Patch Assessment Content Update Release Notes for CCS 11.1

Version: 2015-25 Update Patch Assessment Content Update 2015-25 Release Notes for CCS 11.1

Legal Notice Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Patch Assessment Content Update (PACU)

This document includes the following topics:

■ Prerequisites for PACU

■ What's New in PACU 2015-25

■ Patch Assessment Content Updates for Windows in 2015-25

■ Patch Assessment Content Updates for UNIX in 2015-25

■ Updates in PACU 2015-24

■ Contents of the PACU

Prerequisites for PACU The following are the prerequisites for installing the Patch Assessment Content Updates:

■ Symantec Control Compliance Suite 11.1 Before you install a Patch Assessment Content Update, you must have the Control Compliance Suite 11.1 installed on your computer.

■ New signing certificate A new signing certificate is used for all CCS files that are signed after February 12, 2015. To install PACU 2015-4 or later by using the LiveUpdate feature, you need this certificate. For the updated certificate, you must apply either of the following:

■ Quick Fix 10005 Patch Assessment Content Update (PACU) 5 What's New in PACU 2015-25

The Quick Fix 10005 includes the Symantec.CSM.AssemblyVerifier.dll, which contains the updated CCS certificate information necessary to validate the certificate. You can download the Quick Fix 10005 from the following location: http://www.symantec.com/docs/TECH228300

Note: If the Quick Fix 10005 is not applied, the Automatic Updates Installation job will fail. However, there is no impact on the manual installation of PACU without this Quick Fix.

■ Symantec Control Compliance Suite 11.1.1 (Product Update 2015-1) This Product update recognizes and validates Symantec binaries that are signed by using the new signing certificate, in addition to recognizing the older binaries.

What's New in PACU 2015-25 PACU 2015-25 contains the following updates:

■ Patch Assessment Content Updates for Windows in 2015-25 See “Patch Assessment Content Updates for Windows in 2015-25” on page 5.

■ Patch Assessment Content Updates for UNIX in 2015-25 See “Patch Assessment Content Updates for UNIX in 2015-25” on page 6. PACU 2015-25 includes the updates from PACU 2015-24.

Patch Assessment Content Updates for Windows in 2015-25 PACU 2015-25 contains checks for updates released by Microsoft in December 2015 on raw-data content.

Updates for raw-data content

■ MS15-124 Cumulative Security Update for Internet Explorer (3116180)

■ MS15-126 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3116178) Patch Assessment Content Update (PACU) 6 Patch Assessment Content Updates for UNIX in 2015-25

■ MS15-127 Security Update for Microsoft Windows DNS to Address Remote Code Execution (3100465)

■ MS15-128 Security Update for Microsoft Graphics Component to Address Remote Code Execution (3104503)

■ MS15-129 Security Update for Silverlight to Address Remote Code Execution (3106614)

■ MS15-130 Security Update for Microsoft Uniscribe to Address Remote Code Execution (3108670)

■ MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111)

■ MS15-132 Security Update for Microsoft Windows to Address Remote Code Execution (3116162)

■ MS15-133 Security Update for Windows PGM to Address Elevation of Privilege (3116130)

■ MS15-134 Security Update for Windows Media Center to Address Remote Code Execution (3108669)

■ MS15-135 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3119075)

Patch Assessment Content Updates for UNIX in 2015-25 There are 102 updated patches and 235 new patches in dat (template) files for the UNIX platforms.

Updates for raw-data content Updates for the following UNIX platforms are available in this release.

■ Sun Solaris

■ Linux Patch Assessment Content Update (PACU) 7 Updates in PACU 2015-24

■ Ubuntu

■ HP-UX

■ IBM-AIX

Updates in PACU 2015-24 The PACU 2015-24 contained the following updates:

■ Patch Assessment Content Updates for Windows in 2015-24 See “Patch Assessment Content Updates for Windows in 2015-24” on page 7.

■ Patch Assessment Content Updates for UNIX in 2015-24 See “Patch Assessment Content Updates for UNIX in 2015-24” on page 8.

Patch Assessment Content Updates for Windows in 2015-24 PACU 2015-24 contains checks for updates released by Microsoft in November 2015 on raw-data content.

Updates for raw-data content

■ MS15-112 Cumulative Security Update for Internet Explorer (3104517)

■ MS15-114 Security Update for Windows Journal to Address Remote Code Execution (3100213)

■ MS15-115 Security Update for Microsoft Windows to Address Remote Code Execution (3105864)

■ MS15-116 Security Update for Microsoft Office to Address Remote Code Execution (3104540)

■ MS15-117 Security Update for NDIS to Address Elevation of Privilege (3101722)

■ MS15-118 Security Update for .NET Framework to Address Elevation of Privilege (3104507)

■ MS15-119 Security Update for Winsock to Address Elevation of Privilege (3104521)

■ MS15-120 Patch Assessment Content Update (PACU) 8 Contents of the PACU

Security Update for IPSec to Address Denial of Service (3102939)

■ MS15-121 Security Update for Schannel to Address Spoofing (3081320)

■ MS15-122 Security Update for Kerberos to Address Security Feature Bypass (3105256)

■ MS15-123 Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872)

Patch Assessment Content Updates for UNIX in 2015-24 There are 104 updated patches and 269 new patches in dat (template) files for the UNIX platforms.

Updates for raw-data content Updates for the following UNIX platforms are available in this release.

■ Sun Solaris

■ Linux

■ Ubuntu

■ HP-UX

Contents of the PACU PACU contains the following files:

Table 1-1 Contents of the PACU

Name Description

SEForMSPatches_Comprehensive.xml Raw-data content standard for Windows

SEForMSPatches_Less.xml Raw-data content standard for Windows

LinuxRecommendedPatches.dat Raw-data content updates for Linux platforms

HP-UXRecommendedPatches.dat Raw-data content updates for HP-UX platforms

AIXRecommendedPatches.dat Raw-data content updates for AIX platforms Patch Assessment Content Update (PACU) 9 Contents of the PACU

Table 1-1 Contents of the PACU (continued)

Name Description

SunOSRecommendedPatches.dat Raw-data content updates for Sun OS platforms

ESM_OSPatches_Comprehensive.xml Message-based content updates for Windows and UNIX

bvMSSecure.xml Raw-data content file for Windows data collection

hf7b.xml Raw-data content file for Windows data collection

BestPractice_OS_Patch_Updates.exe Patch Policy updates on message- based content for Windows and UNIX.

Comprehensive_AIXPatchStandard.xml Contains checks which evaluate on APAR and Packages for AIX OS

Symantec.CSM. Custom algorithm used for evaluating UnixPlatformContent.UnixPatchStandard.dll package checks in the Comprehensive Patch Standard for AIX. Version 11.10.10000.1160

Note: Support for the RHBA bug fix advisories is not available in the Patch Assessment Content Update (PACU).