• Support
  • Forums
  • Blogs

AlienVault v5.3.2 Patch Release

LBarracoLBarraco

AlienVault Employee
+20
As of Monday, October 3, 2016, AlienVault USM and OSSIM v5.3.2 are now generally available for all existing and new customers. Users can update their system(s) through the console or web UI (see upgrade instructions for more information).

Please take a few minutes to carefully read these release notes before upgrading.

Important Update Information

In v5.3.2, we updated the version of redis that we are using in the product to mitigate a vulnerability found in the existing version. Due to this redis-based architecture change, it is important to have all the appliances on the same version. This is because this new redis version cannot replicate with older redis versions, and we use redis replication to synchronize OTX data between the appliances in a deployment.

If you are upgrading into 5.3.2 be sure to have ALL appliances in your deployment are on the same version.


New for USM and OSSIM

Exclude port/port range in vulnerability scans - In 5.3.2, you can exclude ports and port ranges from vulnerability scans to prevent scans from running on specific assets in your environment. Please note that when excluding a port/port range, scans will take longer to complete.

Improved password storage - We're upgrading our security in USM and OSSIM! In v5.3.2, AlienVault added some additional measures to ensure the security of our users and their appliance(s). For this reason, all users were required to update their passwords before logging in again.


Documentation Updates


Defects Fixed

  • ENG-101764 - Network groups can be used in policy configurations
  • ENG-102524 - Weak SSH MAC algorithms have been disabled (MD5 and 96)
  • ENG-102663 - Network groups can be used in configuration console
  • ENG-102676 - Default AV policy is now enabled by default for all new appliances
  • ENG-102903 - Fixed an issue in the logger caused by forensic_hourly.sh not compressing enough files
  • ENG-103049 - OTX alarms are properly forwarded in Federated environments
  • ENG-103293 - Added a timeout and more exception management in check_connection
  • ENG-103337 - Fixed an issue with monit causing ossim-agent processes to silently kill connection ossim-server
  • ENG-103358 - Asset reports finish properly and do not get stuck at 16%. Note: reports for many assets still may take some time to complete
  • ENG-103489 - Fixed location of Googlemaps API files
  • ENG-103625 - Fixed an incorrect value in API debug info
  • ENG-103731 - Network groups can be used in reports
  • ENG-103732 - Improved the security of how user passwords are stored in the database
  • ENG-103776 - Rules and decoders for AlienVault HIDS (based on ossec) will be updated via the plugin feed
  • ENG-103885 - New OSSIM appliances can update to the next version
  • ENG-103886 - Users can scan any host (even those not included in any defined network)
  • ENG-103922 - Tickets can be created from alarms in the alarms view
  • ENG-103926 - Fixed an issue with monit restarting ossim-agent continuously due to wrong check
  • ENG-103933 - Risk levels for alarm was changed so that low=0-1, med=2, high=3+
  • ENG-103959 - Numeric level for risk is now visible in events and alarms
  • ENG-104094 - Users can change web UI session timeout from the web UI

Security Advisories

  • ENG-103100, Vulnerable Configuration (XSS) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103441, Vulnerable Configuration (Cross-site request forgery) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103442, Vulnerable Configuration (Possible DoS) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103880, Vulnerable Configuration (Permission escalation) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103928, Vulnerable Configuration (XSS) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103929, Vulnerable Configuration (XSS) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103930, Vulnerable Configuration (SQL injection) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103931, Vulnerable Configuration (Object injection) - AlienVault 5.3.2 is not vulnerable.
  • ENG-103988, Vulnerable Package - wireshark (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-103994, Vulnerable Package - libpq5 (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-103995, Vulnerable Package - libcrypt20 (CVE-2016-6313) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-103996, Vulnerable Package - fontconfig (CVE-2016-5384) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-103997, Vulnerable Package - libbd-mysql-perl (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-103998, Vulnerable Package - curl (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104000, Vulnerable Package - gnupg (CVE-2016-6313) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104006, Vulnerable Package - redis (CVE-2013-7458) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104013, Vulnerable Package - wget (CVE-2016-4971) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104040, Vulnerable Package - libarchive (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104047, Vulnerable Configuration (Command injection) - AlienVault 5.3.2 is not vulnerable.
  • ENG-104071, Vulnerable Package - libidn (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104085, Vulnerable Package - Linux kernel (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104149, Vulnerable Configuration (ZDI-CAN-3976) - AlienVault 5.3.2 is not vulnerable.
  • ENG-104172, Vulnerable Package - Linux kernel (CVE-2016-3857) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.
  • ENG-104193, Vulnerable Package - openssl (multiple CVE's) - Added new version of package to repository - AlienVault 5.3.2 is not vulnerable.

See the Security Advisory for USM and OSSIM v5.3.2 for more information.


Additional Upgrade Info for All Users on v5.1.1 and Earlier



damianzfcollins

Share post:

Comments

  • Hello,

    For us offline users does this version contain the latest threat feed signatures as of the release date?
  • jwstfos,

    The offline update includes the current threat and plugin feed.
    jwstfos
  • I update latest version OSSIM and configure the sensors in main OSSIM server but the sensors status down but behind the sensor was working. How can I rectify this issue?
Sign In or Register to comment.