<> Trend Micro Incorporated April 16, 2024 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) Smart Protection Server(TM) 3.3 Patch 12 - Build 1322 Smart Protection Server Program Version: 1020 Smart Protection Server Operating System Version: 1014 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NOTICE: This Readme file was current as of the date above. However, all customers are advised to check Trend Micro's website for documentation updates. GM release documentation: http://docs.trendmicro.com Patch/SP release documentation: http://www.trendmicro.com/download TIP: Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro website. Register during installation or online at: https://clp.trendmicro.com/FullRegistration?T=TM Contents ========================================================== 1. About Smart Protection Server(TM) 3.3 Patch 12 1.1 Overview of This Release 1.2 Who Should Install This Release 2. What's New 2.1 Enhancements 2.2 Resolved Known Issues 3. Documentation Set 4. System Requirements 5. Installation 5.1 Installing 5.2 Uninstalling 6. Post-Installation Configuration 7. Known Issues 8. Release History 9. Files Included in This Release 10. Contact Information 11. About Trend Micro 12. License Agreement ========================================================== 1. About Smart Protection Server(TM) 3.3 Patch 12 ======================================================================== Trend Micro(TM) Smart Protection Server uses File Reputation and Web Reputation technology to detect security risks. Trend Micro(TM) Smart Protection Server hosts virus/malware/web threat pattern definitions, and makes these definitions available to other computers on the network to verify potential threats. Once installed, Trend Micro Smart Protection Server can be integrated seamlessly with Trend Micro products that support Smart Protection Server. 1.1 Overview of This Release ===================================================================== This patch includes enhancements, system software upgrade packages, and fixes to issues discovered after the release of Smart Protection Server(TM) 3.3. 1.2 Who Should Install This Release ===================================================================== You should install this patch if you are currently running Smart Protection Server(TM) 3.3. 2. What's New ======================================================================== 2.1 Enhancements in Smart Protection Server 3.3 Patch 12 ==================================================================== 2.1.1 System Security Enhancement ------------------------------------------------------------------ There are no major system security enhancements included in this patch release. 2.1.2 System Software Package Upgrade ------------------------------------------------------------------ This patch includes the following major system software package upgrade: * CESA-2023:1095 * zlib x86_64 1.8.0.362.b08-1.el7_9 * CESA-2023:1091 * kernel x86_64 3.10.0-1160.108.1.el7 * kernel-headers x86_64 3.10.0-1160.108.1.el7 * kernel-tools x86_64 3.10.0-1160.108.1.el7 * kernel-tools-libs x86_64 3.10.0-1160.108.1.el7 * CESA-2023:1332 * nss i686 3.90.0-2.el7_9 * nss x86_64 3.90.0-2.el7_9 * nss-pem i686 1.0.3-7.el7_9.1 * nss-pem x86_64 1.0.3-7.el7_9.1 * nss-softokn i686 3.90.0-6.el7_9 * nss-softokn x86_64 3.90.0-6.el7_9 * nss-softokn-freebl i686 3.90.0-6.el7_9 * nss-softokn-freebl x86_64 3.90.0-6.el7_9 * nss-sysinit x86_64 3.90.0-2.el7_9 * nss-tools x86_64 3.90.0-2.el7_9 * nss-util i686 3.90.0-1.el7_9 * nss-util x86_64 3.90.0-1.el7_9 * CESA-2023:1335 * openssl x86_64 1:1.0.2k-26.el7_9 * openssl-libs i686 1:1.0.2k-26.el7_9 * openssl-libs x86_64 1:1.0.2k-26.el7_9 * CESA-2022:5235 * python x86_64 2.7.5-94.el7_9 * python-firewall noarch 0.6.3-13.el7_9 * python-libs x86_64 2.7.5-94.el7_9 * python-perf x86_64 3.10.0-1160.108.1.el7 * python-pyudev noarch 0.15-9.el7 * python-slip noarch 0.4.0-4.el7 * python-slip-dbus noarch 0.4.0-4.el7 * python-urlgrabber noarch 3.10-10.el7 * CESA-2022:5052 * gzip x86_64 1.5-11.el7_9 * CVE-2023-44487 * httpd x86_64 2.4.6-99.el7.centos.1 * httpd-tools x86_64 2.4.6-99.el7.centos.1 This patch is equivalent to performing a YUM package update for February 2024. 2.1.3 Other Enhancements ------------------------------------------------------------------ This patch has the following additional enhancements: Enhancement 1: This Patch adds support for the VMware ESXi Server 8.0 Update 2 (Build 22380479) virtualization platform. 2.2 Resolved Known Issues ===================================================================== There are no new issues in this patch release. For other issues resolved in previous patches, see section 8.1.2. 3. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining Smart Protection Server. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying Smart Protection Server. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining Smart Protection Server. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. To access the Support Portal, go to https://success.trendmicro.com 4. System Requirements ======================================================================== You must install Smart Protection Server 3.3 before installing this patch. 4.1 Supported Virtualization Platforms ===================================================================== 1) VMware(TM) ESXi Server 7.0 Update 3, 6.7 Update 3, 6.5 Update 3, 6.0 Update 3a, or 5.5 Update 3b 2) Microsoft(TM) Windows Server(TM) 2008 R2 with Hyper-V(TM) 3) Microsoft(TM) Windows Server(TM) 2012 with Hyper-V(TM) 4) Microsoft(TM) Windows Server(TM) 2012 R2 with Hyper-V(TM) 5) Microsoft(TM) Windows Server(TM) 2016 with Hyper-V(TM) 5) Microsoft(TM) Windows Server(TM) 2019 with Hyper-V(TM) 6) Citrix(TM) XenServer(TM) 7.5, 7.4, 7.2, 7.1 4.2 Hardware Requirements for Virtual Machine ===================================================================== - 2.0 GHz Intel(TM) Quad-Core 64-bit processor supporting Intel(TM) Virtualization Technology(TM), or equivalent - 4GB of RAM; 8GB of RAM recommended - At least 50GB of disk space 4.3 Browser Support ===================================================================== - Microsoft™ Internet Explorer™ 11 - Mozilla™ Firefox™ 3.6.0 or later - Microsoft Edge™ - Microsoft Edge™ (Chromium) - Google Chrome™ - 1024 x 768 resolution (or higher) 5. Installation ======================================================================== 5.1 Installing ===================================================================== 1) Download "TMSPS_3.3_linux_MUI_patch12_B1322.zip" from the Trend Micro Download Center and then extract the patch package to a temporary folder. 2) Log on to the Smart Protection Server 3.3 web console using an account with administrator privileges. 3) Go to "Updates" > "Program". The "Program" screen appears. 4) Under "Upload Component", click "Browse" and navigate to the temporary folder. 5) Select "tmsss-service-patch-3.3-1020.x86_64.tgz" and click "Upload". Information on the available program files appears. 6) Click "Update Now". A confirmation message opens. 7) Click "OK". The server restarts. This process will take 5 to 10 minutes and reboot multiple times. DO NOT MANUALLY INTERRUPT THE BOOTING PROCESS OR REBOOT MANUALLY, OR THE SYSTEM WILL BE DAMAGED AND UNABLE TO RECOVER. 8) Log back on to the web console and go to "Updates" > "Program". 9) Verify that the screen displays the following version numbers. - Operating System: 1014 - Smart Protection Server: 1020 10) Verify the service build number: (Help menu > About) - Version: 3.3 Patch 12 - Build: 1322 (Smart Protection Server 1020) 5.2 Uninstalling ======================================================= No uninstallation steps are provided. 6. Post-Installation Configuration ======================================================================== No post-installation steps are required. 7. Known Issues ======================================================================== There are no known issues in this patch release. 8. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download * Smart Protection Server 3.3 11/08/2017 8.1 Changes In Previous Patches ===================================================================== 8.1.1 Enhancements In Previous Patches ================================================================= 8.1.1.1 System Security Enhancement -------------------------------------------------------------- There are several notable security policies to enhance operating system security in previous patches: * Enable Address Space Layout Randomization (ASLR) * Enhance network security in kernel options * Strengthen OpenSSH server configuration with new cipher and key settings * Upgrade kernel to resolve vulnerabilities from speculative execution and indirect branch prediction (Meltdown and Spectre). CVE-2017-5754, CVE-2017-5753, CVE-2017-5715 * Upgrade kernel to resolve TCP SACK PANIC vulnerabilities. CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 8.1.1.2 System Software Package Upgrade -------------------------------------------------------------- Several vulnerabilities are fixed in previous patches by upgrading the software packages: * CentOS 7.9.2009 (centos-release-7-9.2009.1.el7.centos.x86_64) * CVE-2018-15473 (OpenSSH) * CVE-2018-6485 (Glibc) * CESA-2017:3270 (apr) * CESA-2017:2832 (nss) * CESA-2017:1100 (nss) * CESA-2017:0286 (OpenSSL) * CESA-2017:0252 (ntp) * CESA-2016:2972 (vim) * CESA-2016:2674 (libgcrypt) * CESA-2020:1512 (java-1.8.0-openjdk) * CESA-2020:1000 (rsyslog) * CESA-2020:2664 (kernel) * CESA-2020:0839 (kernel) * CESA-2020:1016 (kernel) * CESA-2020:1011 (expat) * CESA-2020:2663 (ntp) * CESA-2020:1020 (curl) * CESA-2020:1113 (bash) * CESA-2020:1138 (gettext) * CESA-2020:2344 (bind) * CVE-2019-5094 (e2fsprogs) * CVE-2019-5188 (e2fsprogs) * CVE-2019-5482 (curl) * CVE-2019-11068 (libxslt) * CVE-2019-18197 (libxslt) * CVE-2019-16935 (python) * CVE-2019-17498 (libssh2) * CVE-2020-8597 (ppp) * CVE-2020-12243 (openldap) * CVE-2020-12351 (kernel) * CVE-2020-12352 (kernel) * CVE-2020-12825 (libcroco) * CVE-2020-14363 (libX11) * CESA-2019:1128 (wget) * CESA-2020:1190 (libxml2) * CVE-2020-25212 (kernel) * CVE-2020-14314 (kernel) * CVE-2020-24394 (kernel) * CVE-2020-25643 (kernel) * CVE-2020-15862 (net-snmp) * CVE-2020-10543 (perl) * CVE-2020-10878 (perl) * CVE-2020-12723 (perl) * CVE-2021-3156 (sudo) * CVE-2020-8622 (bind) * CVE-2020-8623 (bind) * CVE-2020-8624 (bind) * CVE-2020-8177 (curl) * CVE-2020-25684 (dnsmasq) * CVE-2020-25685 (dnsmasq) * CVE-2020-25686 (dnsmasq) * CVE-2019-25013 (glibc) * CVE-2020-10029 (glibc) * CVE-2020-29573 (glibc) * CVE-2020-12321 (linux-firmware) * CVE-2020-1971 (openssl) * CVE-2019-20907 (python) * CVE-2020-14803 (java-1.8.0-openjdk) * CVE-2020-8695 (microcode_ctl) * CVE-2020-8696 (microcode_ctl) * CVE-2020-8698 (microcode_ctl) * CVE-2020-27170 (kernel) * CVE-2020-8648 (kernel) * CVE-2021-3347 (kernel) * CVE-2021-22555 (kernel) * CVE-2020-27777 (kernel) * CVE-2020-14372 (glib2) * CVE-2020-25632 (glib2) * CVE-2020-25647 (glib2) * CVE-2020-27749 (glib2) * CVE-2020-27779 (glib2) * CVE-2021-20225 (glib2) * CVE-2021-20233 (glib2) * CVE-2021-25217 (dhcp) * CVE-2021-27219 (glib2) * CVE-2021-32027 (postgresql) * CVE-2020-24489 (microcode_ctl) * CVE-2020-24511 (microcode_ctl) * CVE-2020-24512 (microcode_ctl) * CVE-2020-24513 (microcode_ctl) * CESA-2021:4782 (openssh) * CESA-2021:3810 (libxml2) * CESA-2021:3798 (openssl) * CESA-2021:3889 (java-1.8.0-openjdk) * CVE-2022-21449 (java-1.8.0-openjdk) * CVE-2022-21476 (java-1.8.0-openjdk) * CESA-2021:4033 (binutils) * CESA-2021:4785 (rpm) * CESA-2021:4788 (krb5-libs) * CESA-2021:4904 (nss) * CESA-2022:0063 (kernel) * CESA-2022:0143 (httpd) * CESA-2022:0274 (polkit) * PHP 8.1.16 * CESA-2022:5698 (java-1.8.0-openjdk) * CESA-2022:7002 (java-1.8.0-openjdk) * CESA-2022:5235 (python) * CESA-2022:4642 (kernel) * CESA-2022:5232 (kernel) * CESA-2022:5162 (postgresql) * CESA-2022:5052 (xz) * CESA-2022:6160 (systemd) 8.1.1.3 Other Enhancements -------------------------------------------------------------- Enhancement 1: Support for Apex Central 2019. This patch provides support for the following Apex Central 2019 features: * Synchronize suspicious objects and scan actions. * Use Apex Central as an alternative update source. Enhancement 2: System Logging Optimization This enhancement suppresses redundant and unused logs that may cause system log files to flood. Enhancement 3: Extra System Monitoring Mechanisms Provides an internal monitor tool to keep track and log the system resource usage and network traffic statistics. The log is also integrated with the Support Tool (CDT). Enhancement 4: ActiveUpdate Message Optimization Refined an error message to describe the ActiveUpdate signature file verification error more precisely. Enhancement 5: Improves the lighttpd configuration merge process when upgrading the lighttpd package. Enhancement 6: Supports the new Microsoft Edge (Chromium) web browser. 8.1.2 Resolved Known Issues In Previous Patches ================================================================= The following known issues were resolved in previous patch releases: Issue 1: Smart Protection Server 3.3 has an authentication bypass vulnerability that allows command injection with invalid user access information to gain full access. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This patch resolves the vulnerability with enhanced authentication. Issue 2: Web services crash frequently and generate too many kernel core dumps when Predictive Machine Learning service requests are heavy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This patch provides a bug fix for the web services defect. Issue 3: The "User-Defined URLs" screen does not accept regular expressions for adding user-defined URL rules. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This patch resolves the web console input issue on the "User-Defined URLs" screen. Regular expression rules are now supported. Issue 4: The "Log Maintenance" screen does not save changes to selected log types. Clicking "Save" always selects all log types, even cleared log type check boxes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This patch fixes the log type selection issue so that the "Log Maintenance" screen saves changes properly. Issue 5: Smart Protection Server 3.3 has an SQL injection vulnerability for User-Defined URL rule management, which potentially allows remote code execution from the web browser. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This patch resolves the vulnerability in the internal process for adding User-Defined URL rules. Issue 6: There is a vulnerability that potentially triggers a denial-of-service attack where the system storage becomes fully occupied by the Smart Query Filter cache files and cannot function properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This patch fixes the cache mechanism defect and prevents the denial-of-service attack. Issue 7: Email notifications do not include timezone information, which causes email clients to shift the email receipt time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This patch fixes the defect and displays the timezone in email notifications. Issue 8: User mailbox files for Smart Protection Server 3.3 continually grow in size. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This patch adds a user mailbox rule to clean the user mailbox once a month. Issue 9: A command error prevents the manual update process from properly fetching the available disk space. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This patch fixes the command error for future program updates. Issue 10: A command error prevents the system text terminal from displaying changes for recently updated network addresses. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This patch fixes the command error and properly displays changes for recently updated network addresses. Issue 11: After Smart Protection Server is upgraded from version 3.2 to 3.3, Smart Protection Server 3.3 cannot be registered to or managed by Trend Micro Control Manager(TM) 7.0. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This patch resolves the issue to ensure that the upgraded Smart Protection Server 3.3 can be registered to and managed by Control Manager 7.0 from the "Server Registration" screen. Issue 12: Smart Protection Server 3.3 cannot add other remote Smart Protection Servers from the "Server Visibility" list on the "Summary" screen. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This patch resolves registration issues to ensure that Smart Protection Server 3.3 can add other remote servers to the list of managed servers. Issue 13: ActiveUpdate may unsuccessfully authenticate proxy servers and disconnect. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This patch resolves the proxy server authentication and connection issue. Issue 14: Only the first page of the user-defined URL rule list displays properly and users are not directed to the next page after clicking the "Next page" link at the bottom of the page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This patch resolves the issue so that users can view the rest of the list properly. Issue 15: Single-sign On (SSL) sessions to Smart Protection Server 3.3 from Apex Central / Control Manager have an insecure direct object reference vulnerability that can be exploited by Cross-Site Scripting (XSS) attacks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This patch enhances the session authentication mechanism to protect against XSS attacks. Issue 16: The Smart Protection Service Proxy may disconnect while processing Predictive Machine Learning requests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This patch resolves the issue and ensures that Predictive Machine Learning requests are processed properly. Issue 17: System resource (file descriptor) leakage by the Smart Protection Service Proxy may prevent the lighttpd web service from receiving requests. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This patch resolves the file descriptor leakage issue. Issue 18: The Postgresql database is unable to apply new system timezone settings configured by clish. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This patch ensures that the Postgresql database applies the new system timezone setting. Issue 19: The Smart Protection Service Proxy may lose some HTTP headers and prevent some integrated Trend Micro product features from working properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This patch resolves the HTTP header issue and ensures the integrated Trend Micro product features work properly. Issue 20: When redirecting queries for Predictive Machine Learning, Smart Protection Server 3.3 may experience system resource leaking. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This patch resolves the resource leaking issue by checking and freeing up the resources properly. Issue 21: When upgrading to Smart Protection Server 3.3 Patch 3 from a Smart Protection Server 3.3 Patch 2 server, the Java runtime environment is unable to upgrade during the upgrade process. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This patch ensures the Java runtime environment upgrades successfully. After applying this patch, the Java runtime environment version should be: OpenJDK Runtime Environment (build 1.8.0_232-b09) Issue 22: Smart Protection Server and connected Trend Micro products become unstable and crash due to high network traffic loading and memory leaking issues from the Lighttpd web service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This patch eliminates the third-party software issues from Lighttpd and increases the stability of Smart Protection Server in high traffic loading environments. Issue 23: When the debug level value for the Smart Protection Server Proxy is set to 16, Smart Protection Server cannot send Predictive Machine Learning queries and the Lighttpd web service crashes. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This patch resolves the issue so that the debug level value does not cause the web service to crash. Issue 24: When redirecting Predictive Machine Learning queries, Smart Protection Server sends incorrect Smart Protection Server product information to the Trend Micro Predictive Machine Learning service. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This patch allows Smart Protection Server to send the correct product information to the Trend Micro Predictive Machine Learning service. Issue 25: When the Smart Protection Server is registered to Apex Central, the product build number of the Smart Protection Server displays incorrectly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This patch corrects the build number of the Smart Protection Server. Issue 26: Unable to connect Smart Protection Server 3.3 to another Smart Protection Server through the Server Visibility feature. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This patch installs a missing PHP library to resolve the Server Visibility connection issue. Issue 27: The product information in the Smart Protection Server configuration files may be inconsistent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 27: This patch corrects the product information in the configuration files. Issue 28: Some file owners were accidentally changed to the wrong user in the previous patch. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 28: This patch corrects the file ownership. Issue 29: Smart Protection Server 3.3 has a timing attack vulnerability that allows attacks to enumerate the users on the Smart Protection Server 3.3 web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 29: This patch patches the timing attack vulnerability. Issue 30: Users may add custom firewall rules, which may cause the "HTTP Traffic Report for Web Reputation" widget to not display data. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 30: This patch enhances the behavior of handling firewall rules. Issue 31: Unable to serve Web Reputation queries with the new header field sent from Apex One as a Service Security Agent. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 31: This patch updates the Web Reputation program to resolve this issue. Issue 32: Smart Protection Server Suspicious Object Sources may hide the header value information from responses. An "Unable to connect to the suspicious objects source. An unexpected error has occurred. Please contact your support provider. 109" error will occur on the "Suspicious Objects" page when users subscribe or test connection to the Suspicious Object source. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 32: This patch updates the Suspicious Objects program to resolve this issue. Issue 33: A OpenSSL vulnerability has been found in the ActiveUpdate module. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 33: This patch updates the ActiveUpdate Module to resolve this issue. Issue 34: The proxy settings is not properly applied to the Smart Protection Service Proxy. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 34: This patch resolves the issue and ensures that the proxy settings is applied correctly. Issue 35: When the Web Access Log is disabled, a "Purge Unsuccessful" error appears on the "Log Maintenance" screen after clicking the "Purge now" button. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 35: This patch updates the Log Maintenance program to resolve this issue. Issue 36: Frequent alerts from PurgeLighttpdCoreDumpFile.sh are displayed in the user mailbox. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 36: This patch updates the script file to resolve this issue. Issue 37: Smart Protection Server 3.3 has a sudo vulnerability that the sudoedit feature may allow a local user to gain root privileges and append arbitrary entries to the list of files to be processed. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 37: This patch resolves the vulnerability with enhanced privilege management. 9. Files Included in This Release ======================================================================== N/A 10. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 11. About Trend Micro ======================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2024, Trend Micro Incorporated. All rights reserved. Trend Micro, Smart Protection Network(TM), Trend Micro Control Manager(TM) and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 12. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide