Symantec Enterprise Security Manager Patch Policy · PDF fileSymantec™ Enterprise...

Symantec™ EnterpriseSecurity Manager PatchPolicy Release Notes

Symantec™ Enterprise Security Manager Patch PolicyRelease Notes

The software described in this book is furnished under a license agreement andmay be usedonly in accordance with the terms of the agreement.

Documentation version: 2013.05.01

Legal NoticeCopyright © 2013 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, the Checkmark Logo, ActiveAdmin, BindView, BV-Control,and LiveUpdate are trademarks or registered trademarks of Symantec Corporation or itsaffiliates in theU.S. and other countries. Other namesmay be trademarks of their respectiveowners.

The product described in this document is distributed under licenses restricting its use,copying, distribution, and decompilation/reverse engineering. No part of this documentmay be reproduced in any form by any means without prior written authorization ofSymantec Corporation and its licensors, if any.

THEDOCUMENTATIONISPROVIDED"ASIS"ANDALLEXPRESSORIMPLIEDCONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TOBELEGALLYINVALID.SYMANTECCORPORATIONSHALLNOTBELIABLEFORINCIDENTALOR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINEDIN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software andDocumentation are deemed to be commercial computer softwareas defined in FAR12.212 and subject to restricted rights as defined in FARSection 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software andDocumentation by theU.S.Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis StreetMountain View, CA 94043

http://www.symantec.com

http://www.symantec.com

Technical SupportSymantec Technical Support maintains support centers globally. TechnicalSupport’s primary role is to respond to specific queries about product featuresand functionality. TheTechnical Support group also creates content for our onlineKnowledge Base. The Technical Support group works collaboratively with theother functional areas within Symantec to answer your questions in a timelyfashion. For example, theTechnical Support groupworkswithProductEngineeringand Symantec Security Response to provide alerting services and virus definitionupdates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the rightamount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response andup-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7days a week basis

■ Premium service offerings that include Account Management Services

For information about Symantec’s support offerings, you can visit our website atthe following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreementand the then-current enterprise technical support policy.

Contacting Technical SupportCustomers with a current support agreement may access Technical Supportinformation at the following URL:


Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should beat the computer onwhich theproblemoccurred, in case it is necessary to replicatethe problem.

When you contact Technical Support, please have the following informationavailable:

■ Product release level



■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registrationIf yourSymantecproduct requires registrationor a licensekey, access our technicalsupport Web page at the following URL:


Customer serviceCustomer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as thefollowing types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs, DVDs, or manuals



Support agreement resourcesIf youwant to contact Symantec regarding an existing support agreement, pleasecontact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America

mailto:[email protected]



Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Chapter 1 Introducing Patch Policy updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

About the Patch Policy updates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Getting Patch Policy updates through LiveUpdate ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Enhancements to the Patch module in Security Updates ... . . . . . . . . . . . . . . . . . . 10

Chapter 2 About the Patch policy 2013.05.01 release . . . . . . . . . . . . . . . . . . 15

What is new .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Template updates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17New patches for Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26New patches for UNIX .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

HP-UX .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Red Hat Linux .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Solaris ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Oracle Enterprise Linux .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29SUSE .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Enhancements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Contents

Contents8

Introducing Patch Policyupdates

This chapter includes the following topics:

■ About the Patch Policy updates

■ Getting Patch Policy updates through LiveUpdate

■ Enhancements to the Patch module in Security Updates

About the Patch Policy updatesThePatchPolicy updates are released twice amonth. These updates add, enhance,and update the Patch policy and the associated template files on the SymantecESM manager. Symantec updates the patch templates with the Symantec ESMpolicy installer.

Getting Patch Policy updates through LiveUpdateTo get Patch policy updates through LiveUpdate for 6.5 or later managers, selectthe Patch Policies - OS Comprehensive LiveUpdate package in the EnterpriseSecurity Manager 6.5 or later Content Updates section. The Comprehensivepackage contains the checks that apply to the platforms that are supported onlyon ESM 6.5 or later.

The policy installer executable applies to all versions of ESM and is available atthe following location:

http://securityresponse.symantec.com/

1Chapter

http://securityresponse.symantec.com/

Note: As per the End of Life product support policy, ESM Patch policy updates onESM 6.0 or earlier are not supported from Patch Policy (Windows) Update2008.10.02.

Note: If Java is installed on a Solaris 9 agent, install the JDK using the tar archivefile containing packages, available from Sun. If you install the JDK using aselfextracting shell archive file, the module will not report vulnerabilityinformation for it because no specific packages are installed.

Note: SU 26 now supports Solaris x86. If you do not have the current modules forSU 26, you will see duplicate messages for patches. To remove these duplicatemessages, you must update your modules to SU 26 or newer.

Enhancements to the Patch module in SecurityUpdates

Every Security Update includes updates to the Patch module. Upgrading to thelatest Security Update provides you with the most accurate patch detection.

Table 1-1 describes the enhancements to the Patch module in the latest SecurityUpdates.

Table 1-1 Support and enhancements in Security Updates

Upgraded support and enhancementsSecurity Update

Added support for Windows Server 2003 64-Bit Itanium-basedsystems

Added support for SUSE Linux Enterprise Server 8

Security Update 20

Added support for HP-UX 11i v2

Added regular expression support for the file version field forWindows patches utilized in checking Windows Media Playerpatches

Security Update 21

Introducing Patch Policy updatesEnhancements to the Patch module in Security Updates

10

Table 1-1 Support and enhancements in Security Updates (continued)


Added support for AIX maintenance releases and supersedingpatches.

