This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JonathanMulsma1
Beginner
Beginner
‎2016-08-26 11:02 AM

RSA Appliance 8.1 and 8.2 third-party software patch question

The RSA Appliance Third-party software patch 1.0 was released in October 2015 and the third-party software patch 2.0 was released in April 2016, and required 8.1 SP1 P14 or higher before installation. The Appliance 8.2 was released  June 2016 , and has patches similar to P12.

Does the Appliance 8.2 include all of the fixes in the Third-party Patch 2.0?  If not, is there an ETA for this?

Labels (1)
Reply
5 Replies
BrianTwomey
Employee
Employee
‎2016-08-26 11:07 AM

Don't I know you 😉 The third party patch was for non-AM related fixes/updates. 8.2 comes with OS updates included. As for the AM related updates (p13-15) those will be included in 8.2p1 which is due out soon. 

Reply
JonathanMulsma1
Beginner
Beginner
In response to BrianTwomey
‎2016-08-26 11:23 AM

The third-party patch also lists non-OS updates such as ClamAV and VMWare tools, but these are not listed in the SP2 release notes. Are these included in SP2?

0 Likes
Reply
BrianTwomey
Employee
Employee
In response to JonathanMulsma1
‎2016-08-26 11:41 AM

They are included in 8.2. 

Reply
EdwardDavis
Employee
Employee
‎2016-08-29 08:19 AM

8.1.x = Suse 11.3

 

8.2.x = Suse 11.4

 

8.2 patch 1 will include some OS updates but it will not be a full 'TPP' patch

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-02-01 05:55 PM

I have AM 8.2 P3, but my openssl version shows as 0.9.8j-fips, same as un-TPP patched AM 8.1 SP1.

Did the TPP ever update openssl?  I've seen some screen shots from Mark 'down-under' showing his AM server at OpenSSL 1.0.2d, so wondered if that meant it was updated via TPP.

 

The reason I ask is OpenSSL 0.9.8j-fips is vulnerable to CVE-2014-0224, but it seems like the RSA responses obscure this fact because as long as your Read Only Database User uses a non-vulnerable openssl version, it cannot be exploited.  Anyone know for sure?

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.