|
|
|||
Problem:
A vulnerability in the Intel QIP Service could allow remote code execution. This vulnerability affects LANDesk Management Suite, LANDesk Security Suite, and LANDesk Server Manager 8.8 and eariler.
FIX:
LANDesk has released fixes for versions 8.7 & 8.8 or the above mentioned products. If you are using a version less than these two please upgrade to the latest version to avoid this vulnerability.
For 8.7 Download SWD-1620987.5
For 8.8 Download SWD-1620988.2
CVE ID:
CVE-2008-2468
Special note:
LANDesk would like to thank TippingPoint and Aaron Portnoy for reporting this issue.
Cottroad
says:
Does this patch require SP2 to be installed on 8.8 (i.e. will the pre-requisite check refuse to install if you have either no ServicePack or SP1)?
Thanks
Trevor
says:
We are working on getting this added to the Patch Management content. Also, the LDMS 8.8 fix reqiuires SP2 to be installed for the setup to run. You can try just replacing your existing QIP service with the one in the ZIP, but be aware that that was not tested.
Matt Johnson
says:
We installed the patch on the server with no problem. According to the readme file, it says to install the patch on the additional consoles. When we try to run it, the installer tells us that we need to have SP2 installed. We already have it installed.
chad
says:
This patch is for the core only. The remote console doesnt have the qipsrvr.exe installed.
jstrain
says:
We are running 8.7 sp4. The readme in the patch says it is a post sp5 patch. We are not planning on going to sp5 (we plan on moving to 8.8 instead). Do we need to patch our 8.7 sp4 core with the qip service patch listed here?
|
|||||
Can you add a link to the vulnerability information? Also, will these patches and vulnerabilities appear as patch manager content?