BigFix team is pleased to announce an update to the Software Distribution and Self Service Application.
Reasons for Update:
- Enhancement:
End user can now optionally cancel required actions sent by the operator.
-
Defect Article Fixes:
KB0075377: Self Service Application (SSA) re-occurring offers stay in PENDING START mode
KB0075924: x-fixlet-swdSelectedFiles MIMEField must be case insensitive
KB0079049: Broken link in SSA documentation -
Security vulnerability fixes:
CVE-2015-9251 jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CVE-2018-14042 In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVE-2018-20677 In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CVE-2018-20676 In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CVE-2019-8331 In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. -
Actions to Take:
Gathering of the site will automatically show the updates made.
Users of the BigFix Self Service Application will need to update this component to version 3.1.3 using the following fixlets from Software Distribution site:
Fixlet 302: Upgrade IBM BigFix Self-Service Application (Windows)
Fixlet 304: Upgrade IBM BigFix Self-Service Application (Mac OS X)
- Published Site Version:
Software Distribution, site version 91
Software Distribution WebUI site version 30
The BigFix Development Team