Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Sessions 6.9.5 - Release Notes

Resolved issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues in release 6.9.5
Resolved Issue Issue ID

Large number of gateway authentications might cause all connections to terminate.

In some cases, after a very large number of gateway authentication, all connections of the affected protocol could terminate due to a double-free issue. In these cases, a core file was also generated, and a stackdump was written to the system log. The issue primarily affected HTTP connections, and, to a smaller degree, RDP connections where SPS was acting as a Remote Desktop Gateway. This issue has been fixed.

340554

Table 2: Resolved Common Vulnerabilities and Exposures (CVE) in release 6.9.5
Resolved Issue Issue ID

avahi:

CVE-2021-3468

bash:

CVE-2019-18276

bind9

CVE-2021-25214

 

CVE-2021-25215

 

CVE-2021-25216

 

CVE-2021-25219

 

CVE-2021-25220

 

CVE-2022-2795

 

CVE-2022-38177

 

CVE-2022-38178

busybox:

CVE-2021-28831

 

CVE-2021-42374

 

CVE-2021-42378

 

CVE-2021-42379

 

CVE-2021-42380

 

CVE-2021-42381

 

CVE-2021-42382

 

CVE-2021-42384

 

CVE-2021-42385

 

CVE-2021-42386

cifs-utils:

CVE-2020-14342

 

CVE-2021-20208

 

CVE-2022-27239

 

CVE-2022-29869

cloud-init:

CVE-2022-2084

cpio:

CVE-2021-38185

cron:

CVE-2017-9525

 

CVE-2019-9704

 

CVE-2019-9705

 

CVE-2019-9706

cups:

CVE-2019-8842

 

CVE-2020-10001

 

CVE-2022-26691

curl:

CVE-2021-22876

 

CVE-2021-22898

 

CVE-2021-22924

 

CVE-2021-22925

 

CVE-2021-22946

 

CVE-2021-22947

 

CVE-2022-22576

 

CVE-2022-27774

 

CVE-2022-27775

 

CVE-2022-27776

 

CVE-2022-27781

 

CVE-2022-27782

 

CVE-2022-32206

 

CVE-2022-32208

 

CVE-2022-32221

 

CVE-2022-35252

 

CVE-2022-43552

 

CVE-2023-23916

cyrus-sasl2:

CVE-2022-24407

dbus:

CVE-2020-35512

 

CVE-2022-42010

 

CVE-2022-42011

 

CVE-2022-42012

dpkg:

CVE-2022-1664

e2fsprogs:

CVE-2022-1304

expat:

CVE-2021-45960

 

CVE-2021-46143

 

CVE-2022-22822

 

CVE-2022-22823

 

CVE-2022-22824

 

CVE-2022-22825

 

CVE-2022-22826

 

CVE-2022-22827

 

CVE-2022-23852

 

CVE-2022-23990

 

CVE-2022-25235

 

CVE-2022-25236

 

CVE-2022-25313

 

CVE-2022-25314

 

CVE-2022-25315

 

CVE-2022-40674

 

CVE-2022-43680

ffmpeg:

CVE-2020-20445

 

CVE-2020-20446

 

CVE-2020-20453

 

CVE-2020-21041

 

CVE-2020-21688

 

CVE-2020-21697

 

CVE-2020-22015

 

CVE-2020-22016

 

CVE-2020-22017

 

CVE-2020-22019

 

CVE-2020-22020

 

CVE-2020-22021

 

CVE-2020-22022

 

CVE-2020-22023

 

CVE-2020-22025

 

CVE-2020-22026

 

CVE-2020-22028

 

CVE-2020-22031

 

CVE-2020-22032

 

CVE-2020-22033

 

CVE-2020-22034

 

CVE-2020-22036

 

CVE-2020-22037

 

CVE-2020-22042

 

CVE-2020-35965

 

CVE-2021-38114

 

CVE-2021-38171

 

CVE-2021-38291

freetype:

CVE-2022-27404

 

CVE-2022-27405

 

CVE-2022-27406

 

CVE-2022-31782

glib2.0:

CVE-2021-2721

 

CVE-2021-27218

 

CVE-2021-27219

 

CVE-2021-28153

 

