<> Trend Micro Incorporated August 16, 2022 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Trend Micro(TM) InterScan Web Security Virtual Appliance 6.5 Service Pack 3 English - Linux - 64 Bits Patch 1 - Build 3310 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Contents ====================================================================== 1. Patch Release Information 1.1 Resolved Known Issues 1.2 Enhancements 2. Documentation Set 3. System Requirements 4. Installation/Uninstallation 4.1 Installing 4.2 Uninstalling 5. Post-installation Configuration 6. Known Issues 7. Release History 7.1 Prior Hotfixes 8. Files Included in this Release 9. Contact Information 10. About Trend Micro 11. License Agreement ====================================================================== 1. Patch Release Information ====================================================================== 1.1 Resolved Known Issues ==================================================================== This patch resolves the following issue(s): (SEG-137356), Issue 1: When InterScan Web Security Virtual Appliance (IWSVA) works in Transparent Bridge mode and uses a separate management interface, DNS resolution fails if the DNS query is sent through the data interface. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 1: This Patch resolves this issue by adding a rule in IWSVA to forward the DNS response on the data interface to applications. (SEG-136831), Issue 2: InterScan Web Security Virtual Appliance (IWSVA) loads the certificate CRL files even when the Certificate revocation check by CRL feature is disabled. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 2: This Patch resolves this issue by setting IWSVA not to load the certificate CRL files when the revocation check is disabled. (SEG-136834), Issue 3: Users are unable to access websites using the Firefox web browser because the default certificate(/var/iwss/https/certstore/new_default_ca /default.cer)used by the HTTPS decryption feature in InterScan Web Security Virtual Appliance is not trusted. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 3: This Patch resolves this issue by replacing the default certificate that is trusted by Firefox. (VRTS-7131), Issue 4: A vulnerability (CVE-2022-0778) is found in the openssl library the system uses for HTTPS decryption. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 4: This Patch updates the openssl library to version 1.1.1n to enhance product security. (SEG-137253), Issue 5: The InterScan Web Security Virtual Appliance HTTP daemon may encounter an insufficient memory issue due to an excessive number of CRL files. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 5: This Patch provides the configuration setting to clear CRL files regularly. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 5: To enable this file cleanup feature, set the following parameter in the file "/var/iwss/intscan.ini": [https-scanning] auto_clear_crl=yes (SEG-129731), Issue 6: The administrator web console does not display normally in Microsoft(TM) Internet Explorer(TM) because the web browser does not support the latest Javascript features. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 6: This Patch ensures that the administrator web console displays normally on Internet Explorer. (SEG-106443), Issue 7: An error appears on the policy page of the InterScan Web Security Virtual Appliance (IWSVA) web console when there are more than 64 "Customer Categories". ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 7: This Patch extends the maximum number of "Custom Categories" to 256 to resolve the error. (SEG-124838), Issue 8: In some situations, deadlocks occur in the AuthDaemon process which makes users not able to do authentication. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 8: This Patch solves the deadlock issue of the AuthDaemon process. (SEG-117913), Issue 9: The "/var/iwss/https/certstore/crl/url/crl_url_tmp.txt" file contains a large number of duplicate items, as a result, a large number of duplicate CRLs are also downloaded into the "/var/iwss/https/certstore/crl/new" folder. This causes the folder to grow too large. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 9: This Patch enables IWSVA to delete the old "crl_url_tmp.txt" file and replace with a newly-generated "crl_url_tmp.txt" file when downloading CRLs. (VRTS-6665), Issue 10: The version of the libxml2 library used in InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 3 is affected by a CVE-2016-4658 vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 10: This Patch updates the libxml2 library to fix this vulnerability issue. (SEG-129741), Issue 11: An issue prevents administrators from setting the system time to synchronize with an NTP server or from setting the time manually through the "Administration > IWSVA Configuration > System Time" page. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 11: This Patch ensures that administrators can configure the system time settings successfully. (SEG-129726), Issue 12: Administrators cannot save the settings on the policy deployment page of the Japanese version of the InterScan Web Security Virtual Appliance (IWSVA) web console because the page contains a special feature for the English version. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 12: This Patch resolves this issue so administrators can save the settings on the policy deployment page of the IWSVA JP web console. (SEG-131819), Issue 13: In InterScan Web Security Virtual Appliance (IWSVA), extending the disk space using a clish command may fail and the operation times out when the new added storage device is huge. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 13: This Patch resolves the issue by providing a specific script for extending disk space. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Procedure 13: To extend the disk space: 1. Install this Patch (see "Installation"). 2. Follow the instructions in the Installation Guide to add a new hard disk to the IWSVA machine. 3. Login in to the IWSVA machine console. NOTE: Do not use SSH to log in to IWSVA. SSH connection may be interrupted when a command is running which may cause disk extension to fail or corrupt information on the disk. 4. Run the following command to extend disk space for the "var/" folder. sh /usr/iwss/extend_harddisk.sh (SEG-133426), Issue 14: The "/var/iwss/https/certstore/new_default_ca/default.ce r" certificate is expiring soon. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 14: This Patch replaces the expiring certificate with a new certificate. (VRTS-6917), Issue 15: InterScan Web Security Virtual Appliance (IWSVA) is affected by the CVE-2021-4034 vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 15: This Patch deletes the “/bin/pkexec" and "/usr/bin/pkexec” programs to resolve this issue since the CVE-2021-4034 vulnerability affects these programs. IWSVA does not use these programs. (SEG-133624), Issue 16: InterScan Web Security Virtual Appliance (IWSVA) is affected by the CVE-2021-23017 vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 16: This Patch upgrades the "nginx" program to version 1.21.6 to resolve this issue. (SEG-133627), Issue 17: The startup time of the operating system takes too long after upgrading InterScan Web Security Virtual Appliance (IWSVA) from Service Pack (SP) 2 to SP 3 version using the upgrade package. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 17: This Patch removes the unnecessary startup step to resolve this issue. (SEG-134245), Issue 18: The system may not start a scheduled update at the specified time. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 18: This Patch resolves this issue. (VRTS-5616), Issue 19: The InterScan Web Security Virtual Appliance (IWSVA) Sudo is affected by a Privilege Escalation Vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 19: This Patch updates the Sudo in IWSVA to remove this vulnerability. (SEG-126227), Issue 20: The "logoffload" function stops working after IWSVA 6.5 is updated to Service Pack 3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 20: This Patch ensures that the "logoffload" function runs normally. (SEG-144404), Issue 21: InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP3 is not able to let the administrator set the maximum logs disk size to a value below the /var partition size. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 21: This Patch solves this issue by enabling IWSVA 6.5 SP3 to properly calculate the hard disk space. (SEG-137356), Issue 22: When InterScan Web Security Virtual Appliance (IWSVA) works in Transparent Bridge mode and uses a separate management interface, DNS resolution fails if the DNS query is sent through the data interface. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 22: This Patch resolves this issue by adding a rule in IWSVA to forward the DNS response on the data interface to applications. (SEG-143469), Issue 23: InterScan Web Security Virtual Appliance (IWSVA) was not able to block posting messages on Twitter when the corresponding action was set to "Deny Post Message" in application control policies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 23: This Patch upgrades the ixEngine pattern to 2003424 in IWSVA to solve this issue. (VRTS-7559), (VRTS-7561), Issue 24: A vulnerability issue was found in wget. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 24: This Patch updates the wget version to 1.21.3 to enhance the product security. (SEG-147702), Issue 25: garbled characters display within exported pdf files when IWSVA administrator visit [Log] > [Log Analysis] > [Internet Access] , [Log] > [Log Analysis] > [Internet Security] and [Log] > [Log Analysis] > [Policy Enforcement] . ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 25: This Patch will handle this issue. (SEG-145631), Issue 26: There is a potential issue in True File Type handle, which may cause IWSVA to return wrong file types. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution 26: This Patch resolves this issue. 1.2 Enhancements ==================================================================== Enhancement 1: This patch upgrades openssl to 1.1.1q. Enhancement 2: This patch upgrades ixEngine2.6. Enhancement 3: This patch removes unused rpm. Enhancement 4: This patch introduces a new hotfix/patch certificate validation mechanism. 2. Documentation Set ====================================================================== To download or view electronic versions of the documentation set for this product, go to http://docs.trendmicro.com - Online Help: The Online Help contains an overview of features and key concepts, and information on configuring and maintaining the product. To access the Online Help, go to http://docs.trendmicro.com - Installation Guide (IG): The Installation Guide contains information on requirements and procedures for installing and deploying the product. - Administrator's Guide (AG): The Administrator's Guide contains an overview of features and key concepts, and information on configuring and maintaining the product. - Getting Started Guide (GSG): The Getting Started Guide contains product overview, installation planning, installation and configuration instructions, and basic information intended to get the product 'up and running'. - Support Portal: The Support Portal contains information on troubleshooting and resolving known issues. - To access the Support Portal, go to http://esupport.trendmicro.com 3. System Requirements ====================================================================== 1. InterScan Web Security Virtual Appliance 6.5 Service Pack 3 Build 3257 - English - Linux - x64 4. Installation/Uninstallation ====================================================================== This section explains key steps for installing the Patch. 4.1 Installing ==================================================================== To install: 1. Download the "iwsva_65_sp3_ar64_en_patch1.zip" patch file onto your local hard disk. 2. Log on to the IWSVA admin console GUI. 3. Go to the "Administration > System Updates" page. 4. Click "Browse". 5. Browse your local hard disk for the patch file and click "Open". 6. Click "Upload". Your browser uploads the patch file to IWSVA and IWSVA validates if the file is a legitimate patch. 7. Click "Install". Note: Applying this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 4.2 Uninstalling ==================================================================== To roll back to the previous build: 1. Log on to the IWSVA admin console GUI. 2. Go to the "Administration > System Updates" page. 3. Click "Uninstall" next to "patch". A confirmation page appears. 4. Verify the patch ID and description on the confirmation page. 5. Click "Uninstall". Note: Removing this patch will interrupt the HTTP and FTP services for several minutes. Plan appropriately for this downtime. 5. Post-installation Configuration ====================================================================== No post-installation steps are required. Note: Trend Micro recommends that you update your scan engine and virus pattern files immediately after installing the product. 6. Known Issues ====================================================================== There are no known issues for this Patch release. 7. Release History ====================================================================== For more information about updates to this product, go to: http://www.trendmicro.com/download 7.1 Prior Hotfixes ==================================================================== Only this hotfix was tested for this release. Prior hotfixes were tested at the time of their release. 8. Files Included in this Release ====================================================================== Filename Build No. ==================================================================== libdaemon.so 3310 svcmonitor 3310 isdelvd 3310 iwsvafw.sh 3310 sudo-1.8.23-10.el7_9.1.x86_64.rpm 3310 logBackup.py 3310 IWSSPIUrlFilter.so 3310 libcommoncache.so 3310 libcommonldap.so 3310 AuthDaemon 3310 download_crl.sh 3310 sudo-1.8.23-10.el7_9.1.x86_64.rpm 3310 logBackup.py 3310 libxml2-2.9.1-6.el7_9.6.i686.rpm 3310 config_date_time.jsp 3310 configure_system_central.xml 3310 ntp_cron.py 3310 csrf_func.js 3310 iwss_config_autodeploy.jsp 3310 extend_harddisk.sh 3310 funcs.sh 3310 default_key.cer 3310 default.cer 3310 .default.passphrase 3310 nginx 3310 rehash_crl.sh 3310 libHTTPSDecryption.so 3310 clear_crl.sh 3310 crl_url_sorted_default.txt 3310 iwssgui.jar 3310 wget 3310 libtmprotodef.so.2003424 3310 libtmprotocols.so.2003424 3310 ui_get_disk_size.sh 3310 9. Contact Information ====================================================================== A license to Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, you must renew Maintenance on an annual basis at Trend Micro's then-current Maintenance fees. Contact Trend Micro via fax, phone, and email, or visit our website to download evaluation copies of Trend Micro products. http://www.trendmicro.com/us/about-us/contact/index.html NOTE: This information is subject to change without notice. 10. About Trend Micro ====================================================================== Smart, simple, security that fits As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. Copyright 2017, Trend Micro Incorporated. All rights reserved. Trend Micro, InterScan Web Security Virtual Appliance, and the t-ball logo are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other marks are the trademarks or registered trademarks of their respective companies. 11. License Agreement ====================================================================== View information about your license agreement with Trend Micro at: https://www.trendmicro.com/en_us/about/legal.html Third-party licensing agreements can be viewed: - By selecting the "About" option in the application user interface - By referring to the "Legal" page of the Administrator's Guide