Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes

Symantec Encryption Management Server 3.4.2 Maintenance Pack 1

Release Notes Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes

This document includes the following topics:

■ What's changed in this release

■ Resolved issues

■ Known issue

■ Installing or updating this Maintenance Pack

■ Documentation resources

■ Legal Notice

What's changed in this release Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 (MP1) includes the following improvement: Alert displayed for attachments of a secured PDF messages Symantec PDF Email Protection is updated to display the following alert in the PGPMessage.pdf file when it contains an embedded attachment: Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes 3 Resolved issues

This message contains embedded attachments. To access these attachments on a mobile device or with a browser (such as Chrome), download and open this secure document with Adobe Reader. Adobe Reader can be downloaded from the following site https://www.adobe.com/reader.

The alert is displayed as a heading in the PGPMessage.pdf file that contains embedded attachments. If a PGPMessage.pdf file does not contain an embedded attachment, the alert is not displayed. The alert is displayed in the notification language that is configured.

Note: Viewing the attachments that are embedded in the PGPMessage.pdf files using a browser or any other app on a mobile device is not supported.

Resolved issues The following issues have been resolved in this release of Symantec Encryption Management Server: Symantec Encryption Management Server

■ Symantec Encryption Management Server is updated to fix the EFAIL vulnerability. [4153865]

■ Java Timeout Exception is not displayed when administrators click Consumers > Users > External Users. Administrators can now successfully view the list of users although Symantec Encryption Management Server is configured with a large number of external users. [4160788]

■ The pgpproxyd service does not crash when the Certificate Revocation List (CRL) lookup process is performed over HTTP. [4117419]

■ Symantec Encryption Management Server updates the logs when an external Web Email Protection user is deleted due to account inactivity. [4156643]

■ The Symantec Encryption Management Server is updated to use POST requests to transfer sensitive parameter values securely. The sensitive data is now transferred within the body of the POST requests. [4179806]

■ Symantec Encryption Management Server now creates the /etc/redhat-release file while the Symantec Encryption Management Server is installed or upgraded. Also, VMware Tools now does not log any warning messages that are related to the missing /etc/redhat-release file. [4071125]

■ Database performance issue is no longer seen when a large amount of data is stored in the consumer_username_mview table. [4188682]

■ Symantec Encryption Management Server is updated to include the Spring Framework package version 4.3.18 to fix the CVE-2018-1257 vulnerability. [4189843] Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes 4 Resolved issues

■ Symantec Encryption Management Server is updated with patch-2.6-8.el6_9.i686 to fix the following CVE vulnerabilities: [4183491]

■ CVE-2018-1124

■ CVE-2018-1126

■ CVE-2018-1000156

■ Updated the following DHCP packages to the resolve the CVE-2018-5732 and CVE-2018-5733 vulnerabilities in Symantec Encryption Management Server: [4171420]

■ dhcp-common-4.1.1-53.P1.el6.centos.4.i686

■ dhclient-4.1.1-53.P1.el6.centos.4.i686

■ To fix the vulnerabilities that are documented in Oracle Critical Patch Update Advisory - April 2018 that includes various CVE vulnerabilities, the following packages are updated: [4173636]

■ Java Development Kit (JDK) – jdk1.8-1.8.0_172-fcs.i586

■ Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy – jdk_jce_policy-1.8.0_172-pgp1.i686

■ To fix the vulnerabilities that are documented in Oracle Critical Patch Update Advisory - July 2018 that includes various CVE vulnerabilities, the following packages are updated: [4192272]

■ Java Development Kit (JDK) – jdk1.8-1.8.0_181-fcs.i586

■ Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy – jdk_jce_policy-1.8.0_181-pgp.i686

■ To fix the security vulnerabilities that are documented in RHSA-2018:0649 - Security Advisory that includes the CVE-2018-5146 vulnerability, the following package is updated: [4176954]

■ libvorbis-1.2.3-5.el6_9.1.i686

■ The Red Hat security vulnerabilities, CVE-2018-3639 and CVE-2018-3640, does not affect Symantec Encryption Management Server. For enhanced security, the following packages are updated: [4181988]

■ kernel-firmware-2.6.32-696.30.1.el6.noarch

■ kernel-2.6.32-696.30.1.el6.i686

■ To fix the CVE-2018-1124 and CVE-2018-1126 vulnerabilities that are documented in RHSA-2018:1777 - Security Advisory, the following package is updated: [4183409]

■ l procps-3.2.8-45.el6_9.3.i686 Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes 5 Known issue

