To resolve advisory SYM17-004 and SYM17-006, Messaging Gateway servers need to be updated to the 10.6.3-2 release and patched with patch 10.6.3-267.
Resolving SYM17-006 requires two steps be completed on *all* Messaging Gateway systems:
- Update all Messaging Gateway servers to SMG 10.6.3-2 using the standard software update process (HOWTO54020)
- On all SMG 10.6.3-2 systems, apply patch 10.6.3-267 as follows
- Log into the appliance command line interface (CLI) as admin via ssh
- List the available patches:
- Review the patch notes:
patch -p 10.6.3-267 notes
- Apply the patch:
patch -p 10.6.3-267 install
SMS appliance 10.6.3, patch #267
This patch supercedes and replaces patch 10.6.3-266
This patch addresses the following issues:
A potential remote code execution via the Control Center.
A potential for Cross Site Scripting in the Control Center.
The ability to enable or disable "Allow email addresses to start with a dash" was inadvertently removed in a previous release; this configuration option has been restored.
An issue where certain malformed Microsoft Office documents will fail to be detected or modified by the Disarm feature.
These document types will now be processed by Disarm in the expected fashion.
This patch is removable upon installation.
This patch will not force the system to reboot after installation