Added support for the following operating systems:

■ IBM AIX 5.3

■ Red Hat Enterprise Linux AS 3.0 on Itanium, EM64T, andAMD64

■ Red Hat Enterprise Linux WS 3.0 on AMD64

■ SUSE Linux Enterprise Server 9 for x86

Security Update 22

Added support for SUSE Linux Enterprise Server 9 on Itanium

Added support for Red Hat Linux Workstation 3 for Xeon(EM64T)

Added wildcard support for registry keys

Added patch results summary support

Added list installed patches support

Added service state messages support

Security Update 23

Added support for Red Hat Enterprise Linux 4 ES (x86)

Added Veritas Backup Exec product support

Added script transfer to agent support

Added Solaris Role Based Access Control support

Added Solaris 2.10 zone support

Security Update 24


■ Red Hat Enterprise Linux 4 AS on Opteron and Itanium

■ WindowsServer 2003Enterprise 64-bit onOpteronandXeon

■ Added UNICODE support for AIX 433

Security Update 25

Added support for Solaris 10 on x86, x64

Added File System Entitlement module

Security Update 26

Added support for the following systems:

■ Red Hat Enterprise Linux 4 AS (Xeon)

■ Windows Server 2003 R2 (x86, x64)

Security Update 27

Added support for SUSE Linux Enterprise Server version 10Security Update 28

11Introducing Patch Policy updatesEnhancements to the Patch module in Security Updates



Added support forMicrosoftWindowsVista (x86, x64) EditionsSecurity Update 30

Added support for RedHat Enterprise Linux 5 (x86, x86_64, andIA64-bit)

Security Update 31

Added support for RedHat Enterprise Linux 5.x on IBMz-series(s390x)

Security Update 31.08

Added support for SUSE Linux Enterprise Server 9/10 (x86_64)and ESX Server 3.0.2 (x86, Opteron)

Security Update 32


■ Microsoft Windows Server 2008 (x86)

■ Microsoft Windows Server 2008 64-bit (x64 )

■ Microsoft Windows Server 2008 64-Bit Itanium

■ HP-UX 11.23 on PA-RISC

Security Update 34


■ HP-UX 11.31 on Itanium

■ HP-UX 11.31 on PA-RISC

■ IBM AIX 6.1

■ Added support to handle Service Pack Entry for WindowsServer 2003 64-bit (x64) and Windows Vista 64-bit (x64)template file.

■ Added support to handle template size greater than 3MB forHP-UX.

Security Update 35


■ SUSE Linux 9 on IBM zSeries (s390x)

■ SUSE Linux 10 on IBM zSeries (s390x)

Security Update 36


■ Red Hat Enterprise Linux Server 5 on PPC e-server

Security Update 37


■ AIX VIO Server 2.1 on AIX 6.1

■ SUSE 11 on x86, x86_64, Itanium, zLinux, and PPC e-Server

■ Oracle Enterprise Linux 5.2, 5.3 on x86, x86_64

Security Update 38


12



Added the support for the following operating systems:

■ Windows 7 on x86 and Opteron

■ Windows 2008 R2 on Itanium, Opteron, and Xeon

Security Update 39


■ RedHatEnterprise Linux5.5 onx86, x86_64, Itanium, zLinux(s390x), and PPC e-Server

■ Red Hat Enterprise Linux Advanced Server 5.5 on x86,x86_64, Itanium, and PPC e-Server

■ Oracle Enterprise Linux 5.5 on x86 and x86_64

Security Update 40

Added the support for the following operating system:

■ Red Hat Enterprise Linux 6.0 on x86, x86_64, PPC64, andzLinux (s390x)

Security Update 41


■ Red Hat Enterprise Linux 6.1 on x86, x86_64, PPC64, andzLinux (s390x)

■ Oracle Solaris 11 Express on x86 and SPARC

Security Update 42

Added the support for the following operating system:

■ Oracle Enterprise Linux 5.x and 6.x on x86 and x86_64

Security Update 43

All previously supported operating systems continue to besupported.

Security Update 44

13Introducing Patch Policy updatesEnhancements to the Patch module in Security Updates


14

About the Patch policy2013.05.01 release

This chapter includes the following topics:

■ What is new

■ Template updates

■ New patches for Windows

■ New patches for UNIX

■ Enhancements

What is newThispatchupdate forSymantecEnterpriseSecurityManager reports theoperatingsystem and application patches for Windows operating systems.

There are a total of 867 new patch signatures and 271 updated patch signaturesin 35 templates.

The following is a summary of the updates:

■ ie.p28i (Microsoft Internet Explorer onMicrosoftWindows 2008 R2 for 64-BitItanium-based Systems - 2 new)

■ ie.p2s8 (Microsoft Internet Explorer on Microsoft Windows 2008 R2 forx64-based Systems - 5 new)

■ ie.p3i (Microsoft Internet Explorer on Microsoft Windows Server 2003 for64-Bit Itanium-based Systems - 2 new)

■ ie.p64 (Microsoft Internet Explorer on Microsoft Windows Server 2003 forx64-based Systems - 4 new)

2Chapter

■ ie.p6s (Microsoft Internet Explorer onMicrosoftWindowsServer 2003 - 4 new)

■ ie.p8i (Microsoft Internet Explorer on Microsoft Windows 2008 for 64-BitItanium-based Systems - 1 new)

■ ie.p8s (Microsoft Internet Explorer onMicrosoftWindowsServer 2008 - 5 new)

