<> Trend Micro Incorporated June 7th, 2021 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan Web Security Virtual Appliance 6.5 - Service Pack 2 - Patch 4 English - Linux - 64 Bits Critical Patch - Build 1943 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ================================================================ 1. Critical Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 1.3 Files Included in This Release 2. Documentation Set 3. System Requirements 4. Installation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 8. Contact Information 9. About Trend Micro 10. License Agreement ================================================================ 1. Critical Patch Release Information ======================================================================== 1.1 Resolved Known Issues ==================================================================== This Critical Patch resolves the following issue(s): (VRTS-5863), Issue 1: The InterScan Web Security Virtual Appliance (IWSVA) captive portal is affected by a Reflected Cross-Site Scripting (XSS) vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves this vulnerability. 1.2 Enhancements ==================================================================== There are no enhancements for this Critical Patch release. 1.3 Files Included in This Release ==================================================================== A. Files for Current Issues ------------------------------------------------------------------ Filename Build No. --------------------------------------------------------------- libdaemon.so 1943 svcmonitor 1943 isdelvd 1943 Files for Issue --------------------------------------------------------------- libhttpproxy.so 1943 B. Files for Previous Issues ------------------------------------------------------------------ urlfcMapping.properties 1913 libProductLibrary.so 1914 IWSSGui.jar 1919 libdaemon.so 1919 libhttpproxy.so 1919 7za 1919 jdk.tar.gz 1919 PatchExe.sh 1919 libIWSSUIJNI.so 1919 libuiauutil.so 1919 urlf_reclassifyurl.jsp 1919 AuPatch 1919 cert5.db 1919 libpatch.so 1919 libtmactupdate.so 1919 x500.db 1919 getupdate 1919 schedule_au 1919 libproductbase.so 1919 inspection_filter_edit.jsp 1926 libatse.so 1926 libvsapi.so 1926 libtmwk.so 1927 libtmsa.so 1927 urlf_section_policy_rule.jsp 1927 libtmprotocols.so.2003384 1934 IWSSPIUrlFilter.so 1934 libproductbase.so 1936 auditlogset.jsp 1936 svcmonitor 1936 appd 1938 isdelvd 1938 snmpd 1938 svcmonitor 1938 libdaemon.so 1938 libdaemonbase.so 1938 libHTTPSDecryption.so 1938 libIWSSCommonPOLICY.so 1938 libiwsshelper.so 1938 libproductbase.so 1938 libReportLogging.so 1938 IWSSPIDlpFilter.so 1938 IWSSPIDpi.so 1938 IWSSPIJavascan.so 1938 IWSSPINcie.so 1938 IWSSPIScanVsapi.so 1938 IWSSPISigScan.so 1938 IWSSPIUrlFilter.so 1938 libftp.so 1938 libicap.so 1938 sysevtlog.dat 1941 libsystemeventlog.so 1941 2. Documentation Set ======================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://success.trendmicro.com 3. System Requirements ======================================================================== 1. Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Patch 4 Build 1844 - English - Linux - x64 4. Installation ======================================================================== This section explains key steps for installing the Critical Patch. 4.1 Installing ==================================================================== To install: 1. Ensure that you have installed IWSVA 6.5 Service Pack 2 Hotfix 1912. 2. Download the "iwsva_6.5-sp2_ar64_en_criticalpatch_b1943.zip" Critical Patch file to your local hard disk. 3. Log on to the IWSVA admin console GUI. 4. Go to the "Administration > System Updates" page. 5. Click "Browse". 6. Browse your local hard disk for the "iwsva_6.5-sp2_ar64_en_criticalpatch_b1943.zip" Critical Patch file and click "Open". 7. Click "Upload". Your browser uploads the Critical Patch file to IWSVA which validates if the file is a legitimate Critical Patch. 8. Click "Install" to apply the Critical Patch and update IWSVA to build 1943. The HTTP and FTP services in IWSVA restart automatically. 9. Clear the browser cache. NOTE: Applying this Critical Patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "cpb1943", and then verify the Critical Patch ID and description on the confirmation page that appears. 4. Click "Uninstall" to remove Critical Patch 1943 to roll back IWSVA to the previous build. The HTTP and FTP services in IWSVA restart automatically. NOTE: Removing this Critical Patch interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5. Post-installation Configuration ======================================================================== No post-installation steps are required. NOTE: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ======================================================================== There are no known issues for this Critical Patch release. 7. Release History ======================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download Prior Hotfixes ==================================================================== Only this Critical Patch was tested for this release. Prior hotfixes were tested at the time of their release. [Hotfix 1941] (SEG-106851), Issue 1: The bot detection resource is missing from the "sysevtlog.dat" file under the "/etc/iscan/resource/" folder, as a result, no bot detection log is sent when bot traffic is triggered. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix adds the bot detection resource back into the resource file to resolve this issue. [Hotfix 1938] (SEG-105076), Issue 1: A coredump issue may occur while IWSSD reloads the configuration when there is a large number of concurrent connections. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves this issue by improving the memory blocking mechanism for the configuration memory. [Hotfix 1936] (SEG-103941), Issue 1: The HTTP/FTP scanning daemon generates a large number of verbose logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves this issue. (SEG-103032), Issue 2: The "2021" option does not appear in the Year Range field of Audit Logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix updates the supported values of the Year Range field of Audit Logs. (SEG-103696), Issue 3: svcmonitor may run out of memory resources when it runs for a long period of time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Hotfix resolves this issue by enabling svcmonitor to free up unused memory when reloading configurations. [Hotfix 1934] (SEG-98740), Issue 1: A buffer overflow issue that occurs when the Safe Search feature is enabled leads to a coredump event. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix resolves the buffer overflow issue in the Safe Search feature. (SEG-95950), (SEG-90129), Issue 2: A memory usage issue occurs in the application control module. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This hotfix fixes the memory usage issue. [Hotfix 1927] (SEG-80040), Issue 1: InterScan Web Security Virtual Appliance (IWSVA) may stop unexpectedly under certain conditions. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix prevents this issue by upgrading the SAL engine. (SEG-89763), Issue 2: When users reset the URL filtering policy password in plain text mode and save the changes, the new password cannot be saved properly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Hotfix helps ensure that users can successfully change the password for the URL filtering policy in plain text mode. [Critical Patch 1926] (SEG-94049), Issue 1: An issue prevents users from adding special advanced patterns to the HTTP Inspection Filter. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves the issue so users can create HTTP Inspection filters normally. (VRTS-4834), (VRTS-4903), Issue 2: The InterScan Web Security Virtual Appliance (IWSVA) Advanced Threat Scan Engine (ATSE/VSAPI) engine may be affected by Memory Exhaustion Denial-Of-Service Vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Critical Patch upgrades the ATSE/VSAPI engines to resolve the vulnerability. [Critical Patch 1919] (VRTS-3257), Issue 1: InterScan Web Security Virtual Appliance (IWSVA) is affected by a Cross-Site Scripting (XSS) vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Critical Patch resolves the vulnerability. (VRTS-3552), Issue 2: IWSVA is affected by a Cross-Site Request Forgery (CSRF) vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Critical Patch resolves the vulnerability. (VRTS-3554), Issue 3: The IWSVA web console is affected by an Authorization Bypass vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Critical Patch resolves the vulnerability. (VRTS-3555), Issue 4: Some special IP address formats bypass authentication checks. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Critical Patch ensures that IP addresses go through authentication. (VRTS-3556), Issue 5: There is no code authenticity checks in place for when IWSVA applies a hotfix or patch. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Critical Patch adds code authentication mechanisms for hotfix and patch installation in IWSVA. (VRTS-3557), (VRTS-4976), (VRTS-4978), Issue 6: IWSVA is affected by Authenticated Command Injection vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Critical Patch resolves the vulnerability. (VRTS-4972), (VRTS-4974), Issue 7: IWSVA is affected by Remote Stack Buffer Overflow vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Critical Patch resolves the vulnerability. (VRTS-5104), Issue 8: The Active Update module is affected by Arbitrary File Upload and Remote Code Execution vulnerabilities. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Critical Patch updates the Active Update module to resolves the vulnerabilities. (SEG-89515), (SEG-87908), (SEG-91593), Issue 9: The Appd process generates a large number of core_appd files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This critical patch updates the ixEngine pattern to resolve this issue. [Hotfix 1914] (SEG-86101), Issue 1: After InterScan Web Security Virtual Appliance (IWSVA) integrates with Trend Micro Control Manager(TM), a time zone issue causes inaccurate log generation time to appear on logs on the Control Manager web console. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix ensures that logs show complete and accurate information. NOTE: You need to upgrade IWSVA 6.5 Service Pack 2 Hotfix 1912 before applying this Hotfix. [Hotfix 1913] (SEG-82467), Issue 1: Some category-related reports cannot be generated correctly and do not display any information. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Hotfix ensures that category-related reports are generated normally. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 1: Please upgrade iwsva to Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - HOTFIX 1912 before apply this hotfix 8. Contact Information ======================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. https://www.trendmicro.com/en_us/contact.html NOTE: This information is subject to change without notice. 9. About Trend Micro ======================================================================== Smart, simple, security that fits. As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2021, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo, OfficeScan, Trend Micro Security (for Mac), Control Manager, Trend Micro Apex One, and Trend Micro Apex Central are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners. 10. License Agreement ======================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide