Hot fix 2 for version 9.0.00.001:9.0.00.01.02
This topic contains information about fixes in BMC Atrium Single Sign-On 9.0.00 Patch 1 (9.0.00.002), and provides instructions for downloading and installing the fix.
The following topics are provided:
Installing the hot fix
Hot fix 2 for BMC Atrium Single Sign-On 9.0.00 (9.0.00.01.02) should be applied on the existing 9.0.00 Patch 1 (9.0.00.001) installation. You can download the 9.0.00.01.02 installation files from ftp://ftp.bmc.com/pub/ASSO/9.0/9.0.00.01.02.zip
Back up BMC Atrium Single Sign-On before proceeding with the hot fix installation.
- To install BMC Atrium Single Sign-On 9.0.00.01.02, see the readme provided with the hot fix.
Fixed security vulnerabilities for BMC Atrium Single Sign-On
For a fresh installation of BMC Atrium Single Sign-On version 9.0, the hot fix 2 (9.0.00.01.02) fixes multiple security vulnerabilities discovered during penetration testing including the Logjam Attack (CVE-2015-4000) vulnerability. The third-party components were updated to the latest versions which have no discovered vulnerabilities.
If you are upgrading to the hot fix 2 (9.0.00.01.02), to fix the Logjam Attack (CVE-2015-4000) vulnerability perform the steps described in the Resolving weak ephemeral Diffie-Hellman public key issue . The users impacted with this vulnerability encounter the weak ephemeral Diffie-Hellman public key error message in the latest Google Chrome and Mozzila Firefox browsers.