Release Notes
09 March 2023, 02:52
These release notes provide information about the One Identity Safeguard for Privileged Sessions release. For the most recent documents and product information, see One Identity Safeguard for Privileged Sessions - Technical Documentation.
One Identity Safeguard for Privileged Sessions Version 6.0.14 LTS is a
For more information on the resolved issues, see:
|
|
NOTE: For a full list of key features in One Identity Safeguard for Privileged Sessions, see Administration Guide. |
The One Identity Safeguard Appliance is built specifically for use only with the Safeguard privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
Safeguard privileged management software is used to control, monitor, and govern privileged user accounts and activities to identify possible malicious activities, detect entitlement risks, and provide tamper proof evidence. The Safeguard products also aid incident investigation, forensics work, and compliance efforts.
The Safeguard products' unique strengths are:
One-stop solution for all privileged access management needs
Easy to deploy and integrate
Unparalleled depth of recording
Comprehensive risk analysis of entitlements and activities
Thorough Governance for privileged account
The suite includes the following modules:
One Identity Safeguard for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
The following is a list of issues addressed in this release.
| Resolved Issue | Issue ID |
|---|---|
|
The "platformd" network settings fail on bionic kernel. This problem was caused by "pyroute2" library. It is replaced with an own implementation. This issue has been fixed by rewriting the corresponding network component. |
340429 |
|
The SPS configuration synchronization could hang for an indefinitely long time. The SPS configuration synchronization could hang for an indefinitely long time due to a network issue between the central management and managed node. The configuration synchronization locks the configuration so any configuration change is locked by the blocked configuration synchronization. This issue has been fixed. A timeout of 20 seconds is added to configuration synchronization fetch to avoid the issue. |
340557 |
|
Generate join data for SPS cluster only once to avoid conflict with repeated join request. SPS generated join data for every join request to SPS cluster. This meant that a repeated join request deleted the earlier join data on the node that was going to be managed, so if the user joined the SPS with the first join data, then the SPS cluster configuration ran into a conflict between the central management node and the managed node. This issue has been fixed. SPS now generates the join data only once, so the repeated join request will contain the same data, therefore the cluster configuration will not conflict. |
340558 |
|
Issuer chain from server SSL certificate is dropped if the user committed any changes on the new REST based web UI. The REST API did not persist the issuer chain of the server SSL certificate. If a user committed any changes on the new REST based web UI or directly at the REST API, then the issuer chain was dropped from the server SSL certificate. The issue has been fixed and REST API persists the issuer chain of the server SSL certificate. |