■ ie.ps12 (Microsoft Internet Explorer onMicrosoftWindows2012 for x64-basedSystems - 1 new)

■ ie.ps8 (Microsoft Internet Explorer onMicrosoftWindows 2008 for x64-basedSystems - 5 new)

■ ie.pw7 (Microsoft Internet Explorer on Microsoft Windows 7 - 5 new)

■ ie.pwv (Microsoft Internet Explorer on Microsoft Windows Vista - 5 new)

■ ie.pwx (Microsoft Internet Explorer on Microsoft Windows XP Professional -4 new)

■ ie.px7 (Microsoft Internet Explorer on Microsoft Windows 7 for x64-basedSystems - 5 new)

■ ie.pxw (Microsoft Internet Explorer onMicrosoftWindowsVista for x64-basedSystems - 5 new)

■ oel-patch.plx (Oracle Enterprise Linux - 83 new)

■ patch.p28i (Microsoft Windows 2008 R2 for 64-Bit Itanium-based Systems - 6new)

■ patch.p2s8 (Microsoft Windows 2008 R2 for x64-based Systems - 14 new)

■ patch.p3i (Microsoft Windows Server 2003 for 64-Bit Itanium-based Systems- 3 new)

■ patch.p64 (Microsoft Windows Server 2003 for x64-based Systems - 3 new)

■ patch.p6s (Microsoft Windows Server 2003 - 3 new)

■ patch.p8i (MicrosoftWindows 2008 for 64-Bit Itanium-based Systems - 5 new)

■ patch.p8s (Microsoft Windows 2008 - 9 new) patch.pai (IBM AIX - 2 updated)

■ patch.pai (IBM AIX - 2 updated)

■ patch.ph1 (HP-UX 11.23 - 11.31 PA-RISC - 11 new)

■ patch.ph2 (HP-UX 11.23 - 11.31 for Itanium-based systems - 12 new)

■ patch.plx (RedHat Enterprise Linux - 159 new)

■ patch.ps6 (Sun Solaris 2.6+ - 6 new)

■ patch.ps8 (Microsoft Windows 2008 for x64-based Systems - 9 new)

About the Patch policy 2013.05.01 releaseWhat is new

16

■ patch.psl (SUSE Linux - 452 new, 267 updated)

■ patch.pw7 (Microsoft Windows 7 - 7 new, 1 updated)

■ patch.pwx (Microsoft Windows XP Professional - 3 new)

■ patch.px7 (Microsoft Windows 7 for x64-based Systems - 7 new)

■ patch.pwv (Microsoft Windows Vista - 6 new)

■ patch.pxw (MicrosoftWindowsVista for x64-basedSystems - 6new, 1 updated)

■ patch.ps12 (Microsoft Windows 2012 for x64-based Systems - 10 new)

Template updatesTable 2-1 lists the information about the templates that have been updated oradded for various applications and operating systems.

Table 2-1 Templates information for Windows and UNIX operating systems

Application on operating systemTemplate fileTemplate version

Microsoft ExchangeServer 2000onMicrosoftWindows 2000 Server and Windows 2000Advanced Server

exchg2k.ps53127

Microsoft ExchangeServer 2003onMicrosoftWindows Server 2003

exchg2k3.p6s3079

Microsoft ExchangeServer 2003onMicrosoftWindows 2000 Server and Windows 2000Advanced Server

exchg2k3.ps53079

Microsoft ExchangeServer 2007onMicrosoftWindows Server 2003

exchg2k7.p6s16

Microsoft ExchangeServer 2003onMicrosoftWindows 2008

exchg2k7.p8s12

Microsoft ExchangeServer 2007onMicrosoftWindows Server 2008 (x64) Editions

exchg2k7.ps814

Microsoft ExchangeServer 2007onMicrosoftWindows Server 2003 64-bit (x64)

exchg2k7.p6417

Microsoft ExchangeServer 2007onMicrosoftWindows 2008 R2 Server 64-bit (x64)

exchg2k7.p2s82

17About the Patch policy 2013.05.01 releaseTemplate updates

Table 2-1 Templates information for Windows and UNIX operating systems(continued)


Microsoft ExchangeServer 2010onMicrosoftWindows 2008 Server 64-bit (x64)

exchg2k10.ps83

Microsoft ExchangeServer 2010onMicrosoftWindows 2008 R2 Server 64-bit (x64)

exchg2k10.p2s83

Microsoft ExchangeServer 2010onMicrosoftWindows 7 (x64)

exchg2k10.px72

Microsoft ExchangeServer 2007onMicrosoftWindows 7 (x64)

exchg2k7.px71

Microsoft ExchangeServer 2010onMicrosoftVista (x64)

exchg2k10.pxw2

Microsoft ExchangeServer 2007onMicrosoftVista (x64)

exchg2k7.pxw1

Microsoft Exchange Server 5.5 on MicrosoftWindows 2000 Server and Windows 2000Advanced Server

exchg55.ps53118

Microsoft Internet Explorer on MicrosoftWindows Server 2003 for 64-BitItanium-based Systems

ie.p3i68

Microsoft Internet Explorer on MicrosoftWindows Server 2003 64-bit (x64)

ie.p6469

Microsoft Internet Explorer on MicrosoftWindows Server 2003

ie.p6s2726

Microsoft Internet Explorer on MicrosoftWindows Server 2008 for 64-bitItanium-based Systems

ie.p8i43

Microsoft Internet Explorer on MicrosoftWindows Server 2008

ie.p8s47

Microsoft Internet Explorer on MicrosoftWindows Server 2008 64-bit (x64)

