We are excited to introduce RELIANOID 6.2.32 Load Balancer (Enterprise Edition) on the February 5th, 2024, showcasing a series of improvements and critical bug fixes to fortify system security and enhance overall performance.
Changelog
Improvements:
[system] Enhanced SNMP support
[system] Snmp traps support for notifications
[system] Product specific RELIANOID MIB file
[system] SSH service hardening
[system] web gui service hardening
[ipds] update RBL lists
Bugfixes:
[api] Fixed wrong data types on backends
[core] Fixed some general core review warnings
[system] Fixed factory reset default certificates deletion
[system] Avoid replication of local web gui https certificates
[system] security advisories fixed: CVE-2021-39537, CVE-2023-43804, CVE-2023-29491, CVE-2019-11324, CVE-2023-34058, CVE-2023-34059, CVE-2020-26137, CVE-2018-25091, CVE-2019-11236, CVE-2023-45803, CVE-2023-41913, CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, CVE-2023-5981, DLA-3639-1, DLA-3667-1, CVE-2023-51385, CVE-2021-41617, CVE-2023-46218, CVE-2023-48795, CVE-2023-28322, CVE-2024-22195, CVE-2023-22084, CVE-2023-7090, CVE-2023-3341, CVE-2023-28486, CVE-2023-28487
Release notes
In response to user feedback and evolving security landscapes, we’ve bolstered several key aspects of RELIANOID. Enhanced SNMP support, SNMP traps for product specific notifications, and a product-specific RELIANOID MIB file elevate network monitoring capabilities. Notably, we’ve hardened both the SSH service and web GUI, implementing robust measures to thwart potential vulnerabilities. Additionally, the Intrusion Prevention and Detection System (IPDS) benefits from an update to Real-time Blackhole Lists (RBL) for more effective threat identification.
Acknowledging the importance of a seamless user experience, this release addresses various bugs and security vulnerabilities. Some bug fixes include resolving data type inconsistencies in API backends and rectifying issues identified during a core review. Of paramount importance is the resolution of security advisories, encompassing a wide range of vulnerabilities, such as improper cookie handling, SAML token signature bypass, file descriptor hijacking, and more.
In regards to the CVEs resolved, several critical security vulnerabilities have been addressed in the latest update, including CVE-2023-43804, which affected urllib3, a user-friendly HTTP client library for Python. The issue stemmed from urllib3 not treating the Cookie HTTP header as special, potentially leading to information leakage via HTTP redirects to different origins. The problem has been resolved in urllib3 versions 1.26.17 and 2.0.5 by ensuring proper handling of the Cookie header during redirects.
Another significant fix is CVE-2019-11324, related to urllib3 mishandling certain cases where the desired set of CA certificates differs from the OS store. This flaw allowed SSL connections to succeed in situations where a verification failure was the correct outcome. The update rectifies this issue by addressing ssl_context, ca_certs, or ca_certs_dir arguments, enhancing the library’s adherence to proper certificate verification processes.
Additionally, CVE-2020-26137, impacting urllib3 before version 1.25.9, allowed for CRLF injection if an attacker controlled the HTTP request method. By inserting CR and LF control characters in the first argument of putrequest(), an attacker could manipulate the request. The fix mitigates this vulnerability, ensuring that HTTP request methods are handled securely in the updated versions of urllib3. Users are strongly encouraged to update to the latest versions of the library to benefit from these crucial security enhancements.
Conclusion
RELIANOID 6.2.32 represents a commitment to delivering a secure and reliable platform. Users are encouraged to upgrade to this latest version to benefit from improved features and robust security measures. We appreciate your ongoing support and feedback as we continue to enhance the RELIANOID experience.
Latest updates available from the official Support channels or contact us for more information.
Links
Download Latest Enterprise Edition
Administration Guide v6.2
SNMP traps enhanced support for load balancer notifications
Enjoy the Site Reliability Experience!
Related Blogs
