Patch CVE-2014-0160 for Kaspersky Security Center 10 (version 10.1.249) release notes

Back to "Version Info"

Kaspersky Lab announces the release of the patch CVE-2014-0160 for Administration Server and Network Agent. The patch contains the following files:

• patch_10_1_249_server_cve.zip for Administration Server version 10.1.249;
• patch_10_1_249_nagent_cve.zip for Network Agent version 10.1.249;
• patch_10_1_249_console_cve.zip, which is applicable only to Administration Console installed apart from Administration Server.

Improvements

The patch fixes the CVE-2014-0160 vulnerability in the OpenSSL library, which is utilized by Administration Server, Network Agent, and Administration Console.

Installation

• To install the patch in the silent mode (for example, when distributing via Kaspersky Security Center), run the executable file with the –s key.
• For local installation, run the executable file from any local folder. 

Please note. The patch cannot be run from a disk root folder or from the application's installation folder.

After the patch CVE-2014-0160 has been installed, the following files in the installation folder of Administration Server, Network Agent, or Administration Console will update to version 10.0.0.2: kllibeay.dll; klssleay.dll.

Information about this patch will be displayed in the Kaspersky Lab software version report. 

Please note that the patch is not cumulative. It can be installed on Administration Server, Network Agent, or Administration Console before or after upgrading to patch A.

To fix the vulnerability on the iOS mobile device management (MDM) server, do the following:

1. Stop the iOS MDM Server service.
2. Download the CVE-2014-0160.zip archive and extract the files to the folder C:\Program Files\Kaspersky Lab\Mobile Device Management for IOS replacing old DLL files.
3. Run the iOS MDM Server service.

Back to "Version Info"