CVE-2021-3800

glibc:

CVE-2016-10228

 

CVE-2019-25013

 

CVE-2020-27618

 

CVE-2020-29562

 

CVE-2020-6096

 

CVE-2021-3326

 

CVE-2021-35942

 

CVE-2021-3999

 

CVE-2022-23218

 

CVE-2022-23219

gmp:

CVE-2021-43618

gnupg2:

CVE-2019-13050

 

CVE-2022-34903

gnutls28:

CVE-2021-4209

 

CVE-2022-2509

gzip:

CVE-2022-1271

heimdal:

CVE-2018-16860

 

CVE-2019-12098

 

CVE-2021-3671

 

CVE-2021-44758

 

CVE-2022-3116

 

CVE-2022-3437

 

CVE-2022-41916

 

CVE-2022-42898

 

CVE-2022-44640

 

CVE-2022-45142

icu:

CVE-2020-21913

isc-dhcp:

CVE-2021-25217

 

CVE-2022-2928

 

CVE-2022-2929

jbigkit:

CVE-2017-9937

klibc:

CVE-2021-31870

 

CVE-2021-31871

 

CVE-2021-31872

 

CVE-2021-31873

krb5:

CVE-2018-20217

 

CVE-2022-42898

ldb:

CVE-2020-27840

 

CVE-2021-20277

libdbi-perl:

CVE-2014-10402

 

CVE-2020-14393

libgcrypt20:

CVE-2021-33560

 

CVE-2021-40528

libgd2:

CVE-2017-6363

 

CVE-2021-38115

 

CVE-2021-40145

libice:

CVE-2017-2626

libinput:

CVE-2022-1215

libjpeg-turbo:

CVE-2018-11813

 

CVE-2020-17541

 

CVE-2020-35538

libksba:

CVE-2022-3515

 

CVE-2022-47629

libsepol:

CVE-2021-36084

 

CVE-2021-36085

 

CVE-2021-36086

 

CVE-2021-36087

libwebp:

CVE-2018-25009

 

CVE-2018-25010

 

CVE-2018-25011

 

CVE-2018-25012

 

CVE-2018-25013

 

CVE-2018-25014

 

CVE-2020-36328

 

CVE-2020-36329

 

CVE-2020-36330

 

CVE-2020-36331

 

CVE-2020-36332

libx11:

CVE-2021-31535

libxml2:

CVE-2016-3709

 

CVE-2017-8872

 

CVE-2019-20388

 

CVE-2020-24977

 

CVE-2021-3516

 

CVE-2021-3517

 

CVE-2021-3518

 

CVE-2021-3537

 

CVE-2022-2309

 

CVE-2022-23308

 

CVE-2022-29824

 

CVE-2022-40303

 

CVE-2022-40304

libxpm:

CVE-2022-44617

 

CVE-2022-46285

 

CVE-2022-4883

libxslt:

CVE-2019-5815

 

CVE-2021-30560

libzstd:

CVE-2021-24031

 

CVE-2021-24032

linux:

CVE-2018-13095

 

CVE-2018-25020

 

CVE-2019-19036

 

CVE-2019-19449

 

CVE-2020-24587

 

CVE-2020-27170

 

CVE-2020-27171

 

CVE-2020-36322

 

CVE-2020-36385

 

CVE-2021-20292

 

CVE-2021-23133

 

CVE-2021-26401

 

CVE-2021-27363

 

CVE-2021-27364

 

CVE-2021-27365

 

CVE-2021-28688

 

CVE-2021-28950

 

CVE-2021-29154

 

CVE-2021-29264

 

CVE-2021-29265

 

CVE-2021-29650

 

CVE-2021-33200

 

CVE-2021-3348

 

CVE-2021-33655

 

CVE-2021-33656

 

CVE-2021-33909

 

CVE-2021-3444

 

CVE-2021-3506

 

CVE-2021-3600

 

CVE-2021-3653

 

CVE-2021-3656

 

CVE-2021-3759

 

CVE-2021-38199

 

CVE-2021-4002

 

CVE-2021-40490

 

CVE-2021-4083

 

CVE-2021-4155

 

CVE-2021-43975

 

CVE-2022-0001

 

