{"id":975,"date":"2014-06-20T12:57:47","date_gmt":"2014-06-20T10:57:47","guid":{"rendered":"http:\/\/www.satinfo.es\/noticies\/?p=975"},"modified":"2014-06-20T14:55:56","modified_gmt":"2014-06-20T12:55:56","slug":"publicacion-del-parche-hf973112-para-epo-4-6-y-5-x","status":"publish","type":"post","link":"https:\/\/www.satinfo.es\/noticies\/2014\/publicacion-del-parche-hf973112-para-epo-4-6-y-5-x\/","title":{"rendered":"Publicaci\u00f3n del Parche HF973112 para ePO 4.6 y 5.x"},"content":{"rendered":"<p style=\"text-align: left;\" align=\"center\">McAfee ha publicado el Hotfix HF973112 para ePolicy Orchestrator 4.6, 5.0 y 5.1 que solventa una vulnerabilidad conocida en OpenSSL (<a href=\"http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-0224\" target=\"_blank\">CVE-2014-0224<\/a>).<\/p>\n<p class=\"western\" align=\"left\">Esta versi\u00f3n ha sido desarrollada para su uso con las siguientes versiones de McAfee \u00ae ePolicy Orchestrator \u00ae (McAfee ePO\u2122):<\/p>\n<ul>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 (build 1029)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 1 (build 1192)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 2 (build 234)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 3 (build 197)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 4 (build 202)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 5 (build 168)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 6 (build 176)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 7 (build 287)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 4.6 con Parche 8 (build 509)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 5.0.0 (build 1160)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 5.0.1 (build 228)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">ePolicy Orchestrator 5.0.0 (build 509)<\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\">Cualquier Agent Handler de las versiones anteriormente citadas<\/p>\n<p class=\"western\" align=\"left\">\n<\/li>\n<\/ul>\n<p class=\"western\" align=\"left\">McAfee ha calificado esta actualizaci\u00f3n como <span style=\"color: #800000;\"><span style=\"text-decoration: underline;\"><b>Mandatory<\/b><\/span><\/span><b> <\/b>(obligatoria). Aplique esta actualizaci\u00f3n lo antes posible.<\/p>\n<p class=\"western\" align=\"left\">Para obtener m\u00e1s informaci\u00f3n acerca de clasificaci\u00f3n de parches, consulte el art\u00edculo de la base de conocimientos de McAfee <a href=\"https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=KB51560\" target=\"_blank\">KB51560<\/a>.<\/p>\n<p class=\"western\" align=\"left\"><span style=\"color: #800000;\"><span style=\"text-decoration: underline;\"><b><br \/>\n<\/b><\/span><\/span><\/p>\n<p class=\"western\" align=\"left\"><span style=\"color: #008000;\"><span style=\"text-decoration: underline;\"><b>Problema:<\/b><\/span><\/span><\/p>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\">Un atacante que utilice un Handshake cuidadosamente elaborado puede forzar el uso de claves d\u00e9biles en clientes y servidores OpenSSL SSL\/TLS. Esto puede ser explotado con un ataque Man-In-The-Middle d\u00f3nde el atacante puede descifrar y modificar tr\u00e1fico desde el el cliente y servidor atacados.<\/span><\/p>\n<ul>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\"><a href=\"http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2014-0224\" target=\"_blank\">CVE-2014-0224 <\/a><\/span><\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\"><a href=\"http:\/\/www.kb.cert.org\/vuls\/id\/978508\" target=\"_blank\">CERT\/CC Vulnerability Note VU#978508 <\/a><\/span><\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\"><a href=\"https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=SB10075\" target=\"_blank\">McAfee Security Bulletin SB10075 <\/a><\/span><\/p>\n<\/li>\n<\/ul>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\"><span style=\"text-decoration: underline;\">Versiones de OpenSSL afectadas<\/span>:<\/span><\/p>\n<ul>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\">OpenSSL 0.9.8a-y <\/span><\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\">OpenSSL 1.0.0a-l <\/span><\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\">OpenSSL 1.0.1a-g <\/span><\/p>\n<\/li>\n<\/ul>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\"><span style=\"text-decoration: underline;\">Versiones de OpenSSL que no est\u00e1n