340559 |
|
Backoff strategy (with iteratively increasing time intervals of 1, 2, 4, ..., 16 minutes) is added to configuration synchronization in case of a permanent configuration synchronization error. Permanent configuration synchronization error can cause high system load, therefore a backoff strategy is added to configuration synchronization, which waits 1, 2, 4, ... 16 minutes iteratively before the next configuration synchronization, if the configuration synchronization error is still present. |
340560 |
|
External indexer certificates are too short-lived. In an attempt to fix PAM-11122, the default lifetime of several certificates was limited to 800 days, because browsers did not trust certificates with a longer validity period. Due to an error, the lifetime of the external indexer SSL certificate was limited too, despite its sole use was to encrypt the traffic between the external indexers and SPS, where web browsers are not involved. However, after the external indexer SSL certificate expires, the external indexers will not be able to connect to SPS, and external indexing stops working. The workaround is to reconfigure the external indexers by disabling and re-enabling external indexing and resetting the external indexer configurations. You are only affected by this issue if you enabled external indexing while running SPS version 6.0.4/6.4.0 or later, when the fix for PAM-11122 was released, since previous versions included external indexer certificates with a sufficiently long lifetime. After the current fix, freshly generated external indexer certificates will again have a lifetime of 20 years. |
340591 |
| Resolved Issue | Issue ID |
|---|---|
|
bind9: |
CVE-2022-2795 |
|
CVE-2022-38177 | |
|
CVE-2022-38178 | |
|
cloud-init: |
CVE-2022-2084 |
|
curl: |
CVE-2022-32221 |
|
CVE-2022-35252 | |
|
CVE-2022-43552 | |
|
dbus: |
CVE-2022-42010 |
|
CVE-2022-42011 | |
|
CVE-2022-42012 | |
|
expat: |
CVE-2022-40674 |
|
CVE-2022-43680 | |
|
gmp |
CVE-2021-43618 |
|
gnutls28: |
CVE-2021-4209 |
|
CVE-2022-2509 | |
|
heimdal: |
CVE-2018-16860 |
|
CVE-2019-12098 | |
|
CVE-2021-3671 | |
|
CVE-2021-44758 | |
|
CVE-2022-3116 | |
|
CVE-2022-3437 | |
|
CVE-2022-41916 | |
|
CVE-2022-42898 | |
|
CVE-2022-44640 | |
|
CVE-2022-45142 | |
|
isc-dhcp: |
CVE-2022-2928 |
|
CVE-2022-2929 | |
|
jbigkit: |
CVE-2017-9937 |
|
krb5: |
CVE-2018-20217 |
|
CVE-2022-42898 | |
|
libice: |
CVE-2017-2626 |
|
libjpeg-turbo: |
CVE-2018-11813 |
|
CVE-2020-17541 | |
|
CVE-2020-35538 | |
|
libksba: |
CVE-2022-3515 |
|
CVE-2022-47629 | |
|
libxml2: |
CVE-2016-3709 |
|
CVE-2022-2309 | |
|
CVE-2022-40303 | |
|
CVE-2022-40304 | |
|
libxpm: |
CVE-2022-44617 |
|
CVE-2022-46285 | |
|
CVE-2022-4883 | |
|
libxslt: |
CVE-2019-5815 |
|
CVE-2021-30560 | |
|
linux: |
CVE-2021-33655 |
|
CVE-2021-33656 | |
|
CVE-2022-1652 | |
|
CVE-2022-1679 | |
|
CVE-2022-1734 | |
|
CVE-2022-2586 | |
|
CVE-2022-2588 | |
|
CVE-2022-2663 | |
|
CVE-2022-2978 | |
|
