Resolved issues

The following issues are resolved in this current update release of the product:

Reference Issue description
1230237 When domain-based LDAP servers are used, the appliance now uses the nearest server instead of the first available server from the list of LDAP servers to avoid synchronization failure because of network delays.
1244475 This release fixes an internal appliance component to address a memory leak.
1247656 Event generation is now updated to display the complete email recipient details in the Incident Manager. The Incident Manager now displays both the display name (first name and last name as provided in the email header), and the email address, according to the availability of the recipient details.
1247683 The ServerGUID changed persistently and was assigned a random GUID every time the Users and Groups page was visited. The ServerGUID now remains unchanged unless the server settings are changed.
1248502

The LDAP synchronization values are reset to its default values upon modifying an LDAP server. This release fixes this issue and the synchronization schedule and the LDAP server settings are independent of each other.

1249482 This release fixes the DLP Operational Event logging process and now logs Policy Change events only when there is a policy change.
1249705 The alerts shown in the Appliance Management dashboard were not cleared up after an upgrade. This release fixes this issue and the previous alerts are cleared when an appliance starts after an upgrade.
1251594 This release updates the LINUX kernel version to protect against the CVE-2018-5390, "SegmentSmack" vulnerability. This vulnerability allows remote attackers to cause a denial of service using specially crafted TCP packets.

For more information about CVE-2018-5390, see the Security Bulletin SB10249.

1252469 This release updates the KeyView library used in the content analysis engine to protect against the CVE-2018-10115, "7-zip vulnerability".

The KeyView library uses 7-zip RAR extraction. CVE-2018-10115 can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

For more information about CVE-2018-10115, see the Security Bulletin SB10251.

The following issues were resolved in previous releases 11.0.301, 11.0.302, 11.0.303, and 11.0.304 accordingly, are now merged with this release:

Reference Issue description
1244007 This release adds support to file extension classifications to work with Outlook Web Access and Gmail attachments.
1227635, 1249465 Fixes an issue where rules did not trigger properly when there were multiple HTTP requests on the same connection.
1245425 User workgroup for Server Message Block (SMB) protocol is now configured correctly so that the authentication succeeds for evidence share.
1234340 The McAfee DLP appliance software is updated with McAfee® Agent 5.5.1.
1216182, 1243529 This release updates the evidence counter calculation so that the evidence queue is shown as zero when there are no evidence files waiting to be copied on to an appliance.
1228792, 1237351 The McAfee DLP appliance now logs LDAP resolution failure events only if the user is not found in any of the configured LDAP servers.
1243404 The severity levels assigned to some of the SNMP events are now fixed.
1248065 This release resolves upgrading issues when you upgrade from McAfee DLP 11.0.0 and the appliance remains managed after upgrading to the latest version.
1248588 Transport Layer Security (TLS) v1.1 protocol is now disabled by default.
1234603 The policies that are locally updated on an appliance are now detected properly and overwritten when you apply McAfee ePO policies.
1236931 McAfee DLP Monitor appliance software is now updated with OpenSSL 1.0.2o to address these vulnerabilities:
  • CVE-2018-0739 — A CVE of the type "Uncontrolled Resource Consumption", where constructed ASN.1 types with a recursive definition can exceed the stack.

For more information about CVE-2018-0739, see the Security Bulletin SB10243.

  • CVE-2017-3737 — Vulnerability in the OpenSSL error state mechanism when read or write function is called directly.
  • CVE-2017-3738 — Vulnerability in the OpenSSL AVX2 Montgomery multiplication procedure due to an overflow bug in x86_64.

For more information about CVE-2017-3737 and CVE-2017-3738, see the Security Bulletin SB10220.

1237682 Real-time LDAP queries incorrectly accessed an unindexed LDAP attribute on Active Directory (AD) servers, which caused high CPU load on Windows domain controllers. This issue is now corrected.
1238505 The special characters in the evidence copy passwords that caused the user evidence share authentication to fail are now parsed correctly.
1241242 Slow LDAP servers caused the Users and Groups page to time out and didn't show all registered LDAP servers. The time out value is now increased to address this issue.
1242205

This release fixes the issue with DLP Policy so that all new validators used in the built-in classifications are recognized correctly.