[<prev] [next>] [day] [month] [year] [list]
Message-ID: <DM6PR01MB4057463D8475FFDAA2237361F10F0@DM6PR01MB4057.prod.exchangelabs.com>
Date: Fri, 31 Aug 2018 16:40:40 +0000
From: "Williams, Ken" <Ken.Williams@...com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: CA20180829-03: Security Notice for CA Release Automation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
CA20180829-03: Security Notice for CA Release Automation
Issued: August 29, 2018
Last Updated: August 29, 2018
CA Technologies Support is alerting customers to a potential risk with
CA Release Automation. A vulnerability exists that can allow an
attacker to potentially execute arbitrary code.
The vulnerability, CVE-2018-15691, has a high risk rating and concerns
insecure deserialization of a specially crafted serialized object,
which can allow an attacker to potentially execute arbitrary code.
Risk Rating
High
Platform(s)
All supported platforms
Affected Products
CA Release Automation 6.3
CA Release Automation 6.4
CA Release Automation 6.5
Note: older, unsupported releases may be affected.
Unaffected Products
CA Release Automation 6.6
CA Release Automation 6.3.0.9945 or later
CA Release Automation 6.4.0.10119 or later
CA Release Automation 6.5.0.10080 or later
How to determine if the installation is affected
Check the build number with the Help->About menu option, or determine
which fixes are applied by looking at the Fix_Maintenance directory.
Solution
CA Technologies published the following solutions to address the
vulnerabilities.
CA Release Automation 6.3:
Apply Cumulative Fix build 9945 or later.
CA Release Automation 6.4:
Apply Cumulative Fix build 10119 or later.
CA Release Automation 6.5:
Apply Cumulative Fix build 10080 or later.
References
CVE-2018-15691 - CA Release Automation deserialization vulnerability
Acknowledgement
CVE-2018-15691 - Jakub Palaczynski and Maciej Grabiec
Change History
Version 1.0: 2018-08-29 - Initial Release
Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/
To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com
Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782
Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies | 520 Madison Avenue, 22nd Floor, New York NY 10022
Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8
wsFVAwUBW4lufblJjor7ahBNAQgHCRAAlbiI2WtlSe1vnsES3mBAajChsQgClspH
BZ5AYknsLv9BUxObn+ungcXUjEl72fEOHYSIHjT4hSZFOKtmk+zNRc8X6dQV9V6a
ekVxUZhb08sowb2hNdG3DFKlArAX8gF1wVC/WaQvncLbPuvpKN+7z+1mpjYp7PJn
Sb+tW5LoMl7cQ50q1x+bjITPzNuOfG8CBqk4ErYD4adjv6iIdvPlysPhRuZI108B
0vDOfOkxGgEGbtDoIrm+7KNoD3HT1O6rZAjdAq8M9iCUO+ae7orTe1Euf+Q/1mh/
FBCNNcWbVyciy0Y7JJyrFOozMJhdRYn8WANOG5kil8la50iSmLKoDunh0r4N+i8F
XHTQGzvs4FLQaSC/eKpsW1+WPg/l9UmsJk6DUVn4Ql4cEpBzYjgve28XnHQ8Os23
m2oBMKnT+Vm+5uuiVhvMXfif633Qji715Cd+iEVofyzH1EcDU5QCIjW2zlP973XE
0oeYokEdTV9yLZz8UgNJVebJaCcNPvrxHfCWEsoOcumrk140dKpI3mclwc1gjJ5E
kehPO0usLZDGalzvuXawozwKy5ByYUF/vDCiB29izfJVWbUr0XVAVz0Ku7Zb5+Pn
3NDRTzzoI4igpe0Mr8Ne6NZJngFu0rI7KhEv+pf5lK4ZBbwHqofBlS3EMyKm6dpZ
buTODvqItNQ=
=KxBP
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists