Scribd
Upload
18 views5 pages

MWG Release 12.2.12 RN-RELEASE

Mcfee SWG

Uploaded by

lakbabi1035
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views5 pages

MWG Release 12.2.12 RN-RELEASE

Mcfee SWG

Uploaded by

lakbabi1035
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Secure Web Gateway 12.2.

12 Release Notes

New Features in the 12.2.x Release


Below is a consolidated list of new features available across the different 12.2.x releases. For issues resolved as part of
this release please see the Resolved Issue section

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.

Rebranding to Account for Transition


Names of products, components, and other items have been rebranded to account for the transition from McAfee to
Secure Web Gateway.

Rebranded SNMP SMI and MIB file with updated Org OID for Skyhigh
Security
As part of the rebranding, a new Object Identifier (OID) has been introduced for Org Skyhigh Security. We are updating
the SNMP OID from .1.3.6.1.4.1.1230* to .1.3.6.1.4.1.59732*. You'll need to update your management software
accordingly if they are referring to these OID. For more details, see Configure event monitoring with SNMP.

Trellix VX Integration to SWG


The SWG 12.2.0 supports integration with Trellix Virtual Execution (VX). For more details, see Trellix Virtual Execution
Integration to SWG.

Detection of OneNote files


New Mediatype detection has been added for OneNote files to detect .one and .onepkg files.

InsecureNetlogon
Insecure NETLOGON channel is blocked by default. To explicitly allow Insecure NETLOGON, a new checkbox is
provided in Windows Join Domain Dialogue. For more details, see InsecureNetlogon

TCP Health Check


Prior to this features, SWG would send live traffic to Next Hop Proxies to determine its health which resulted in delayed

https://success.skyhighsecurity.com/Release_Notes/Latest_Release_Notes/Secure_Web_Gateway_12.2.12_Release_Notes
Downloaded: Fri, 09 Aug 2024 10:50:56 GMT

1
response in case Next Hop Proxy is not healthy. With this feature, SWG will have knowledge of the health of the Next
Hop Proxies beforehand. For more details, see TCP Health Check for Next Hop Proxy.

Server Chunk Encoding


A new check box option is provided in proxy control event settings, which allows to enforce chunk encoding transfer on
server requests from SWG. For more details, see Server Side Chunk Encoding

Connect Response Based on HTTP-Protocol


Connection Established response message always shows HTTP1.0 even if the HTTP Protocol header of the request
was HTTP1.1. Now you can configure this under Proxy Control Event, where we can select to send back the Connection
Established Response text based on the HTTP Protocol version received. For more details, see Configure Connection
Established Response based on HTTP Protocol Version.

Support to pipelined application/HTTP


A new media type has been added to media type filtering for detection and Openers for pipelined Application/HTTP.

New Properties for Multiline Base64


To support the multiline Base-64, new properties are added in SWG

Support for kdbx-kdb-Filetype


A new media type has been added to media type filtering to detect files of the kdbx and kdb types.

Client certificate authentication for HTML UI


Client certificate authentication is now added for the HTML UI, For more details, see Client Certificate Authentication for
HTML UI.

Configurable size limit of single XML attributes

The configurable size limit of single XML attributes has been increased to reduce errors on startup when having large
inline lists.

Known Issues and Workaround


For a list of issues that are currently known, see SWG 12.x.x Known Issues and Workaround.

https://success.skyhighsecurity.com/Release_Notes/Latest_Release_Notes/Secure_Web_Gateway_12.2.12_Release_Notes
Downloaded: Fri, 09 Aug 2024 10:50:56 GMT

2
Resolved Issues in the 12.2.12 Release
NOTE: Secure Web Gateway 12.2.12 is provided as a main release.

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.

The list of resolved issues is mentioned below.

JIRA issue numbers are provided in the reference columns.

Reference Description

The Show in Context feature on the search filter highlights the ruleset and makes it visible on the
WP-6156
screen with one click

WP-6282 SWG now support handling HTTP_1_1_REQUIRED responses from HTTP2 server

WP-6298 Hard disk usage tracking for relevant disk areas in the cloud

TCP ports are listed on the UI under Dashboard > Charts and Tables >System Details > Open TCP
WP-6299
Ports

WP-6330 No crash in RAR Opener

Vulnerabilities Fixed
This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE
has been shown to impact customers.
The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

https://success.skyhighsecurity.com/Release_Notes/Latest_Release_Notes/Secure_Web_Gateway_12.2.12_Release_Notes
Downloaded: Fri, 09 Aug 2024 10:50:56 GMT

3
Reference CVE Description

A heap-based buffer over-read vulnerability was found in the X.org server's


ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped
length values are used in replies, potentially leading to memory leakage and
segmentation faults, particularly when triggered by a client with a different
endianness. This vulnerability could be exploited by an attacker to cause the X
CVE-2024-31080
server to read heap memory values and then transmit them back to the client
until encountering an unmapped page, resulting in a crash. Despite the
attacker's inability to control the specific memory copied into the replies, the
small length values typically stored in a 32-bit integer can result in significant
attempted out-of-bounds reads.

A heap-based buffer over-read vulnerability was found in the X.org server's


ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped
length values are used in replies, potentially leading to memory leakage and
segmentation faults, particularly when triggered by a client with a different
WP-6311
endianness. This vulnerability could be exploited by an attacker to cause the X
CVE-2024-31081
server to read heap memory values and then transmit them back to the client
until encountering an unmapped page, resulting in a crash. Despite the
attacker's inability to control the specific memory copied into the replies, the
small length values typically stored in a 32-bit integer can result in significant
attempted out-of-bounds reads.

A use-after-free vulnerability was found in the ProcRenderAddGlyphs()


function of Xorg servers. This issue occurs when AllocateGlyph() is called to
store new glyphs sent by the client to the X server, potentially resulting in
multiple entries pointing to the same non-refcounted glyphs. Consequently,
CVE-2024-31083
ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario
when the same glyph pointer is subsequently accessed. This flaw allows an
authenticated attacker to execute arbitrary code on the system by sending a
specially crafted request.

Improper Handling of Exceptional Conditions, Uncontrolled Resource


Consumption vulnerability in Apache Tomcat. When processing an HTTP/2
stream, Tomcat did not handle some cases of excessive HTTP headers
correctly. This led to a miscounting of active HTTP/2 streams which in turn led
WP-6319 CVE-2024-34750 to the use of an incorrect infinite timeout which allowed connections to remain
open which should have been closed. This issue affects Apache Tomcat: from
11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1
through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21,
10.1.25 or 9.0.90, which fixes the issue.

The POLY1305 MAC (message authentication code) implementation contains


a bug that might corrupt the internal state of applications on the Windows 64
platform when running on newer X86_64 processors supporting the
AVX512-IFMA instructions. Impact summary: If in an application that uses the
WP-6338 CVE-2023-4807 OpenSSL library an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences. The POLY1305 MAC (message
authentication code) implementation in OpenSSL does not save the contents
of non-volatile XMM registers on Windows 64 platform when calculating the

https://success.skyhighsecurity.com/Release_Notes/Latest_Release_Notes/Secure_Web_Gateway_12.2.12_Release_Notes
Downloaded: Fri, 09 Aug 2024 10:50:56 GMT

4
MAC of data larger than 64 bytes. Before returning to the caller all the XMM
registers are set to zero rather than restoring their previous content. The
vulnerable code is used only on newer x86_64 processors supporting the
AVX512-IFMA instructions. The consequences of this kind of internal
application state corruption can be various - from no consequences, if the
calling application does not depend on the contents of non-volatile XMM
registers at all, to the worst consequences, where the attacker could get
complete control of the application process. However given the contents of the
registers are just zeroized so the attacker cannot put arbitrary values inside,
the most likely consequence, if any, would be an incorrect result of some
application dependent calculations or a crash leading to a denial of service.
The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3 and a malicious client can influence whether this AEAD
cipher is used by the server. This implies that server applications using
OpenSSL can be potentially impacted. However we are currently not aware of
any concrete application that would be affected by this issue therefore we
consider this a Low severity security issue. As a workaround the
AVX512-IFMA instructions support can be disabled at runtime by setting the
environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000
The FIPS provider is not affected by this issue.

Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash


leading to a potential Denial of Service attack Impact summary: Applications
loading files in the PKCS12 format from untrusted sources might terminate
abruptly. A file in PKCS12 format can contain certificates and keys and may
come from an untrusted source. The PKCS12 specification allows certain fields
to be NULL, but OpenSSL does not correctly check for this case. This can lead
to a NULL pointer dereference that results in OpenSSL crashing. If an
CVE-2024-0727 application processes PKCS12 files from an untrusted source using the
OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL
APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(),
PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a
similar issue in SMIME_write_PKCS7(). However since this function is related
to writing data we do not consider it security significant. The FIPS modules in
3.2, 3.1 and 3.0 are not affected by this issue.

The DNS message parsing code in `named` includes a section whose


computational complexity is overly high. It does not cause problems for typical
DNS traffic, but crafted queries and responses may cause excessive CPU load
on the affected `named` instance by exploiting this flaw. This issue affects both
WP-6340 CVE-2023-4408
authoritative servers and recursive resolvers. This issue affects BIND 9
versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through
9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and
9.18.11-S1 through 9.18.21-S1.

For resolved issues on the previous releases and other information, see Secure Web Gateway 12.2.x Release Notes

https://success.skyhighsecurity.com/Release_Notes/Latest_Release_Notes/Secure_Web_Gateway_12.2.12_Release_Notes
Downloaded: Fri, 09 Aug 2024 10:50:56 GMT

You might also like