Resolved issues

The current release of the product resolves these issues. For a list of issues fixed in earlier releases, see the Release Notes for the specific release.

Reference Issue description
1234603 The policies that are locally updated on an appliance are now detected properly and overwritten when you apply McAfee ePO policies.
1236931 McAfee DLP Monitor appliance software is now updated with OpenSSL 1.0.2o to address these vulnerabilities:
  • CVE-2018-0739 — A CVE of the type "Uncontrolled Resource Consumption", where constructed ASN.1 types with a recursive definition can exceed the stack.

For more information about CVE-2018-0739, see the Security Bulletin SB10243.

  • CVE-2017-3737 — Vulnerability in the OpenSSL error state mechanism when read or write function is called directly.
  • CVE-2017-3738 — Vulnerability in the OpenSSL AVX2 Montgomery multiplication procedure due to an overflow bug in x86_64.

For more information about CVE-2017-3737 and CVE-2017-3738, see the Security Bulletin SB10220.

1237682 Real-time LDAP queries incorrectly accessed an unindexed LDAP attribute on Active Directory (AD) servers, which caused high CPU load on Windows domain controllers. This issue is now corrected.
1238505 The special characters in the evidence copy passwords that caused the user evidence share authentication to fail are now parsed correctly.
1241242 Slow LDAP servers caused the Users and Groups page to time out and didn't show all registered LDAP servers. The time out value is now increased to address this issue.
1242205

This release fixes the issue with DLP Policy so that all new validators used in the built-in classifications are recognized correctly.