afectadas<\/span>:<\/span><\/p>\n<ul>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\">OpenSSL 0.9.8za <\/span><\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\">OpenSSL 1.0.0m <\/span><\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\">1.0.1e-13 (MLOS2) <\/span><\/p>\n<\/li>\n<li>\n<p class=\"western\" align=\"left\"><span style=\"color: #000000;\"> OpenSSL 1.0.1h<\/span><\/p>\n<\/li>\n<\/ul>\n<p class=\"western\" align=\"left\"><span style=\"color: #ff0000;\"><span style=\"text-decoration: underline;\"><b>Soluci\u00f3n:<\/b><\/span><\/span><\/p>\n<p class=\"western\" align=\"left\">Este Hotfix reemplaza todos los archivos OpenSSL y Apache usados por McAfee ePO que se hayan visto afectados por esta vulnerabilidad.<\/p>\n<p class=\"western\" align=\"left\"><span style=\"color: #ff0000;\"><span style=\"text-decoration: underline;\"><b>NOT<\/b><\/span><\/span><span style=\"color: #ff0000;\"><span style=\"text-decoration: underline;\"><b>A<\/b><\/span><\/span><span style=\"color: #ff0000;\"><b>: <\/b><\/span><span style=\"color: #000000;\">Existen dos instaladores separados para McAf<\/span><span style=\"color: #000000;\">ee ePO 4.6.x (ePOHF973112_4x.exe) <\/span><span style=\"color: #000000;\">y<\/span><span style=\"color: #000000;\"> McAfee ePO 5.x (ePOHF973112_5x.exe). U<\/span><span style=\"color: #000000;\">tilice el instalador apropiado para su versi\u00f3n de <\/span><span style=\"color: #000000;\">McAfee ePO <\/span><span style=\"color: #000000;\">y de <\/span><span style=\"color: #000000;\">Agent Handlers, <\/span><span style=\"color: #000000;\">si los hubiera<\/span><span style=\"color: #000000;\">.<\/span><\/p>\n<p class=\"western\" align=\"left\">Antes de realizar la actualizaci\u00f3n del parche se recomienda tener en cuenta los pasos especificados en la checklist de McAfee <a href=\"https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=KB71825\" target=\"_blank\">KB71825<\/a> (o <a href=\"https:\/\/kc.mcafee.com\/corporate\/index?page=content&amp;id=KB76739\" target=\"_blank\">KB76739<\/a> para McAfee ePO 5.0.0 y posterior).<\/p>\n<p class=\"western\" align=\"left\"><a href=\"https:\/\/www.satinfo.es\/db\/antivirus\/epo\/epohf973112.zip\" target=\"_blank\"><span style=\"color: #0000ff;\"><span style=\"text-decoration: underline;\"><b>Pulse aqu\u00ed para descargar <\/b><\/span><\/span><\/a><a href=\"https:\/\/www.satinfo.es\/db\/antivirus\/epo\/epohf973112.zip\"><span style=\"color: #0000ff;\"><span style=\"text-decoration: underline;\"><b>el Hotfix HF973112<\/b><\/span><\/span><\/a><\/p>\n<p class=\"western\" align=\"left\"><b><span style=\"color: #0000ff;\"><span lang=\"es-ES\">SATINFO<\/span><\/span><span lang=\"es-ES\">, <\/span><span lang=\"es-ES\">SERVICIO DE ASISTENCIA T\u00c9CNICA INFORMATICA\u00a0<\/span><span lang=\"es-ES\">20<\/span><span lang=\"es-ES\"> de <\/span><span lang=\"es-ES\">Junio\u00a0<\/span><span lang=\"es-ES\">de 201<\/span><span lang=\"es-ES\">4<\/span><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>McAfee ha publicado el Hotfix HF973112 para ePolicy Orchestrator 4.6, 5.0 y 5.1 que solventa una vulnerabilidad conocida en OpenSSL (CVE-2014-0224). Esta versi\u00f3n ha sido desarrollada para su uso con las siguientes versiones de McAfee \u00ae ePolicy Orchestrator \u00ae (McAfee ePO\u2122): ePolicy Orchestrator 4.6 (build 1029) ePolicy Orchestrator 4.6 con Parche 1 (build 1192) ePolicy <a href='https:\/\/www.satinfo.es\/noticies\/2014\/publicacion-del-parche-hf973112-para-epo-4-6-y-5-x\/' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[517,890,892],"tags":[124,575,529,215,214,574,242,20,576,271],"class_list":["post-975","post","type-post","status-publish","format-standard","hentry","category-517","category-mcafee","category-todos","tag-4-6","tag-5-0","tag-5-1","tag-epo","tag-epolicy-orchestrator","tag-hf973112","tag-hotfix","tag-mcafee","tag-openssl","tag-vulnerabilidad","category-517-id","category-890-id","category-892-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts\/975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/comments?post=975"}],"version-history":[{"count":0,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts\/975\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/media?parent=975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/categories?post=975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/tags?post=975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}