Release Notes Hotfix 1014944 McAfee ePolicy Orchestrator      Contents About this release Resolved issues Installation instructions Additional information Find product documentation About this release This document contains important information about the current release. We strongly recommend that you read the entire document. Release date – November 4, 2014 This release was developed for use with: o McAfee® ePolicy Orchestrator® 4.6.x o McAfee® ePolicy Orchestrator® 5.0.x o McAfee® ePolicy Orchestrator® 5.1.0 o McAfee® ePolicy Orchestrator® 5.1.1 o All remote agent handlers for versions above Rating Mandatory — McAfee requires this release for all environments. This update must be applied immediately to avoid a potential security breach, and to maintain a viable and supported product. For more information about patch ratings, see McAfee KnowledgeBase article KB51560. Resolved issues This hotfix resolves the following issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release. Issue Both of the vulnerabilities below involve denial of service attacks via memory leak. For more information, please visit the links provided below. o CVE-2014-3513 o CVE-2014-3567 o McAfee Security Bulletin SB10091 Versions of OpenSSL affected: o OpenSSL 0.9.8a-zb o OpenSSL 1.0.0a-n o OpenSSL 1.0.1a-i 1 Versions of OpenSSL that are not affected: o OpenSSL 0.9.8zc o OpenSSL 1.0.0m o OpenSSL 1.0.1j Resolution This hotfix replaces all OpenSSL and Apache files used by McAfee ePO because there is a technology dependence between the two. Installation instructions For information about installing or upgrading ePolicy Orchestrator, see the McAfee ePolicy Orchestrator Installation Guide. Before proceeding with the upgrade process, see McAfee KnowledgeBase article KB76739 for important steps to take before upgrading (KB71825 for ePO 4.x). Note: There are separate installers for this hotfix: ePOHF1014944_4x.exe and ePOHF1014944_5x.exe. Use the appropriate installer for your McAfee ePO server and remote agent handlers. o ePOHF1014944_4x.exe will update ePO 4.6.x and any ePO 5.x remote agent handlers installed on 32-bit operating systems. o ePOHF1014944_5x.exe is used for updating an ePO 5.x server and any remote agent handlers installed on 64-bit operating systems. Administrator’s notes This hotfix must be installed on the McAfee ePO server, and any remote agent handlers where the ssleay32.dll file version is not 1.0.1.10 or later. See below for more information. FIPS 140-2 installations of McAfee ePO are NOT vulnerable. These updates will not install in FIPS mode. If, after this hotfix is installed, McAfee ePO is reinstalled, then you must reapply this hotfix. Later patch releases include this fix or include updated files. Install the software on McAfee ePO and remote agent handlers Follow these steps to install this hotfix. Task 1 Extract the contents of ePOHF1014944.zip. 2 Run the appropriate ePOHF1014944_*x.exe and follow the on-screen instructions. Install the software on McAfee ePO server clusters Follow these steps to install this hotfix in your cluster environment. Important: Perform the installation on the node where the first installation of McAfee ePO was performed. The hotfix does not need to be installed on any other nodes. Task 1 Close all connections (open consoles, either remote or local) to the McAfee ePO server. 2 Shut down all passive nodes. Although this is optional, we highly recommend this step to ensure that the installation is isolated to the active node. 3 Use the Failover Cluster Manager to take the following McAfee ePO services offline: a. Apache b. Event Parser c. Tomcat 2 4 Copy the ePOHF1014944.zip file to a temporary folder on the node where the first installation of McAfee ePO was performed. 5 Extract the contents of ePOHF1014944.zip. 6 Run the appropriate ePOHF1014944_*x.exe for your server operating system and follow the instructions in the InstallShield wizard. 7 When the installation is finished, use the Failover Cluster Manager to bring these McAfee ePO services online: a. Apache b. Event Parser c. Tomcat Verify hotfix installation Follow these steps to ensure that the hotfix was installed correctly. Task 1 Go to the McAfee ePO or remote agent handler installation folder: a. McAfee ePO installation directory: <ePO Install folder>\Apache2\bin b. Remote agent handler installation directory: <AH Install folder>\apache\bin 2 Right-click ssleay32.dll, then select Properties. 3 Select the Details tab, and check the following property values:  File version will be 1.0.1.10  Product version will be 1.0.1j Additional information Important The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. McAfee, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. Hotfix files should be applied only on the advice of McAfee Technical Support, and only when you are actually experiencing the issue being addressed by the hotfix. Hotfix files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of hotfix files. Hotfix files are not a substitute or replacement for product Service Packs which may be released by McAfee, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from McAfee, Inc. Further, posting of McAfee hotfix files to publicly available Internet sites is prohibited. McAfee, Inc. reserves the right to refuse distribution of hotfix files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee hotfix files should be directed to McAfee Technical Support. Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. Task 1 Go to the McAfee ServicePortal at http://mysupport.mcafee.com and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 3 Copyright © 2014 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. 00-A 4