Patch Assessment Content Update Release Notes for CCS 11.1 Version: 2016-02 Update
Patch Assessment Content Update 2016-02 Release Notes for CCS 11.1 Legal Notice Copyright 2016 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party ( Third Party Programs ). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com
Patch Assessment Content Update (PACU) This document includes the following topics: Prerequisites for PACU What's New in PACU 2016-02 Patch Assessment Content Updates for Windows in 2016-02 Patch Assessment Content Updates for UNIX in 2016-02 Updates in PACU 2016-01 Prerequisites for PACU The following are the prerequisites for installing the Patch Assessment Content Updates: Symantec Control Compliance Suite 11.1 Before you install a Patch Assessment Content Update, you must have the Control Compliance Suite 11.1 installed on your computer. New signing certificate A new signing certificate is used for all CCS files that are signed after February 12, 2015. To install PACU 2015-4 or later by using the LiveUpdate feature, you need this certificate. For the updated certificate, you must apply either of the following: Quick Fix 10005
What's New in PACU 2016-02 5 The Quick Fix 10005 includes the Symantec.CSM.AssemblyVerifier.dll, which contains the updated CCS certificate information necessary to validate the certificate. You can download the Quick Fix 10005 from the following location: http://www.symantec.com/docs/tech228300 Note: If the Quick Fix 10005 is not applied, the Automatic Updates Installation job will fail. However, there is no impact on the manual installation of PACU without this Quick Fix. Symantec Control Compliance Suite 11.1.1 (Product Update 2015-1) This Product update recognizes and validates Symantec binaries that are signed by using the new signing certificate, in addition to recognizing the older binaries. What's New in PACU 2016-02 PACU 2016-02 contains the following updates: Patch Assessment Content Updates for Windows in 2016-02 See Patch Assessment Content Updates for Windows in 2016-02 on page 5. Patch Assessment Content Updates for UNIX in 2016-02 See Patch Assessment Content Updates for UNIX in 2016-02 on page 6. PACU 2016-02 includes the updates from PACU 2016-01. Patch Assessment Content Updates for Windows in 2016-02 PACU 2016-02 contains checks for updates released by Microsoft in February 2016 on raw-data content. Updates for raw-data content MS16-009 Cumulative Security Update for Internet Explorer (3134220) MS16-012 Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
Patch Assessment Content Updates for UNIX in 2016-02 6 MS16-013 Security Update for Windows Journal to Address Remote Code Execution (3134811) MS16-014 Security Update for Microsoft Windows to Address Remote Code Execution (3134228) MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226) MS16-016 Security Update for WebDAV to Address Elevation of Privilege (3136041) MS16-017 Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700) MS16-018 Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082) MS16-019 Security Update for.net Framework to Address Denial of Service (3137893) MS16-020 Security Update for Active Directory Federation Services to Address Denial of Service (3134222) MS16-021 Security Update for NPS RADIUS Server to Address Denial of Service (3133043) MS16-022 Security Update for Adobe Flash Player (3135782) Patch Assessment Content Updates for UNIX in 2016-02 There are 87 updated patches and 199 new patches in dat (template) files for the UNIX platforms. Updates for raw-data content Updates for the following UNIX platforms are available in this release. Oracle Solaris
Updates in PACU 2016-01 7 Linux Ubuntu IBM AIX HP-UX Updates in PACU 2016-01 The PACU 2016-01 contained the following updates: Patch Assessment Content Updates for Windows in 2016-01 See Patch Assessment Content Updates for Windows in 2016-01 on page 7. Patch Assessment Content Updates for UNIX in 2016-01 See Patch Assessment Content Updates for UNIX in 2016-01 on page 8. Patch Assessment Content Updates for Windows in 2016-01 PACU 2016-01 contains checks for updates released by Microsoft in January 2016 on raw-data content. Updates for raw-data content MS16-001 Cumulative Security Update for Internet Explorer (3124903) MS16-003 Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (3125540) MS16-004 Security Update for Microsoft Office to Address Remote Code Execution (3124585) MS16-005 Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584) MS16-006 Security Update for Silverlight to Address Remote Code Execution (3126036) MS16-007 Security Update for Microsoft Windows to Address Remote Code Execution (3124901) MS16-008
8 Security Update for Windows Kernel to Address Elevation of Privilege (3124605) MS16-010 Security Update in Microsoft Exchange Server to Address Spoofing (3124557) Patch Assessment Content Updates for UNIX in 2016-01 There are 99 updated patches and 201 new patches in dat (template) files for the UNIX platforms. Updates for raw-data content Updates for the following UNIX platforms are available in this release. Oracle Solaris Linux Ubuntu HP-UX PACU contains the following files: Table 1-1 Name SEForMSPatches_Comprehensive.xml SEForMSPatches_Less.xml LinuxRecommendedPatches.dat HP-UXRecommendedPatches.dat AIXRecommendedPatches.dat SunOSRecommendedPatches.dat ESM_OSPatches_Comprehensive.xml Description Raw-data content standard for Windows Raw-data content standard for Windows Raw-data content updates for Linux platforms Raw-data content updates for HP-UX platforms Raw-data content updates for AIX platforms Raw-data content updates for Sun OS platforms Message-based content updates for Windows and UNIX
9 Table 1-1 Name bvmssecure.xml hf7b.xml (continued) Description Raw-data content file for Windows data collection Raw-data content file for Windows data collection BestPractice_OS_Patch_Updates.exe Comprehensive_AIXPatchStandard.xml Symantec.CSM. UnixPlatformContent.UnixPatchStandard.dll Version 11.10.10000.1160 Patch Policy updates on messagebased content for Windows and UNIX. Contains checks which evaluate on APAR and Packages for AIX OS Custom algorithm used for evaluating package checks in the Comprehensive Patch Standard for AIX. Note: Support for the RHBA bug fix advisories is not available in the Patch Assessment Content Update (PACU).