Deep Security Linux Agent - 12.0 update 16

Release date: March 22, 2021
Build number: 12.0.0-1655

Enhancements

• Updated Anti-Malware real-time scans for improved compatibility. DSSEG-5899
• Updated Deep Security Agent to improve Application Control inventory scanning performance. SEG-78295/03234667/DSSEG-6303

Resolved issues

• Real-time Integrity Monitoring sometimes did not match the exact directory specified by a user, but instead matched all paths that started with the base directory. SEG-97758/SF04046718/DSSEG-6636
• When Web Reputation was enabled, the system sometimes crashed. SF04258834/SEG-102756/DSSEG-6712
• When Application Control was in lock down mode, it was unable to build a proper software inventory in some cases. SEG-94173/SF03946250/DSSEG-6503
• Application Control was not allowing files in the ".install4j" directory to be added to the inventory, which prevented some applications from installing. SEG-100706/SF04166919/DSSEG-6674
• Deep Security Agent was sometimes unable to connect to the database when Intrusion Prevention was running. DSSEG-6641
• Application Control was not including scripts with a ".ksh" file extension in the recognized software inventory, causing those scripts to be blocked when they should have been allowed. SEG-100706/SF04166919/DSSEG-6658
• Deep Security Agent was sometimes unable to establish an SSL connection to the web server. SEG-93807/SF03773176/DSSEG-6624

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-6440
Highest CVSS: 5.3
Highest severity: Medium

Enhancements

• Updated Deep Security Agent to improve Application Control inventory scanning performance. SEG-78295/03234667/DSSEG-6303

Resolved issues

• Real-time Integrity Monitoring sometimes did not match the exact directory specified by a user, but instead matched all paths that started with the base directory. SEG-97758/SF04046718/DSSEG-6636
• When Application Control was in lock down mode, it was unable to build a proper software inventory in some cases. SEG-94173/SF03946250/DSSEG-6503
• The Deep Security Agent sometimes crashed when running Intrusion Prevention in passive mode. DSSEG-6385
• Application Control was not allowing files in the ".install4j" directory to be added to the inventory, which prevented some applications from installing. SEG-100706/SF04166919/DSSEG-6674
• Behavior Monitoring exceptions sometimes did not work properly. SEG-89899/SF03775351/DSSEG-6485
• Application Control was not including scripts with a ".ksh" file extension in the recognized software inventory, causing those scripts to be blocked when they should have been allowed. SEG-100706/SF04166919/DSSEG-6658

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-6440
Highest CVSS: 5.3
Highest severity: Medium

Enhancements

• Updated Deep Security Agent to improve Application Control inventory scanning performance. SEG-78295/03234667/DSSEG-6303

Resolved issues

• Real-time Integrity Monitoring sometimes did not match the exact directory specified by a user, but instead matched all paths that started with the base directory. SEG-97758/SF04046718/DSSEG-6636
• When Application Control was in lock down mode, it was unable to build a proper software inventory in some cases. SEG-94173/SF03946250/DSSEG-6503
• Application Control was not including scripts with a ".ksh" file extension in the recognized software inventory, causing those scripts to be blocked when they should have been allowed. SEG-100706/SF04166919/DSSEG-6658

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-6440
Highest CVSS: 5.3
Highest severity: Medium

Resolved issues

• The Deep Security Manager was installing an incorrect version of the relay in some cases. DSSEG-6604

Security updates

Security updates are included in this release. For more information about how we protect against vulnerabilities, visit Vulnerability Responses. Please note, in line with responsible disclosure practices, CVE details will only be made available for select security updates once patches have been made available for all impacted releases. DSSEG-6574
CVSS Score: 7.5
Severity: High