CVE-2022-3028 | |
|
CVE-2022-3061 | |
|
CVE-2022-3239 | |
|
CVE-2022-34918 | |
|
CVE-2022-3524 | |
|
CVE-2022-3564 | |
|
CVE-2022-3565 | |
|
CVE-2022-3566 | |
|
CVE-2022-3567 | |
|
CVE-2022-3594 | |
|
CVE-2022-3621 | |
|
CVE-2022-3643 | |
|
CVE-2022-36946 | |
|
CVE-2022-40768 | |
|
CVE-2022-42703 | |
|
CVE-2022-42896 | |
|
CVE-2022-43945 | |
|
CVE-2022-45934 | |
|
multipath-tools: |
CVE-2022-41974 |
|
mysql-5.7: |
CVE-2022-21515 |
|
CVE-2022-21589 | |
|
CVE-2022-21592 | |
|
CVE-2022-21608 | |
|
CVE-2022-21617 | |
|
CVE-2023-21840 | |
|
net-snmp: |
CVE-2022-24805 |
|
CVE-2022-24806 | |
|
CVE-2022-24807 | |
|
CVE-2022-24808 | |
|
CVE-2022-24809 | |
|
CVE-2022-24810 | |
|
CVE-2022-4479 | |
|
CVE-2022-44792 | |
|
CVE-2022-44793 | |
|
nginx: |
CVE-2022-41741 |
|
CVE-2022-41742 | |
|
open-vm-tools: |
CVE-2022-31676 |
|
openjdk-8: |
CVE-2020-14779 |
|
CVE-2020-14781 | |
|
CVE-2020-14782 | |
|
CVE-2020-14792 | |
|
CVE-2020-14796 | |
|
CVE-2020-14797 | |
|
CVE-2020-14798 | |
|
CVE-2020-14803 | |
|
CVE-2021-35550 | |
|
CVE-2021-35556 | |
|
CVE-2021-35559 | |
|
CVE-2021-35561 | |
|
CVE-2021-35564 | |
|
CVE-2021-35565 | |
|
CVE-2021-35567 | |
|
CVE-2021-35578 | |
|
CVE-2021-35586 | |
|
CVE-2021-35588 | |
|
CVE-2021-35603 | |
|
CVE-2022-21248 | |
|
CVE-2022-21282 | |
|
CVE-2022-21283 | |
|
CVE-2022-21293 | |
|
CVE-2022-21294 | |
|
CVE-2022-21296 | |
|
CVE-2022-21299 | |
|
CVE-2022-21305 | |
|
CVE-2022-21340 | |
|
CVE-2022-21341 | |
|
openjdk-8: |
CVE-2022-21349 |
|
CVE-2022-21360 | |
|
CVE-2022-21365 | |
|
CVE-2022-21426 | |
|
CVE-2022-21434 | |
|
CVE-2022-21443 | |
|
CVE-2022-21476 | |
|
CVE-2022-21496 | |
|
CVE-2022-21540 | |
|
CVE-2022-21541 | |
|
CVE-2022-21619 | |
|
CVE-2022-21624 | |
|
CVE-2022-21626 | |
|
CVE-2022-21628 | |
|
CVE-2022-34169 | |
|
openssl: |
CVE-2022-4304 |
|
CVE-2022-4450 | |
|
CVE-2023-0215 | |
|
CVE-2023-0286 | |
|
openssl1.0: |
CVE-2023-0215 |
|
CVE-2023-0286 | |
|
pam: |
CVE-2022-28321 |
|
perl: |
CVE-2020-16156 |
|
php7.2: |
CVE-2022-31628 |
|
CVE-2022-31629 | |
|
CVE-2022-31631 | |
|
CVE-2022-37454 | |
|
pixman: |
CVE-2022-44638 |
|
postgresql-10: |
CVE-2022-2625 |
|
python-future: |
CVE-2022-40899 |
|
python-setuptools: |
CVE-2022-40897 |
|
python2.7: |
CVE-2022-45061 |
|
python3.6: |
CVE-2022-45061 |
|
rsync: |
CVE-2022-37434 |
|
shadow: |
CVE-2013-4235 |
|
sqlite3: |
CVE-2020-35525 |
|
CVE-2022-35737 | |
|
strongswan: |
CVE-2022-40617 |
|
sudo: |
CVE-2023-22809 |
|
sysstat: |
CVE-2022-39377 |
|
systemd: |
CVE-2022-2526 |
|
tiff: |
CVE-2020-19131 |
|
CVE-2020-19144 | |
|
CVE-2022-0907 | |
|
CVE-2022-0908 | |
|
CVE-2022-0909 | |
|
CVE-2022-0924 | |
|
CVE-2022-1355 | |
|
CVE-2022-2056 | |
|
CVE-2022-2057 | |
|
CVE-2022-2058 | |
|
CVE-2022-22844 | |
|
CVE-2022-2867 | |
|
CVE-2022-2868 | |
|
CVE-2022-2869 | |
|
CVE-2022-34526 | |
|
CVE-2022-3570 | |
|
CVE-2022-3598 | |
|
CVE-2022-3599 | |
|
CVE-2022-3970 | |
|
vim: |
CVE-2022-0392 |
|
CVE-2022-0943 | |
|
CVE-2022-1154 | |
|
CVE-2022-1616 | |
|
CVE-2022-1619 | |
|
CVE-2022-1620 | |
|
CVE-2022-1621 | |
|
wayland: |
CVE-2021-3782 |
|
zlib: |
CVE-2022-37434 |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center