ie.ps847

Microsoft Internet Explorer on MicrosoftWindows 2000 Server and Windows 2000Advanced Server

ie.ps53167

About the Patch policy 2013.05.01 releaseTemplate updates

18



Microsoft Internet Explorer on MicrosoftWindows 2000 Professional

ie.pw53168

Microsoft Internet Explorer on MicrosoftWindows XP Professional

ie.pwx3200

Microsoft Internet Explorer on MicrosoftWindows 2008 R2 (x64)

ie.p28i26

Microsoft Internet Explorer on MicrosoftWindows 2008 R2 (x64)Editions

ie.p2s829

Microsoft Internet Explorer on MicrosoftWindows 7

ie.pw729

Microsoft Internet Explorer on MicrosoftWindows 7 (x64)

ie.px729

Microsoft Internet Explorer on MicrosoftWindows Vista

ie.pwv58

Microsoft Internet Explorer on MicrosoftWindows Vista 64-bit (x64)

ie.pxw57

Microsoft Internet Explorer on MicrosoftWindows 2012 64-bit (x64)

ie.ps128

Microsoft Internet Information Services onMicrosoft Windows Server 2003 for 64-BitItanium-based Systems

iis.p3i1010

Microsoft Internet Information Services onMicrosoft Windows Server 2003 64-bit (x64)

iis.p641009

Microsoft Internet Information Services onMicrosoft Windows Server 2003

iis.p6s1009

Microsoft Internet Information Services onMicrosoft 2008 for Itanium-based Systems

iis.p8i4

Microsoft Internet Information Services onMicrosoft Windows Server 2008

iis.p8s7

Microsoft Internet Information Services onMicrosoftWindows2000Server andWindows2000 Advanced Server

iis.ps51006




Microsoft Internet Information Services onMicrosoft Windows 2008 x64 Editions

iis.ps86

Microsoft Internet Information Services onMicrosoft Windows 2000 Professional

iis.pw53106

Microsoft Internet Information Services onMicrosoft Windows 2000 Professional

iis.pw74

Microsoft Internet Information Services onMicrosoft Windows 7 (x64)

iis.px74

Microsoft Internet Information Services onMicrosoft Windows Vista

iis.pwv1009

Microsoft Internet Information Services onMicrosoft Windows XP Professional

iis.pwx3110

Microsoft Internet Information Services onMicrosoft Windows Vista 64-bit (x64)

iis.pxw1009

Microsoft Internet Information Services onMicrosoftWindows2000Server andWindows2000 Advanced Server

iis5.ps53094

Microsoft Internet Information Services onMicrosoft 2008 for Itanium-based Systems

iis.p28i4

Microsoft Internet Information Services onMicrosoft Windows 2008 R2 (x64)

iis.p2s85

Microsoft Internet Security andAccelerationServer on Microsoft Windows Server 2003

isa2k.p6s2975

Microsoft Internet Security andAccelerationServer on Microsoft Windows 2000 Serverand Windows 2000 Advanced Server

isa2k.ps52975

Microsoft Internet Security andAccelerationServer on Microsoft Windows Server 2003

isa.p6s4

Microsoft Internet Security andAccelerationServer on Microsoft Windows 2000 Server

isa.ps52

Microsoft Data Access Components onMicrosoft Windows Server 2003

mdac.p6s3064


20



Microsoft Data Access Components onMicrosoftWindows2000Server andWindows2000 Advanced Server

mdac.ps53064

Microsoft Data Access Components onMicrosoft Windows 2000 Professional

mdac.pw53064

Microsoft Data Access Components onMicrosoft Windows XP Professional

mdac.pwx3064

Oracle Enterprise Linuxoel-patch.plx47

Microsoft Outlook on Microsoft WindowsServer 2003 for 64-Bit Itanium-basedSystems

outlook.p3i9

Microsoft Outlook on Microsoft WindowsServer 2003 (x64)

outlook.p649

Microsoft Outlook on Microsoft WindowsServer 2003

outlook.p6s3140

Microsoft Windows Mail on MicrosoftWindows 2008 for Itanium-based Systems

outlook.p8i5

Microsoft Windows Mail on MicrosoftWindows Server 2008

outlook.p8s4

Microsoft Outlook on Microsoft Windows2000 Server and Windows 2000 AdvancedServer

outlook.ps53137

Microsoft Windows Mail on MicrosoftWindows 2008 (x64)

outlook.ps84

Microsoft Outlook on Microsoft Windows2000 Professional

outlook.pw53138

Microsoft Windows Mail on MicrosoftWindows Vista

outlook.pwv4

Microsoft Outlook on Microsoft Windows XPProfessional

outlook.pwx3138

Microsoft Windows Mail on MicrosoftWindows Vista for 64-Bit

outlook.pxw5




Microsoft Windows Server 2003 for 64-BitItanium-based Systems

patch.p3i252

Microsoft Windows Server 2003 64-bit (x64)patch.p64260

Microsoft Windows Server 2003patch.p6s3424

Microsoft Windows Server 2008 for 64-bitItanium-based Systems

patch.p8i167

Microsoft Windows Server 2008patch.p8s197

IBM AIXpatch.pai3076

HP HP-UX 11.00 - 11.23 PA-RISCpatch.ph13762

HP HP-UX 11.23 for Itanium-based systemspatch.ph2148

Red Hat Linux and Enterprise Linuxpatch.plx3418

MicrosoftWindows2000Server andWindows2000 Advanced Server

patch.ps53313

Sun Solaris 2.6+patch.ps63413

Microsoft Windows Server 2008 64-bit (x64)patch.ps8205

SUSE Linuxpatch.psl209

Sun Solaris 2.5.1patch.pso3250

IBM AIX VIOS Serverpatch.pvio3

Microsoft Windows 2000 Professionalpatch.pw53301

Microsoft Windows XP Professionalpatch.pwx3437

Microsoft Windows Vista Enterprise 32-bitpatch.pwv208

Microsoft Windows Vista Enterprise 64-bit(x64)

patch.pxw210

Microsoft Windows 2008 R2 forItanium-based systems

patch.p28i113

Microsoft Windows 2008 R2 64 -bit (x64)patch.p2s8128


22



Microsoft Windows 7patch.pw7118

Microsoft Windows 7 64 -bitpatch.px7117

Microsoft Windows 2000 Advanced Serverpatch_adv2k.ps518

Microsoft Internet Explorer on MicrosoftWindows 2012 64 -bit (x64)

patch.ps1216

Microsoft SharePoint Services on MicrosoftWindows Server 2003

sharepoint.p6s7

Microsoft SharePoint Services on MicrosoftWindows 2003 (x64) Editions

sharepoint.p645

Microsoft SharePoint Services on MicrosoftWindows 2008

sharepoint.p8s4

Microsoft SharePoint Services on MicrosoftWindows 2008 (x64) Editions

sharepoint.ps86

Microsoft SQL Server on Microsoft Windows2003 for Itanium-based systems

sql.p3i23

Microsoft SQL Server on Microsoft Windows2003 64-bit (x64)

sql.p6423

Microsoft SQL Server on Microsoft Windows2003

sql.p6s27

Microsoft SQL Server on Microsoft Windows2008 for Itanium-based Systems

sql.p8i21

Microsoft SQL Server on Microsoft Windows2008

sql.p8s23

Microsoft SQL Server on Microsoft Windows2000 Server and Windows 2000 AdvancedServer

sql.ps53114


sql.ps819

Microsoft SQL Server on Microsoft Windows2000 Professional

sql.pw53110




Microsoft SQL Server on Microsoft WindowsXP Professional

sql.pwx3112

Microsoft SQL Server on Microsoft WindowsVista

sql.pxw19

Microsoft SQL Server on Microsoft WindowsXP Professional

sql.pwv23


sql.px78


sql.pw77

Microsoft SQL Server on Microsoft WindowsServer 2008 R2 64-bit (x64)

sql.p2s86

Microsoft SQL Server on Microsoft WindowsServer 2008 R2 for Itanium-based 64-bitSystems (ia64)

sql.p28i6

Microsoft Visual Studio on MicrosoftWindows Server 2003 for Itanium-basedSystems

visualstudio.p3i6

Microsoft Visual Studio on MicrosoftWindows Server 2003 (x64) Editions

visualstudio.p6412

Microsoft Visual Studio on MicrosoftWindows Server 2003

visualstudio.p6s14

Microsoft Visual Studio on MicrosoftWindows Server 2008 for Itanium-basedSystems

visualstudio.p8i8


visualstudio.p8s11

Microsoft Visual Studio on MicrosoftWindows 2000 Professional

visualstudio.ps58

Microsoft Visual Studio on MicrosoftWindows Server 2008 (x64) Editions

visualstudio.ps89


24




visualstudio.pw58

Microsoft Visual Studio on MicrosoftWindows Vista

visualstudio.pwv13

Microsoft Visual Studio on MicrosoftWindows XP Professional

visualstudio.pwx14

Microsoft Visual Studio on MicrosoftWindows Vista (x64) Editions

visualstudio.pxw11

Microsoft Visual Studio on MicrosoftWindows 7 (x64)

visualstudio.px74

Microsoft Visual Studio on MicrosoftWindows 7

visualstudio.pw75

Microsoft Visual Studio on MicrosoftWindows Server 2008 R2 64-bit (x64)

visualstudio.p2s82

Microsoft Visual Studio on MicrosoftWindows Server 2008 R2 for Itanium-based64-bit Systems (ia64)

visualstudio.p28i2

MicrosoftWindowsMediaPlayeronMicrosoftWindows Server 2003 64-bit (x64)

wmplayer.p6418

MicrosoftWindowsMediaPlayeronMicrosoftWindows Server 2003

wmplayer.p6s25

Microsoft Windows 2008wmplayer.p8s9

MicrosoftWindowsMediaPlayeronMicrosoftWindows 2000 Server and Windows 2000Advanced Server

wmplayer.ps530

MicrosoftWindowsMediaPlayeronMicrosoftWindows Server 2008 (x64) Editions

wmplayer.ps89

MicrosoftWindowsMediaPlayeronMicrosoftWindows 2000 Professional

wmplayer.pw528

MicrosoftWindowsMediaPlayeronMicrosoftWindows XP Professional

wmplayer.pwx33




MicrosoftWindowsMediaPlayeronMicrosoftWindows Vista (32-bit)

wmplayer.pwv16

MicrosoftWindowsMediaPlayeronMicrosoftWindows Vista (64-bit)

wmplayer.pxw15

Microsoft SharePoint Services on MicrosoftWindows 2008 (x64)

wmplayer.p2s81


wmplayer.px71


wmplayer.pw71

New patches for WindowsThe following new patches are added in this release:

■ MS13-037

■ MS13-038

■ MS13-039

■ MS13-040

■ MS13-046

New patches for UNIXNewpatches have been added forHP-UX,Oracle Enterprise Linux, RedHat Linux,Solaris, and SUSE.

HP-UXTable 2-2 lists thenewpatches that have been added forHP-UXoperating systems.

Table 2-2 New patches for HP-UX

Patch IDPatch IDPatch ID

PHCO_43449PHCO_43411PHCO_43189

About the Patch policy 2013.05.01 releaseNew patches for Windows

26

Table 2-2 New patches for HP-UX (continued)


PHKL_43474PHCO_43503PHCO_43496

PHSS_42863PHNE_42804PHKL_43475

PHSS_43495PHSS_43492PHSS_43444

Red Hat LinuxTable 2-3 lists the new patches that have been added for Red Hat Linux operatingsystems.

Table 2-3 New patches for Red Hat Linux


389-ds-base-libs-1.2.11.15-14.el6_4

389-ds-base-devel-1.2.11.15-14.el6_4

389-ds-base-debuginfo-1.2.11.15-14.el6_4

icedtea-web-javadoc-1.2.3-2.el6_4

icedtea-web-debuginfo-1.2.3-2.el6_4

389-ds-base-1.2.11.15-14.el6_4

java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el6_4

java-1.7.0-openjdk-debuginfo-1.7.0.19-2.3.9.1.el5_9

icedtea-web-1.2.3-2.el6_4

java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el5_9

java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el6_4

java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.el5_9

java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el6_4

java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.el5_9

java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.el6_4

java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el5_9

java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el6_4

java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.el5_9

kernel-debug-devel-2.6.18-348.4.1.el5

kernel-debug-debuginfo-2.6.18-348.4.1.el5

java-1.7.0-openjdk-1.7.0.19-2.3.9.1.el6_4

kernel-debug-2.6.18-348.4.1.el5

kernel-debuginfo-2.6.18-348.4.1.el5

kernel-debuginfo-common-2.6.18-348.4.1.el5

kernel-headers-2.6.18-348.4.1.el5

kernel-doc-2.6.18-348.4.1.el5kernel-devel-2.6.18-348.4.1.el5

kernel-kdump-2.6.18-348.4.1.el5

kernel-kdump-devel-2.6.18-348.4.1.el5

kernel-kdump-debuginfo-2.6.18-348.4.1.el5

27About the Patch policy 2013.05.01 releaseNew patches for UNIX

Table 2-3 New patches for Red Hat Linux (continued)


kernel-xen-2.6.18-348.4.1.el5kernel-xen-devel-2.6.18-348.4.1.el5

kernel-xen-debuginfo-2.6.18-348.4.1.el5

krb5-devel-1.10.3-10.el6_4.2krb5-debuginfo-1.10.3-10.el6_4.2

kernel-2.6.18-348.4.1.el5

krb5-server-ldap-1.10.3-10.el6_4.2

krb5-pkinit-openssl-1.10.3-10.el6_4.2

krb5-libs-1.10.3-10.el6_4.2

mod_dav_svn-1.6.11-11.el5_9krb5-workstation-1.10.3-10.el6_4.2

krb5-server-1.10.3-10.el6_4.2

subversion-debuginfo-1.6.11-9.el6_4

subversion-debuginfo-1.6.11-11.el5_9

mod_dav_svn-1.6.11-9.el6_4

subversion-gnome-1.6.11-9.el6_4

subversion-devel-1.6.11-9.el6_4


subversion-kde-1.6.11-9.el6_4

subversion-javahl-1.6.11-9.el6_4


subversion-ruby-1.6.11-11.el5_9

subversion-perl-1.6.11-9.el6_4


subversion-1.6.11-11.el5_9subversion-svn2cl-1.6.11-9.el6_4


subversion-1.6.11-9.el6_4

SolarisTable 2-4 lists thenewpatches that have been added for Solaris operating systems.

Table 2-4 New patches for Solaris


138825-12138823-12119758-27

144997-02144995-02138827-12

Note: For this release of Solaris Patches, ESM has referred to the Patchdiag.xreffile that is dated April 21, 2013.

About the Patch policy 2013.05.01 releaseNew patches for UNIX

28

Oracle Enterprise LinuxTable 2-5 lists the new patches that have been added for Oracle Enterprise Linux(OEL) operating systems

Table 2-5 New patches for Oracle Enterprise Linux (OEL)


389-ds-base-1.2.11.15-14.el6_4

389-ds-base-libs-1.2.11.15-14.el6_4

389-ds-base-devel-1.2.11.15-14.el6_4

icedtea-web-1.2.3-2.el6_4icedtea-web-javadoc-1.2.3-2.el6_4

firefox-17.0.5-1.0.1.el6_4

java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.0.1.el5_9

java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.0.1.el6_4

java-1.7.0-openjdk-demo-1.7.0.19-2.3.9.1.0.1.el5_9

java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.0.1.el6_4

java-1.7.0-openjdk-javadoc-1.7.0.19-2.3.9.1.0.1.el5_9

java-1.7.0-openjdk-devel-1.7.0.19-2.3.9.1.0.1.el6_4

java-1.7.0-openjdk-1.7.0.19-2.3.9.1.0.1.el5_9

java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.0.1.el6_4

java-1.7.0-openjdk-src-1.7.0.19-2.3.9.1.0.1.el5_9

kernel-debug-2.6.18-348.4.1.0.1.el5

kernel-debug-devel-2.6.18-348.4.1.0.1.el5

java-1.7.0-openjdk-1.7.0.19-2.3.9.1.0.1.el6_4

kernel-headers-2.6.18-348.4.1.0.1.el5

kernel-doc-2.6.18-348.4.1.0.1.el5

kernel-devel-2.6.18-348.4.1.0.1.el5

kernel-uek-debug-2.6.39-400.21.1.el5uek

kernel-uek-debug-devel-2.6.39-400.21.1.el6uek

kernel-uek-debug-devel-2.6.39-400.21.1.el5uek

kernel-uek-devel-2.6.39-400.21.1.el6uek

kernel-uek-devel-2.6.39-400.21.1.el5uek

kernel-uek-debug-2.6.39-400.21.1.el6uek

kernel-uek-firmware-2.6.39-400.21.1.el5uek

kernel-uek-doc-2.6.39-400.21.1.el6uek

kernel-uek-doc-2.6.39-400.21.1.el5uek

kernel-uek-2.6.39-400.21.1.el6uek

kernel-uek-2.6.39-400.21.1.el5uek

kernel-uek-firmware-2.6.39-400.21.1.el6uek

kernel-2.6.18-348.4.1.0.1.el5kernel-xen-2.6.18-348.4.1.0.1.el5

kernel-xen-devel-2.6.18-348.4.1.0.1.el5

krb5-devel-1.10.3-10.el6_4.2kmod-kvm-83-262.0.1.el5_9.3

kmod-kvm-debug-83-262.0.1.el5_9.3


Table 2-5 New patches for Oracle Enterprise Linux (OEL) (continued)


krb5-server-ldap-1.10.3-10.el6_4.2

krb5-pkinit-openssl-1.10.3-10.el6_4.2

krb5-libs-1.10.3-10.el6_4.2

kvm-qemu-img-83-262.0.1.el5_9.3

krb5-workstation-1.10.3-10.el6_4.2

krb5-server-1.10.3-10.el6_4.2

mod_dav_svn-1.6.11-11.el5_9kvm-83-262.0.1.el5_9.3kvm-tools-83-262.0.1.el5_9.3


stunnel-4.29-3.el6_4mod_dav_svn-1.6.11-9.el6_4


subversion-gnome-1.6.11-9.el6_4



subversion-kde-1.6.11-9.el6_4





subversion-1.6.11-9.el6_4subversion-1.6.11-11.el5_9subversion-svn2cl-1.6.11-9.el6_4

thunderbird-17.0.5-1.0.1.el6_4

SUSETable 2-6 lists the newpatches that have been added for SUSE operating systems.

Table 2-6 New Patches for SUSE


apache2-doc-2.2.12-1.38.2apache2-devel-2.2.3-16.48.1apache2-debuginfo-2.2.3-16.48.1

apache2-example-pages-2.2.3-16.48.1

apache2-example-pages-2.2.12-1.38.2

apache2-doc-2.2.3-16.48.1

apache2-utils-2.2.12-1.38.2apache2-prefork-2.2.3-16.48.1

apache2-prefork-2.2.12-1.38.2

apache2-2.2.12-1.38.2apache2-worker-2.2.3-16.48.1

apache2-worker-2.2.12-1.38.2


30

Table 2-6 New Patches for SUSE (continued)


clamav-0.97.7-0.5.1clamav-0.97.7-0.3.1apache2-2.2.3-16.48.1

dhcp-server-4.2.4.P2-0.11.13.1

dhcp-relay-4.2.4.P2-0.11.13.1dhcp-client-4.2.4.P2-0.11.13.1

java-1_7_0-ibm-alsa-1.7.0_sr4.1-0.5.1

jakarta-commons-httpclient3-3.0.1-253.36.1

dhcp-4.2.4.P2-0.11.13.1

java-1_7_0-ibm-1.7.0_sr4.1-0.5.1

java-1_7_0-ibm-plugin-1.7.0_sr4.1-0.5.1

java-1_7_0-ibm-jdbc-1.7.0_sr4.1-0.5.1

kernel-debug-debuginfo-2.6.16.60-0.101.1

kernel-bigsmp-2.6.16.60-0.101.1

kernel-bigsmp-debuginfo-2.6.16.60-0.101.1

kernel-default-2.6.16.60-0.101.1

kernel-default-debuginfo-2.6.16.60-0.101.1

kernel-debug-2.6.16.60-0.101.1

kernel-kdump-debuginfo-2.6.16.60-0.101.1

kernel-iseries64-2.6.16.60-0.101.1

kernel-iseries64-debuginfo-2.6.16.60-0.101.1

kernel-kdump-2.6.16.60-0.101.1

kernel-kdumppae-2.6.16.60-0.101.1

kernel-kdumppae-debuginfo-2.6.16.60-0.101.1

kernel-smp-debuginfo-2.6.16.60-0.101.1

kernel-ppc64-2.6.16.60-0.101.1

kernel-ppc64-debuginfo-2.6.16.60-0.101.1

kernel-source-2.6.16.60-0.101.1

kernel-source-debuginfo-2.6.16.60-0.101.1

kernel-smp-2.6.16.60-0.101.1

kernel-vmipae-debuginfo-2.6.16.60-0.101.1

kernel-vmi-debuginfo-2.6.16.60-0.101.1

kernel-syms-2.6.16.60-0.101.1

kernel-xen-debuginfo-2.6.16.60-0.101.1

kernel-vmi-2.6.16.60-0.101.1kernel-vmipae-2.6.16.60-0.101.1

kernel-xen-2.6.16.60-0.101.1kernel-xenpae-2.6.16.60-0.101.1

kernel-xenpae-debuginfo-2.6.16.60-0.101.1

krb5-apps-servers-1.6.3-133.49.54.1

krb5-apps-clients-1.6.3-133.49.54.1

krb5-32bit-1.6.3-133.49.54.1

krb5-plugin-preauth-pkinit-1.6.3-133.49.54.1

krb5-plugin-kdb-ldap-1.6.3-133.49.54.1

krb5-client-1.6.3-133.49.54.1

krb5-1.6.3-133.49.54.1krb5-x86-1.6.3-133.49.54.1krb5-server-1.6.3-133.49.54.1




libfreebl3-x86-3.14.3-0.4.3.1libfreebl3-32bit-3.14.3-0.4.3.1

libecpg6-9.1.9-0.3.1

libopenssl0_9_8-hmac-32bit-0.9.8j-0.50.1

libopenssl0_9_8-32bit-0.9.8j-0.50.1

libfreebl3-3.14.3-0.4.3.1

libopenssl0_9_8-x86-0.9.8j-0.50.1

libopenssl0_9_8-hmac-0.9.8j-0.50.1

libopenssl0_9_8-hmac-x86-0.9.8j-0.50.1

libpoppler-qt4-3-0.12.3-1.8.1libpoppler-glib4-0.12.3-1.8.1libopenssl0_9_8-0.9.8j-0.50.1

libpq5-x86-9.1.9-0.3.1libpq5-32bit-9.1.9-0.3.1libpoppler5-0.12.3-1.8.1

mozilla-nspr-32bit-4.9.6-0.3.1

libproxy0-config-gnome-0.3.1-2.6.3

libpq5-9.1.9-0.3.1

mozilla-nspr-devel-4.9.6-0.5.1



mozilla-nspr-4.9.6-0.3.1mozilla-nspr-x86-4.9.6-0.5.1mozilla-nspr-x86-4.9.6-0.3.1

mozilla-nss-32bit-3.14.3-0.5.1

mozilla-nss-32bit-3.14.3-0.4.3.1

mozilla-nspr-4.9.6-0.5.1

mozilla-nss-tools-3.14.3-0.4.3.1

mozilla-nss-devel-3.14.3-0.5.1

mozilla-nss-64bit-3.14.3-0.5.1

mozilla-nss-x86-3.14.3-0.5.1mozilla-nss-x86-3.14.3-0.4.3.1

mozilla-nss-tools-3.14.3-0.5.1

MozillaFirefox-branding-SLED-7-0.10.11

mozilla-nss-3.14.3-0.5.1mozilla-nss-3.14.3-0.4.3.1

MozillaFirefox-translations-17.0.5esr-0.4.1

MozillaFirefox-debuginfo-17.0.5esr-0.8.1

MozillaFirefox-branding-SLED-7-0.6.9.17

MozillaFirefox-17.0.5esr-0.8.1

MozillaFirefox-17.0.5esr-0.4.1

MozillaFirefox-translations-17.0.5esr-0.8.1

openssl-debuginfo-0.9.8a-18.45.69.1

openssl-64bit-0.9.8a-18.76.1openssl-32bit-0.9.8a-18.76.1

openssl-devel-64bit-0.9.8a-18.76.1

openssl-devel-32bit-0.9.8a-18.76.1

openssl-debuginfo-0.9.8a-18.76.1

openssl-doc-0.9.8j-0.50.1openssl-doc-0.9.8a-18.76.1openssl-devel-0.9.8a-18.76.1


32



openssl-0.9.8j-0.50.1openssl-0.9.8a-18.76.1openssl-x86-0.9.8a-18.76.1

poppler-tools-0.12.3-1.8.1poppler-qt-0.4.4-19.29.1poppler-glib-0.4.4-19.29.1

postgresql91-docs-9.1.9-0.3.1postgresql91-contrib-9.1.9-0.3.1

poppler-0.4.4-19.29.1

puppet-server-2.6.18-0.4.2postgresql91-9.1.9-0.3.1postgresql91-server-9.1.9-0.3.1

systemtap-server-1.5-0.9.1quagga-debuginfo-0.99.9-14.11.9

puppet-2.6.18-0.4.2

tomcat5-webapps-5.5.27-0.16.1

tomcat5-admin-webapps-5.5.27-0.16.1

systemtap-1.5-0.9.1

xen-doc-pdf-4.1.4_02-0.5.1xen-doc-html-4.1.4_02-0.5.1tomcat5-5.5.27-0.16.1

xen-kmp-trace-4.1.4_02_3.0.58_0.6.6-0.5.1

xen-kmp-pae-4.1.4_02_3.0.58_0.6.6-0.5.1

xen-kmp-default-4.1.4_02_3.0.58_0.6.6-0.5.1

xen-tools-domU-4.1.4_02-0.5.1

xen-libs-4.1.4_02-0.5.1xen-libs-32bit-4.1.4_02-0.5.1

xen-4.1.4_02-0.5.1xen-tools-4.1.4_02-0.5.1

EnhancementsThe following enhancement is included in this release:

■ Microsoft has replaced the bulletin MS13-036:2823324 with the bulletinMS13-036:2840149. The following templates are updated to reflect the same:

■ patch.p28i

■ patch.p2s8

■ patch.ps8

■ patch.p8s

■ patch.p8i

■ patch.px7

■ patch.pw7

■ patch.pxw

33About the Patch policy 2013.05.01 releaseEnhancements

■ patch.pwv

■ patch.ps12

About the Patch policy 2013.05.01 releaseEnhancements

34

Symantec Enterprise Security Manager Patch Policy · PDF fileSymantec™ Enterprise...

Documents

Transcript of Symantec Enterprise Security Manager Patch Policy · PDF fileSymantec™ Enterprise...