip file are
complete instructions on the steps required to correct this issue.
<snip>
I guess that you need a current support contract to cover this, and I'm
not really sure if the Single user version will be patched,
thought you might want to know.
kev
Bill McCormick
Nov 17, 2003, 11:16:01 AM11/17/03
to x...@info2.kinich.com
Its in a public area - no requirement for a support contract here. Also
the patch will work just fine on a Single User system.
--
Bill McCormick
Web/Objects Support Manager
InterSystems Corporation
bmc...@intersys.com
the patch will work just fine on a Single User system.
Bill McCormick
Web/Objects Support Manager
InterSystems Corporation
bmc...@intersys.com
Pavel Krehula
Nov 18, 2003, 3:05:29 AM11/18/03
to x...@info2.kinich.com
> All Cache' versions starting with 4.0.3 are affected by this
> vulnerability and will be fixed with Cache' 5.1. Please install the
Means all versions prior 5.1 will have again this vunerability???
> vulnerability and will be fixed with Cache' 5.1. Please install the
Pavel
Ralf Huwald
Nov 18, 2003, 4:02:04 AM11/18/03
to x...@info2.kinich.com
Hi!
I'm using 4.0.15 (Win2K). Are there more patches, which i should install?!?
Ralf
"kevin furze" <ke...@oakbeam.co.uk> schrieb im Newsbeitrag
news:Usenet.chcsatbc@localhost...
I'm using 4.0.15 (Win2K). Are there more patches, which i should install?!?
Ralf
"kevin furze" <ke...@oakbeam.co.uk> schrieb im Newsbeitrag
news:Usenet.chcsatbc@localhost...
Timur Safin
Nov 18, 2003, 5:19:57 AM11/18/03
to x...@info2.kinich.com
No, it just means that at the moment of writing this security alert MXT526 was
in the main/latest (5.1) branch only. Since then Marvin has checked-in to
5.0/latest (will be 5.0.6), 5.0.5, and 4.1 objects branches.
It supposed to be fixed in all subsequent maintenance releases.
Best Regards,
Timur
"Pavel Krehula" <pavel....@nlm.cz> wrote in message
news:3fb9d...@info2.kinich.com...
: > All Cache' versions starting with 4.0.3 are affected by this
:
in the main/latest (5.1) branch only. Since then Marvin has checked-in to
5.0/latest (will be 5.0.6), 5.0.5, and 4.1 objects branches.
It supposed to be fixed in all subsequent maintenance releases.
Best Regards,
Timur
"Pavel Krehula" <pavel....@nlm.cz> wrote in message
news:3fb9d...@info2.kinich.com...
: > All Cache' versions starting with 4.0.3 are affected by this
Bill McCormick
Nov 18, 2003, 10:22:37 AM11/18/03
to x...@info2.kinich.com
New maintenance kits issued after this will include the patch - 5.0.5
and 4.1.17
and 4.1.17
kevin furze
Nov 19, 2003, 2:17:55 AM11/19/03
to x...@info2.kinich.com
talking to the distributor?
it depends what the arrangements are. perhaps he is keeping track of
what he THINKS is installed on your system?
Ralf Huwald wrote:
>
> Yes, you are right. It's 4.1.15... Is there a public link, where i
> can download the 4.1.16 or do i have to talk to my distributor?!?
>
> Ralf
>
> "Jon P Jensen" <jens...@intersystems.com> schrieb im Newsbeitrag
> news:3fba7...@info2.kinich.com... Hi
> You mentioned you had 4.0.15...Did you mean 4.1.15?
> If so, you might be interested in seeing
> http://www.intersystems.com/cache/technology/product-
> tables/releasenotes/4116/index.html
>
> This lists all the changes made between 4.1.15 and 4.1.16(this is
> the latest 4.1.x release)
>
> jon
it depends what the arrangements are. perhaps he is keeping track of
what he THINKS is installed on your system?
Ralf Huwald wrote:
>
> Yes, you are right. It's 4.1.15... Is there a public link, where i
> can download the 4.1.16 or do i have to talk to my distributor?!?
>
> Ralf
>
> "Jon P Jensen" <jens...@intersystems.com> schrieb im Newsbeitrag
> news:3fba7...@info2.kinich.com... Hi
> You mentioned you had 4.0.15...Did you mean 4.1.15?
> If so, you might be interested in seeing
> http://www.intersystems.com/cache/technology/product-
> tables/releasenotes/4116/index.html
>
> This lists all the changes made between 4.1.15 and 4.1.16(this is
> the latest 4.1.x release)
>
> jon
Jon P Jensen
Nov 19, 2003, 7:47:21 AM11/19/03
to x...@info2.kinich.com
Hi
If you have purchased Caché directly from InterSystems and have a valid
support contract, you can contact your local office about getting an update.
If you have purchased Caché(or Caché is part of an application you
purchased) from a distributor/reseller/VAR/etc., you should talk to your
supplier to determine what options are available to you/your application.
jon
Ralf Huwald wrote:
> Yes, you are right. It's 4.1.15... Is there a public link, where i can
> download the 4.1.16 or do i have to talk to my distributor?!?
>
> Ralf
>
>
> "Jon P Jensen" <jens...@intersystems.com
> <mailto:jens...@intersystems.com>> schrieb im Newsbeitrag
If you have purchased Caché directly from InterSystems and have a valid
support contract, you can contact your local office about getting an update.
If you have purchased Caché(or Caché is part of an application you
purchased) from a distributor/reseller/VAR/etc., you should talk to your
supplier to determine what options are available to you/your application.
jon
Ralf Huwald wrote:
> Yes, you are right. It's 4.1.15... Is there a public link, where i can
> download the 4.1.16 or do i have to talk to my distributor?!?
>
> Ralf
>
>
> "Jon P Jensen" <jens...@intersystems.com
> news:3fba7...@info2.kinich.com...
> Hi
> You mentioned you had 4.0.15...Did you mean 4.1.15?
> If so, you might be interested in seeing
> http://www.intersystems.com/cache/technology/product-tables/releasenotes/4116/index.html
>
> This lists all the changes made between 4.1.15 and 4.1.16(this is
> the latest 4.1.x release)
>
> jon
>
>
> Ralf Huwald wrote:
>
> Hi
> You mentioned you had 4.0.15...Did you mean 4.1.15?
> If so, you might be interested in seeing
> http://www.intersystems.com/cache/technology/product-tables/releasenotes/4116/index.html
>
> This lists all the changes made between 4.1.15 and 4.1.16(this is
> the latest 4.1.x release)
>
> jon
>
>
> Ralf Huwald wrote:
>
Ralf Huwald
Nov 19, 2003, 4:57:59 PM11/19/03
to x...@info2.kinich.com
Thank you! Maybe i should contact the reseller.
Ralf
"Jon P Jensen" <jens...@intersystems.com> schrieb im Newsbeitrag
news:3fbb6...@info2.kinich.com...
Ralf
"Jon P Jensen" <jens...@intersystems.com> schrieb im Newsbeitrag
news:3fbb6...@info2.kinich.com...
Reply all
Reply to author
Forward
0 new messages