cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
pierce
Level 13
Report Inappropriate Content
Message 1 of 6
‎05-20-2014 03:27 AM

SB10072 - Java issue with ePO that needs to be fixed

Jump to solution

So just got the SNS with these details on:

https://kc.mcafee.com/corporate/index?page=content&id=SB10072

Looks like 5.1.1 is going to be out next month or there is a hotfix to patch java right now for eP 5.1.0 (and 4.6.7 and 4.5.7 and earlier).

I have downloaded the zip and it appears to just be an exe installer rather than having to replace any files.

(contents: 0x0409.ini , Data1.cab , ePOHF962156.exe , ePOHF962156.msi and setup.ini)

Anyone applied this yet? Whats risk like?

Will schedule mine for later next week as earliest time to install.

thanks,

Pierce

0 Kudos
Reply
1 Solution

Accepted Solutions
twenden
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6
‎05-20-2014 05:12 AM

Re: SB10072 - Java issue with ePO that needs to be fixed

Jump to solution

Have installed on our test ePO 5.1 server. It only takes 10 minutes to install and so far so good. I would install it as soon as possible as 2 of the 6 fixes have a CVSS score of 10. A CVSS score of 10 is the highest and classified as the most severe.

Message was edited by: twenden on 5/20/14 7:12:47 AM CDT

View solution in original post

0 Kudos
Reply
5 Replies
PhilR
Level 12
Report Inappropriate Content
Message 2 of 6
‎05-20-2014 03:57 AM

Re: SB10072 - Java issue with ePO that needs to be fixed

Jump to solution

It's installed painlessly here on our ePO 4.6.7 servers.

It only takes a few minutes to update.

Cheers,

Phil

0 Kudos
Reply
epriest
Level 7
Report Inappropriate Content
Message 3 of 6
‎05-20-2014 04:33 AM

Re: SB10072 - Java issue with ePO that needs to be fixed

Jump to solution

I was a bit confused as the patch refers explicitly to version 4.6.7.  Yet it appears to fix 4.6.7 and EARLIER - we have 4.6.6.   Anyone tried the patch against 4.6.6 ?

Cheers

Eddie.

0 Kudos
Reply
pierce
Level 13
Report Inappropriate Content
Message 4 of 6
‎05-20-2014 05:10 AM

Re: SB10072 - Java issue with ePO that needs to be fixed

Jump to solution

I think an upgrade and patch is needed, from the link:

Frequently Asked Questions (FAQs)

What is affected by this security vulnerability?

Affected Versions:

  • ePO 4.5 Patch 7 and earlier
  • ePO 4.6.7 and earlier
  • ePO 5.1.0 and earlier

Protected Versions:

  • ePO 4.6.7 with 32-bit hotfix
  • ePO 4.6.8 and later
  • ePO 5.1 with 64-bit hotfix
  • ePO 5.1.1 and later

it dosen't list 4.6.6 with hotfix as protected so think you need to upgrade it and then patch

Message was edited by: pierce - fixed typo on 5/20/14 7:11:07 AM CDT
0 Kudos
Reply
twenden
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 6
‎05-20-2014 05:12 AM

Re: SB10072 - Java issue with ePO that needs to be fixed

Jump to solution

Have installed on our test ePO 5.1 server. It only takes 10 minutes to install and so far so good. I would install it as soon as possible as 2 of the 6 fixes have a CVSS score of 10. A CVSS score of 10 is the highest and classified as the most severe.

Message was edited by: twenden on 5/20/14 7:12:47 AM CDT

View solution in original post

0 Kudos
Reply
pierce
Level 13
Report Inappropriate Content
Message 6 of 6
‎05-20-2014 05:14 AM

Re: SB10072 - Java issue with ePO that needs to be fixed

Jump to solution

Yes the CVSS score being a 10 is something that caught my eye! I know my security team advised me to upgrade ASAP as soon as they saw that.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC