Release Notes
07 March 2024, 17:41
These release notes provide information about the One Identity Safeguard for Privileged Sessions release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.
One Identity Safeguard for Privileged Sessions Version 7.0.5 LTS is a maintenance release with resolved issues. For details, see:
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see the Administration Guide.
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
The following is a list of issues addressed in this release.
| Resolved Issue | Issue ID |
|---|---|
|
When trying to commit changes that included the deletion of a subchapter that is referenced in a report either under Reporting > Create & Manage Reports or via the REST API, SPS displayed an error with an ambiguous error message: "The referenced subchapter 'subchapter-id' does not exist.". This has been fixed so that when deleting a subchapter, SPS checks whether the subchapter is referenced in a report, and if so, it will immediately display an error with a meaningful error message indicating that the subchapter is referenced in a report and that it should be unreferenced first. |
393727 |
|
Fixed authentication can be blocked by other users issue. SPS worked in a way that the authentication and authorization attempts of a user could possibly block the authentication of other users. This limitation did not cause problems while the authentication or authorization were performed nearly instantaneously. However, if the process was waiting for the slow response of a remote AD/LDAP or RADIUS server, then every authentication request of other users was blocked too. This was especially noticeable when the remote server was overloaded or when it was waiting for some interaction with the user (for example, MFA), and in this case, users might have experienced slow page load times or authentication timeout errors. This issue was fixed, and now the authentication attempts are performed concurrently. Note that although remote resource consumption manifests in parallel authentication requests, these can still be slow when the remote resources are overloaded. |
420845 |
|
Fixed the Remote Desktop Gateway packet overload can cause an out-of-memory crash issue. If the RDP proxy acts as a Desktop Gateway, it caches packets temporarily when the client is unable to consume them. In cases of heavy and permanent packet loads, this cache could increase until the resource limit is reached. This has been fixed, and the buffer is now involved in the flow control decision. |
340013 |
|
Fixed RDP crashing during server authentication if the SPNEGO response contains only an error code. The server responded with a vendor-specific error code (HResult 80090302: unsupported function) only in the SPNEGO response, which format was not expected by SPS. This has been fixed, and SPS now properly handles such responses. |
439931 |
|
The SSH Control > Options page only allowed uploading or deleting the Kerberos keytab for the local administrator, even when other users were granted write and perform access to this page. This has been fixed, and now all users with the proper access permissions can upload and delete the keytab. |
442599 |
|
Fixed the DNS resolution timeout problem. Previously, when SPS tried to resolve a domain name and the DNS server was unresponsive, SPS waited for too long to time out. This has been fixed, and now the timeouts are correctly enforced when resolving domain names. |
418170 |
|
Due to an error during plugin API check, plugins with two-digit plugin API versions (for example, 1.7) could not be uploaded. The version check is fixed and the two-digit API version can be used from now on. |
441702 |
|
There were only 3 time ranges previously:
A new time range (week) has been introduced, and the time period distributions have changed to the following:
Columns containing 0 items are also presented. |
340221 |
|
CSRF protection for the SPS REST API was optional. With this fix, SPS will force CSRF protection if the User-Agent refers to a browser. |
428406 |
|
When generating a report that includes content subchapters either from the SPS UI or via the SPS REST API, if approximately more than 1000 sessions matched the content query, report generation could fail. When generating reports that include content subchapters, Reporting collects sessions that match the content query. For each session, a QR code image is generated in temporary files that are embedded in the generated PDF file. Unfortunately, file descriptors had not been closed properly for these temporary files. As a result, if there were so many sessions matching the content query that the number of open file descriptors exceeded the operation system's limit, report generation failed and the following backtrace was written in the /var/log/messages log file: "ERROR OSError: [Errno 24] Too many open files.". This issue has been fixed by making sure that file descriptors are properly closed. |
431434 |
|
Resolved Issue |
Issue ID |
|---|---|
|
avahi: |
CVE-2023-38469 |
|
|
CVE-2023-38470 |
|
|
CVE-2023-38471 |
|
|
CVE-2023-38472 |
|
|
CVE-2023-38473 |
|
bind9: |
CVE-2023-4408 |
|
|
CVE-2023-50387 |
|
|
CVE-2023-50868 |
|
|
CVE-2023-5517 |
|
|
CVE-2023-6516 |
|
curl: |
CVE-2023-38546 |
|
|
CVE-2023-46218 |
|
freerdp2: |
CVE-2017-2834 |
|
|
CVE-2017-2835 |
|
|
CVE-2017-2836 |
|
|
CVE-2017-2837 |
|
|
CVE-2017-2838 |
|
|
CVE-2017-2839 |
|
|
CVE-2019-17177 |
|
|
CVE-2020-11042 |
|
|
CVE-2020-11044 |
|
|
CVE-2020-11045 |
|
|
CVE-2020-11046 |
|
|
CVE-2020-11047 |
|
|
CVE-2020-11048 |
|
|
CVE-2020-11049 |
|
|
CVE-2020-11058 |
|
|
CVE-2020-11095 |
|
|
CVE-2020-11096 |
|
|
CVE-2020-11097 |
|
|
CVE-2020-11098 |
|
|
CVE-2020-11099 |
|
|
CVE-2020-11521 |
|
|
CVE-2020-11522 |
|
|
CVE-2020-11523 |
|
|
CVE-2020-11524 |
|
|
CVE-2020-11525 |
|
|
CVE-2020-11526 |
|
|
CVE-2020-13396 |
|
|
CVE-2020-13397 |
|
|
CVE-2020-13398 |
|
|
CVE-2020-15103 |
|
|
CVE-2020-4030 |
|
|
CVE-2020-4031 |
|
|
CVE-2020-4032 |
|
|
CVE-2020-4033 |
|
|
CVE-2021-41159 |
|
|
CVE-2021-41160 |
|
|
CVE-2022-24882 |
|
|
CVE-2022-24883 |
|
|
CVE-2022-39282 |
|
|
CVE-2022-39283 |
|
|
CVE-2022-39316 |
|
|
CVE-2022-39317 |
|
|
CVE-2022-39318 |
|
|
CVE-2022-39319 |
|
|
CVE-2022-39320 |
|
|
CVE-2022-39347 |
|
|
CVE-2022-41877 |
|
|
CVE-2023-39350 |
|
|
CVE-2023-39351 |
|
|
CVE-2023-39352 |
|
|
CVE-2023-39353 |
|
|
CVE-2023-39354 |
|
|
CVE-2023-39356 |
|
|
CVE-2023-40181 |
|
|
CVE-2023-40186 |
|
|
CVE-2023-40188 |
|
|
CVE-2023-40567 |
|
|
CVE-2023-40569 |
|
|
CVE-2023-40589 |
|
glibc: |
CVE-2023-4806 |
|
|
CVE-2023-4813 |
|
gnutls28: |
CVE-2023-5981 |
|
|
CVE-2024-0553 |
|
jinja2: |
CVE-2020-28493 |
|
|
CVE-2024-22195 |
|
krb5: |
CVE-2023-36054 |
|
less: |
CVE-2022-48624 |
|
libssh: |
CVE-2023-48795 |
|
|
CVE-2023-6004 |
|
|
CVE-2023-6918 |
|
libuv1: |
CVE-2024-24806 |
|
libvpx: |
CVE-2023-44488 |
|
|
CVE-2023-5217 |
|
libx11: |
CVE-2023-43785 |
|
|
CVE-2023-43786 |
|
|
CVE-2023-43787 |
|
libxml2: |
CVE-2024-25062 |
|
libxpm: |
CVE-2023-43786 |
|
|
CVE-2023-43787 |
|
|
CVE-2023-43788 |
|
|
CVE-2023-43789 |
|
linux: |
CVE-2021-4001 |
|
|
CVE-2023-0597 |
|
|
CVE-2023-1206 |
|
|
CVE-2023-31083 |
|
|
CVE-2023-31085 |
|
|
CVE-2023-3212 |
|
|
CVE-2023-34319 |
|
|
CVE-2023-37453 |
|
|
CVE-2023-3772 |
|
|
CVE-2023-3863 |
|
|
CVE-2023-39189 |
|
|
CVE-2023-39192 |
|
|
CVE-2023-39193 |
|
|
CVE-2023-4132 |
|
|
CVE-2023-4194 |
|
|
CVE-2023-42752 |
|
|
CVE-2023-42753 |
|
|
CVE-2023-42754 |
|
|
CVE-2023-42755 |
|
|
CVE-2023-42756 |
|
|
CVE-2023-45863 |
|
|
CVE-2023-45871 |
|
|
CVE-2023-4622 |
|
|
CVE-2023-4623 |
|
|
CVE-2023-4881 |
|
|
CVE-2023-4921 |
|
|
CVE-2023-5178 |
|
|
CVE-2023-51781 |
|
|
CVE-2023-5717 |
|
|
CVE-2023-6040 |
|
|
CVE-2023-6606 |
|
|
CVE-2023-6915 |
|
|
CVE-2023-6931 |
|
|
CVE-2023-6932 |
|
|
CVE-2024-0565 |
|
|
CVE-2024-0646 |
|
nghttp2: |
CVE-2023-44487 |
|
open-vm-tools: |
CVE-2023-34058 |
|
|
CVE-2023-34059 |
|
openjdk-lts: |
CVE-2023-22081 |
|
|
CVE-2024-20918 |
|
|
CVE-2024-20919 |
|
|
CVE-2024-20921 |
|
|
CVE-2024-20926 |
|
|
CVE-2024-20945 |
|
|
CVE-2024-20952 |
|
openldap: |
CVE-2023-2953 |
|
openssh: |
CVE-2021-41617 |
|
|
CVE-2023-48795 |
|
|
CVE-2023-51385 |
|
openssl: |
CVE-2023-3446 |
|
|
CVE-2023-3817 |
|
|
CVE-2023-5678 |
|
|
CVE-2024-0727 |
|
pam: |
CVE-2024-22365 |
|
perl: |
CVE-2023-47038 |
|
php7.4: |
CVE-2023-3823 |
|
|
CVE-2023-3824 |
|
pillow: |
CVE-2023-44271 |
|
|
CVE-2023-50447 |
|
postfix: |
CVE-2023-51764 |
|
postgresql-12: |
CVE-2023-5868 |
|
|
CVE-2023-5869 |
|
|
CVE-2023-5870 |
|
|
CVE-2024-0985 |
|
procps: |
CVE-2023-4016 |
|
python-cryptography: |
CVE-2023-23931 |
|
python-urllib3: |
CVE-2023-43804 |
|
|
CVE-2023-45803 |
|
python3.8: |
CVE-2023-40217 |
|
rabbitmq-server: |
CVE-2023-46118 |
|
samba: |
CVE-2023-4091 |
|
|
CVE-2023-4154 |
|
|
CVE-2023-42669 |
|
shadow |
CVE-2023-4641 |
|
sqlite3: |
CVE-2023-7104 |
|
strongswan: |
CVE-2023-41913 |
|
tar: |
CVE-2023-39804 |
|
tiff: |
CVE-2022-40090 |
|
|
CVE-2023-1916 |
|
|
CVE-2023-3576 |
|
|
CVE-2023-52356 |
|
|
CVE-2023-6228 |
|
|
CVE-2023-6277 |
|
vim: |
CVE-2022-1725 |
|
|
CVE-2022-1771 |
|
|
CVE-2022-1897 |
|
|
CVE-2022-2000 |
|
|
CVE-2022-3234 |
|
|
CVE-2022-3256 |
|
|
CVE-2022-3324 |
|
|
CVE-2022-3352 |
|
|
CVE-2022-3520 |
|
|
CVE-2022-3591 |
|
|
CVE-2022-3705 |
|
|
CVE-2022-4292 |
|
|
CVE-2022-4293 |
|
|
CVE-2023-46246 |
|
|
CVE-2023-4733 |
|
|
CVE-2023-4735 |
|
|
CVE-2023-4750 |
|
|
CVE-2023-4751 |
|
|
CVE-2023-4752 |
|
|
CVE-2023-4781 |
|
|
CVE-2023-48231 |
|
|
CVE-2023-48233 |
|
|
CVE-2023-48234 |
|
|
CVE-2023-48235 |
|
|
CVE-2023-48236 |
|
|
CVE-2023-48237 |
|
|
CVE-2023-5344 |
|
|
CVE-2023-5441 |
|
|
CVE-2023-5535 |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