■ Restoring Symantec Encryption Management Server from a backup using the following command now successfully restarts the stunnel service: [4187833] pgpbackup -r filename Keys and certificates Resolved a synchronization issue so that when trusted keys are deleted from the Keys > Trusted keys tab, the keys are also deleted from the following items:

■ The trustedSystemCerts.crt file

■ The certificate and key tables

■ The trusted_key table [4157932] Messaging

■ Symantec PDF Email Protection now encrypts documents using AES 128-bit encryption by default. Symantec PDF Email Protection also supports AES 256 and the RC4 algorithms for encryption. Symantec PDF Email Protection users using most older versions of BlackBerry phones can now successfully open AES 256-bit encrypted PDF messages. [4113496]

■ The pgpproxyd service does not crash when Symantec Encryption Management Server processes an email message that contains a particular base64-encoded attachment. [4129616]

■ OpenPGP now successfully verifies the clear-signed email messages that contain trailing tabs in the content. [4165311]

■ When a cross-account access is detected for a Secure Reply user, Symantec PDF Email Protection validates the user account and displays the following alert: Access Restricted The requested resource is not available for this account. Please verify the account name and try again. Account lockout for a Symantec PDF Email Protection user never happens in the event of a cross-account access. [4158353]

Known issue The following is a known issue in this release of Symantec Encryption Management Server: The Clear-signed email messages that are sent to 3.4.2 MP 1 users get decrypted with bad signatures when the following conditions are met:

■ The messages are created using an earlier version of Symantec Encryption Management Server MP1.

■ The messages contain trailing tabs in the content. [4191877] Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes 6 Installing or updating this Maintenance Pack

Installing or updating this Maintenance Pack To update your Symantec Encryption Management Server to this Maintenance Pack Before you update your Symantec Encryption Management Server to 3.4.2, ensure that you read the following instructions:

■ If you have a Hardware Token Ignition Key or Hardware Security Module (HSM), see https://support.symantec.com/en_US/article.TECH235224.html.

■ If you are running Symantec Encryption Management Server 3.2.1 or earlier, then upgrade to version 3.3.1 using the PGP Update Package (PUP) update file. Next, upgrade to version 3.3.2, and then upgrade to version 3.4.0 or later using the migration method.

■ If you are running Symantec Encryption Management Server 3.3.0 or 3.3.1, then upgrade to version 3.3.2. Then, upgrade to version 3.4.0 or later using the migration method.

■ If you are running Symantec Encryption Management Server 3.3.2, then upgrade to version 3.4.0 or later using the migration method.

Note: To understand the migration method, see the Symantec Encryption Management Server 3.4.0 Release Notes at https://support.symantec.com/en_US/article.DOC9292.html.

■ If you are running Symantec Encryption Management Server 3.4.0 or later, perform the following instructions. To install Symantec Encryption Management Server 3.4.2 on a system that is running version 3.4.0 or later 1 Log on to your Symantec Encryption Management Server administrative interface. 2 Select Services > . 3 Select and download the customization templates that you want to back up. Sometimes, customization templates might get corrupted during an update.

Note: You cannot download Simple Customization templates.

4 Select System > Updates. 5 Click Upload Update Package. 6 Select the PUP file and click Upload. 7 When the upload is complete, click Install. Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes 7 Documentation resources

8 When the update is complete, navigate to Services > Web Email Protection, and delete any customization templates that were corrupted during the update. 9 Click Add Template to launch the Web Messenger Customization dialog box, which you can use to import the backup files of any customization templates that you deleted.

Note: You can restore only one customization template at a time. Repeat this step for each backup file that you want to import.

For more information on installing or upgrading to this Maintenance Pack, refer to the following documents:

■ Symantec Encryption Management Server Installation Guide 3.4.2

■ Symantec Encryption Management Server Upgrade Guide 3.4.2 Download the Installation Guide from https://support.symantec.com/en_US/article.DOC9323.html. Download the Upgrade Guide from https://support.symantec.com/en_US/article.DOC9324.html. For an updated list of system requirements for Symantec Encryption Management Server 3.4.2, see https://support.symantec.com/en_US/article.TECH248336.html.

Documentation resources Documentation is available in PDF format at the Symantec Support Center. Download the documentation for Symantec Encryption Desktop 10.4.2, PGP Command Line 10.4.2, and Symantec Encryption Management Server 3.4.2 from https://support.symantec.com/en_US/article.DOC10939.html.

Legal Notice Copyright © 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, PGP, and Pretty Good Privacy are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S., and other countries. Other names may be trademarks of their respective owners. Symantec Encryption Management Server 3.4.2 Maintenance Pack 1 Release Notes 8 Legal Notice

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com