Learn about the vulnerabilities in SafeSync for Enterprise (SSFE) 3.1 that can be resolved by applying Critical Patch B1275.
SafeSync for Enterprise 3.1 Critical Patch Build 1275 is now available in the Download Center. The critical patch updates the OpenSSH-Client/OpenSSH-Server package to 1:5.9p1-5ubuntu1.8 in order to address the following vulnerabilities:
- CVE-2016-0777, a vulnerability in OpenSSH Server which may allow remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer
- CVE-2016-0778, a vulnerability in OpenSSH Server which may allow remote servers to cause a denial of service (heap-based buffer overflow)
- Cross-Site Scripting vulnerability in the Search function of the End User Portal
The vulnerabilities mentioned above affect the users of SafeSync for Enterprise 3.1 with build lower than 1275.
Additionally, this critical patch includes a number of enhancements since the release of SSFE 3.1 GM build. Refer to the Read Me file for more details.