========================================================================== Post-Release Fix for F-Secure Internet Gatekeeper 6.42 Hotfix 1 Copyright (c) 1993-2005 F-Secure Corporation. All Rights Reserved. ========================================================================== SUMMARY This post-release fix is for the following products/versions: o F-Secure Internet Gatekeeper 6.42 If you use earlier versions of the above mentioned products, please download and install the latest version. This post-release fix includes the following fixes: o CTS#44085 Limited Directory Traversal Vulnerability in Web Console Recommendation: Applying this post-release fix is strongly recommended. TECHNICAL DETAILS SCR#44085 description: A limited directory traversal vulnerability can be exploited by bypassing the Web Console authentication. It is possible to gain a read access to a file on the local disk from allowed hosts. By default the connections are only allowed from the local host. For more detailed information, please see http://www.f-secure.com/security/fsc-2005-2.shtml OTHER INFORMATION This post-release fix includes the following files: File Name File Version MD5 Checksum ----------------------------------------------------------------------- fswebuid.exe 1.2.144.0 fa75e7a4323f91dcdc59602d41a465ce NOTE: Fixes for a particular component are cumulative and contain all of the previous fixes for that component. For additional information, please visit F-Secure Support Center at: http://support.f-secure.com/ HOW TO APPLY THE POSTFIX LOCALLY o Unpack all files from the package into a temporary folder on the local machine. o Open this folder in Windows Explorer and then double-click "fsigk642-01.fsfix". HOW TO APPLY THE POSTFIX FROM F-SECURE POLICY MANAGER o Unpack all files from the package to a temporary folder. Rename "fsigk642-01.fsfix" to "fsigk642-01.jar". o In F-Secure Policy Manager Console, click Installation Packages from the Tools menu. o In the Installation Packages window, click Import button and then select "fsigk642-01.jar". "F-Secure Internet Gatekeeper 642.01" should appear in the list of available packages. Close the Installation Packages window. o In your policy domain view, select the host running F-Secure Internet Gatekeeper. Then, switch to the Policy view and select F-Secure root branch. o On Policy-based Installations pane, in Version to Install entry for F-Secure Internet Gatekeeper select "642.01" and then click Start button. o After F-Secure Policy Manager Console has successfully created an installation package, distribute policies to start installations on the host. -- end of file --