CVE-2022-0330

 

CVE-2022-0435

 

CVE-2022-0492

 

CVE-2022-0847

 

CVE-2022-1419

 

CVE-2022-1652

 

CVE-2022-1679

 

CVE-2022-1734

 

CVE-2022-1966

 

CVE-2022-21123

 

CVE-2022-21125

 

CVE-2022-21166

 

CVE-2022-21499

 

CVE-2022-22942

 

CVE-2022-2586

 

CVE-2022-2588

 

CVE-2022-26490

 

CVE-2022-2663

 

CVE-2022-27223

 

CVE-2022-27666

 

CVE-2022-28388

 

CVE-2022-28390

 

CVE-2022-29581

 

CVE-2022-2978

 

CVE-2022-3028

 

CVE-2022-3061

 

CVE-2022-3239

 

CVE-2022-34918

 

CVE-2022-3524

 

CVE-2022-3545

 

CVE-2022-3564

 

CVE-2022-3565

 

CVE-2022-3566

 

CVE-2022-3567

 

CVE-2022-3594

 

CVE-2022-3621

 

CVE-2022-3628

 

CVE-2022-3643

 

CVE-2022-36946

 

CVE-2022-40768

 

CVE-2022-42703

 

CVE-2022-42896

 

CVE-2022-43945

 

CVE-2022-45934

 

CVE-2023-0461

lxml:

CVE-2021-28957

 

CVE-2021-43818

lz4:

CVE-2021-3520

multipath-tools:

CVE-2022-41974

mysql-5.7:

CVE-2021-2146

 

CVE-2021-2154

 

CVE-2021-2162

 

CVE-2021-2166

 

CVE-2021-2169

 

CVE-2021-2171

 

CVE-2021-2179

 

CVE-2021-2180

 

CVE-2021-2194

 

CVE-2021-2226

 

CVE-2021-2307

 

CVE-2021-2342

 

CVE-2021-2372

 

CVE-2021-2385

 

CVE-2021-2389

 

CVE-2021-2390

 

CVE-2021-35604

 

CVE-2021-35624

 

CVE-2022-21245

 

CVE-2022-21270

 

CVE-2022-21303

 

CVE-2022-21304

 

CVE-2022-21344

 

CVE-2022-21367

 

CVE-2022-21417

 

CVE-2022-21427

 

CVE-2022-21444

 

CVE-2022-21451

 

CVE-2022-21454

 

CVE-2022-21460

 

CVE-2022-21515

 

CVE-2022-21589

 

CVE-2022-21592

 

CVE-2022-21608

 

CVE-2022-21617

 

CVE-2023-21840

net-snmp:

CVE-2022-24805

 

CVE-2022-24806

 

CVE-2022-24807

 

CVE-2022-24808

 

CVE-2022-24809

 

CVE-2022-24810

 

CVE-2022-4479

 

CVE-2022-44792

 

CVE-2022-44793

nettle:

CVE-2018-16869

 

CVE-2021-20305

 

CVE-2021-3580

nginx:

CVE-2020-11724

 

CVE-2020-36309

 

CVE-2021-23017

 

CVE-2021-3618

 

CVE-2022-41741

 

CVE-2022-41742

nss:

CVE-2020-25648

 

CVE-2021-43527

 

CVE-2022-22747

 

CVE-2022-34480

 

CVE-2023-0767

open-vm-tools:

CVE-2022-31676

openjdk-lts:

CVE-2021-2161

 

CVE-2021-2163

 

CVE-2021-2341

 

CVE-2021-2369

 

CVE-2021-2388

 

CVE-2021-35550

 

CVE-2021-35556

 

CVE-2021-35559

 

CVE-2021-35561

 

CVE-2021-35564

 

CVE-2021-35565

 

CVE-2021-35567

 

CVE-2021-35578

 

CVE-2021-35586

 

CVE-2021-35603

 

CVE-2022-21248

 

CVE-2022-21277

 

CVE-2022-21282

 

CVE-2022-21283

 

CVE-2022-21291

 

CVE-2022-21293

 

CVE-2022-21294

 

CVE-2022-21296

 

CVE-2022-21299

 

CVE-2022-21305

 

