McAfee ePolicy Orchestrator (ePO) 4.5 Patch 7 is now available. This release includes new features, fixes, and enhancements including:
- All fixes included in previous ePO 4.5 patch releases
- Java Runtime Environment updated to 1.6.0_37
- Apache version updated to 2.2.22
- Patch addresses vulnerabilities listed in SB10041 and SB10042
This patch is rated Mandatory because it resolves product vulnerabilities.
To download ePO 4.5 Patch 7, go to the McAfee downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.
For a full list of changes, see the Release Notes in PD24495:
On August 20, 2011, the Apache Software Foundation released a vulnerability announcement (CVE-2011-3192) concerning a flaw in the way the Apache HTTP Server handles Range HTTP headers that could result in a Denial of Service (DoS) attack.
Because McAfee ePolicy Orchestrator versions 4.0, 4.5, and 4.6.x make use of the Apache HTTP Server software, McAfee has developed Hotfix 701318 to remediate this issue for ePO 4.5 and 4.6.x.
IMPORTANT: ePO 4.0 reached End of Life (EOL) on September 30, 2011. Users with ePO 4.0 must upgrade to a current supported version of ePO to apply the hotfix.
To access the Hotfix, log into the ServicePortal at: http://mysupport.mcafee.com, click Download Software Updates under Self Service and locate the entry: EPolicy Orchestrator EPOHF701318.
For more information on this issue, see KB73310https://kc.mcafee.com/corporate/index?page=content&id=KB73310