(imported topic written by BenKus)
As most of you saw from the BES Admin announcement, last Friday we released a new patched-version of BES. The main reason for the release was due to an OpenSSL vulnerability that could potentially open a security vulnerability in BES (specifically in the HTTPS option for Web Reports). Additionally, we used this release as an opportunity to add several new fixes / optimizations in all components and we also added support for Windows Vista for the BES Clients.
For more information:
- See the bottom of http://support.bigfix.com/bes/changes/fullchangelist-6.0.txt
- Downloads at http://support.bigfix.com/bes/install/downloadbes.html
- Upgrade instructions at http://support.bigfix.com/bes/install/upgradebes.html
- BES Admin announcement at http://bigmail.bigfix.com/pipermail/besadmin-announcements/2006-October/000100.html (and for those of you not subscribed to the BES Administrator mailing list, go to http://bigmail.bigfix.com/mailman/listinfo/besadmin-announcements)
Due to the security changes, we are recommending that everyone using HTTPS upgrade their BES Server – consider this to be a “critical” update. All other components of BES (client, console, relays) use OpenSSL and although the recent vulnerabilities have no known security impact on other components, we consider it “important” to update to the newest version just-in-case there is an attack vector associated with the vulnerability that we haven’t found (unlikely).
Post questions about the upgrade here if you have any.
Ben