Version 5.6 Build 450.9SP Security Patch Update
This v5.6.450.9SP Security Patch update addresses an OpenSSL (Secured Socket Layer)
vulnerability and a Wildcat! Web Server buffer overflow bug.
SPECIAL UPGRADE NOTES:
- IMPORTANT: If you used AUTOUPDATE to
update your system, AUTOUPDATE will send the zip files, OPENSSL.ZIP and
WCSSL.ZIP and stored them in your \wc5 (installation) directory. You
must manually unzip these files yourself to obtain the latest SSL files.
- IMPORTANT: If you are upgrading from
Wildcat! v5.4 or less, please read the change history in AUP
v5.5.450.2. A few conversion steps much be performed before running this new
update as outlined in the 450.2 Special Notes. The Wildcat! server will
also inform you of this required conversion if it not done.
- IMPORTANT: If you are upgrading from
Wildcat! v5.5.450.2, please read the change history in AUP
v5.6.450.3. In AUP 450.3, new optional internet security features
(SSL and SASL) were added and WCCONFIG components related to Mail Operations was
reorganized and consolidated under one section called "Mail Server."
Changes, Fixes, New Features and Enhancements by Wildcat! Component
WCSSLCONFIG (Wildcat! SSL Configuration)
- When creating a certificate request with the SSL Certificate Wizard, the friendly
name input field allowed for invalid characters for creating the certificate store
directory. This was fixed by checking for the invalid characters.
WCWEB (Wildcat! WEB Server)
- Fixed an Buffer OverFlow bug caused by a known vulnerability.
OPENSSL (OpenSSL)
- New OPENSSL DLL files are provided that addresses an invalid certificate vulnerability.
The OpenSSL Versions for these files are: 0.9.7c.