CVE-2022-21340

 

CVE-2022-21341

 

CVE-2022-21360

 

CVE-2022-21365

 

CVE-2022-21366

 

CVE-2022-21426

 

CVE-2022-21434

 

CVE-2022-21443

 

CVE-2022-21476

 

CVE-2022-21496

 

CVE-2022-21540

 

CVE-2022-21541

 

CVE-2022-34169

openldap

CVE-2022-29155

openssh:

CVE-2018-15473

openssl:

CVE-2021-3711

 

CVE-2021-3712

 

CVE-2022-0778

 

CVE-2022-1292

 

CVE-2022-2068

 

CVE-2022-2097

 

CVE-2022-4304

 

CVE-2022-4450

 

CVE-2023-0215

 

CVE-2023-0286

openssl1.0:

CVE-2021-3712

 

CVE-2022-0778

 

CVE-2022-1292

 

CVE-2022-2068

 

CVE-2023-0215

 

CVE-2023-0286

pam:

CVE-2022-28321

pcre3:

CVE-2019-20838

 

CVE-2020-14155

perl:

CVE-2020-16156

php-pear:

CVE-2021-32610

php7.2:

CVE-2017-8923

 

CVE-2017-9118

 

CVE-2017-9119

 

CVE-2017-9120

 

CVE-2020-7068

 

CVE-2020-7071

 

CVE-2021-21702

 

CVE-2021-21703

 

CVE-2021-21704

 

CVE-2021-21705

 

CVE-2021-21707

 

CVE-2022-31625

 

CVE-2022-31626

 

CVE-2022-31628

 

CVE-2022-31629

 

CVE-2022-31631

 

CVE-2022-37454

 

CVE-2023-0567

 

CVE-2023-0568

 

CVE-2023-0662

pillow:

CVE-2021-23437

 

CVE-2021-25287

 

CVE-2021-25288

 

CVE-2021-25290

 

CVE-2021-25292

 

CVE-2021-25293

 

CVE-2021-2792

 

CVE-2021-27921

 

CVE-2021-27922

 

CVE-2021-27923

 

CVE-2021-28675

 

CVE-2021-28676

 

CVE-2021-28677

 

CVE-2021-28678

 

CVE-2021-34552

 

CVE-2022-22815

 

CVE-2022-22816

 

CVE-2022-22817

pixman:

CVE-2022-44638

postgresql-10

CVE-2021-23214

 

CVE-2021-23222

 

CVE-2021-32027

 

CVE-2021-32028

 

CVE-2021-3449

 

CVE-2022-1552

 

CVE-2022-2625

pyjwt:

CVE-2022-29217

python-babel:

CVE-2021-20095

python-future:

CVE-2022-40899

python-ldap:

CVE-2021-46823

python-setuptools:

CVE-2022-40897

python2.7:

CVE-2015-20107

 

CVE-2021-3177

 

CVE-2021-4189

 

CVE-2022-0391

 

CVE-2022-45061

python3.6:

CVE-2015-20107

 

CVE-2021-3426

 

CVE-2021-3733

 

CVE-2021-3737

 

CVE-2021-4189

 

CVE-2022-0391

 

CVE-2022-45061

qtbase-opensource-src:

CVE-2020-17507

 

CVE-2021-38593

rpcbind:

CVE-2017-8779

rsync:

CVE-2018-25032

 

CVE-2022-37434

samba:

CVE-2016-2124

 

CVE-2020-25717

 

CVE-2020-25722

 

CVE-2021-20254

 

CVE-2021-3671

 

CVE-2021-44142

shadow:

CVE-2013-4235

 

CVE-2018-7169

sqlite3:

CVE-2020-35525

 

CVE-2021-36690

 

CVE-2022-35737

strongswan:

CVE-2021-41990

 

CVE-2021-41991

 

CVE-2021-45079

 

CVE-2022-40617

sudo:

CVE-2023-22809

sysstat:

CVE-2022-39377

systemd:

CVE-2020-13529

 

CVE-2021-33910

 

CVE-2022-2526

tar:

CVE-2021-20193

 

CVE-2022-48303

tcpdump:

CVE-2018-16301

 

CVE-2020-8037

tiff:

CVE-2020-19131

 

CVE-2020-19144

 

CVE-2020-35522

 

CVE-2022-0561

 

CVE-2022-0562

 

CVE-2022-0865

 

CVE-2022-0891

 

CVE-2022-0907

 

CVE-2022-0908

 

CVE-2022-0909

 

CVE-2022-0924

 

CVE-2022-1355

 

CVE-2022-2056

 

CVE-2022-2057

 

CVE-2022-2058

 

CVE-2022-22844

 

CVE-2022-2867

 

CVE-2022-2868

 

CVE-2022-2869

 

CVE-2022-34526

 

CVE-2022-3570

 

CVE-2022-3598

 

CVE-2022-3599

 

CVE-2022-3970

uwsgi:

CVE-2020-11984

vim:

CVE-2021-3778

 

CVE-2021-3796

 

CVE-2021-3903

 

CVE-2021-3927

 

CVE-2021-3928

 

CVE-2021-3984

 

CVE-2021-4019

 

CVE-2021-4069

 

CVE-2022-0392

 

CVE-2022-0943

 

CVE-2022-1154

 

CVE-2022-1616

 

CVE-2022-1619

 

CVE-2022-1620

 

CVE-2022-1621

wayland:

CVE-2021-3782

xz-utils:

CVE-2022-1271

zlib

CVE-2018-25032

 

CVE-2022-37434

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Table 3: Safeguard Desktop Player known issues
Known Issue

The Safeguard Desktop Player has rendering issues with bad opengl drivers on Windows, for example, when running a Windows 10 guest on a Linux host (VirtualBox).

This only affects the Windows version and mostly the virtual environments, however, the root cause is the bad opengl driver.

A quick workaround is to set a QT_OPENGL=angle system wide environment variable.

Related to SPP (SPP): You cannot use the Safeguard Desktop Player version 1.10.11 to replay audit trails initiated from SPP. Alternatively, use the Safeguard Desktop Player 1.9.27.

System requirements

Before installing SPS 6.9.5, ensure that your system meets the following minimum hardware and software requirements.

The One Identity Safeguard for Privileged Sessions Appliance is built specifically for use only with the One Identity Safeguard for Privileged Sessions software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.

For the requirements about installing One Identity Safeguard for Privileged Sessions as a virtual appliance, see one of the following documents:

NOTE: When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. Please consult One Identity's Product Support Policies for more information on environment virtualization.

Supported web browsers and operating systems

Caution:

Since the official support of Internet Explorer 9 and 10 ended in January, 2016, they are not supported in One Identity Safeguard for Privileged Sessions (SPS) version 4 F3 and later.

Caution:

Even though the One Identity Safeguard for Privileged Sessions (SPS) web interface supports Internet Explorer and Microsoft Edge in general, to replay audit trails you need to use Internet Explorer 11, and install the Google WebM Video for Microsoft Internet Explorer plugin. If you cannot install Internet Explorer 11 or another supported browser on your computer, use the the Safeguard Desktop Player application. For details, see "Replaying audit trails in your browser" in the Administration Guide and Safeguard Desktop Player User Guide.

NOTE: SPS displays a warning message if your browser is not supported or JavaScript is disabled.

NOTE: The minimum recommended screen resolution for viewing One Identity Safeguard for Privileged Sessions's (SPS's) web interface is 1366 x 768 pixels on a 14-inch widescreen (standard 16:9 ratio) laptop screen. Screen sizes and screen resolutions that are equal to or are above these values will guarantee an optimal display of the web interface.

Supported browsers

The current version of Mozilla Firefox, Google Chrome, Microsoft Edge (Microsoft Edge Legacy is not supported), and Microsoft Internet Explorer 11 or newer. The browser must support TLS-encrypted HTTPS connections, JavaScript, and cookies. Make sure that both JavaScript and cookies are enabled.

Supported operating systems

Windows 2008 Server, Windows 7, Windows 2012 Server, Windows 2012 R2 Server, Windows 8, Windows 8.1, Windows 10, Windows 2016, and Linux.

The SPS web interface can be accessed only using TLS-encryption and strong cipher algorithms.

Opening the web interface in multiple browser windows or tabs is not supported.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation