------------------------------------------------ Gauntlet Firewall 5.0 for Unix Patches Directory ------------------------------------------------ Download these patches by using FTP. To ensure the most reliable transfer be sure to configure your client to perform a binary download. The patches below consist of Bourne Shell scripts that will extract the appropriate binaries for your Operating System. The explicit instructions can be found at http://www.tis.com/support/patch50.html File Patch Level Comments -------------------------------------------------------------------------------- cluster.BSDI.patch Patchlevel 1 Increases performance and May 13, 1999 number of concurrent conn- ections for ftp and http. Corrects issues with SNK, CRYPTOCard and RADIUS-CHAP. Requires kernel.BSDI.patch. Patchlevel 2 Not released. n/a Patchlevel 3 Improves memory handling September 1, 1999 for ftp and http. Removes logging of passwords for http. Resolves ActiveX/ Java/Javascript corruption. Resolves ColdFusion corrup- tion. Resolves POST issue. Resolves problem when log- ging destinations. Fixes double authentication with SecurID. Fixes CyberPatrol blocking and coring issues. Patchlevel 4 Improves memory handling for October 20, 1999 http and ftp. Fixes message sent to browser when hostname is unresolveable. Fixes problem with sites using URL redirection. Patchlevel 5 Addresses problems with display December 14, 1999 and performance when using http proxy transparently. Fixes issues with HTTP 1.1. Fixes ftp-pdk problem with null data buffers that would cause a core. Patchlevel 6 HTTP: Resolves problems when March 30, 2000 client passes through Net- scape Proxy Server 3.5. Now limits username/password length. Fixes possible memory corruption on failed authen- tication. Improves performance. FTP: Removes listening port after data port acceptance. Removes password logging. cluster.HPUX.patch Patchlevel 1 Increases performance and May 13, 1999 number of concurrent conn- ections for ftp and http. Corrects issues with SNK, CRYPTOCard and RADIUS-CHAP. Requres kernel.HPUX.patch Patchlevel 2 Not released. n/a Patchlevel 3 Improves memory handling September 1, 1999 for ftp and http. Removes logging of passwords for http. Resolves ActiveX/ Java/Javascript corruption. Resolves ColdFusion corrup- tion. Resolves POST issue. Resolves problem when log- ging destinations. Fixes double authentication with SecurID. Fixes CyberPatrol blocking and coring issues. Patchlevel 4 Improves memory handling for October 20, 1999 http and ftp. Fixes message sent to browser when hostname is unresolveable. Fixes problem with sites using URL redirection. Patchlevel 5 Addresses problems with display December 14, 1999 and performance when using http proxy transparently. Fixes issues with HTTP 1.1. Fixes ftp-pdk problem with null data buffers that would cause a core. Patchlevel 6 HTTP: Resolves problems when March 30, 2000 client passes through Net- scape Proxy Server 3.5. Now limits username/password length. Fixes possible memory corruption on failed authen- tication. Improves performance. FTP: Removes listening port after data port acceptance. Removes password logging. cluster.SOLARIS.patch Patchlevel 1 Increases performance and May 13, 1999 number of concurrent conn- ections for ftp and http. Corrects issues with SNK, CRYPTOCard and RADIUS-CHAP. Requires kernel.SOLARIS.patch Patchlevel 2 Not released. n/a Patchlevel 3 Improves memory handling September 1, 1999 for ftp and http. Removes logging of passwords for http. Resolves ActiveX/ Java/Javascript corruption. Resolves ColdFusion corrup- tion. Resolves POST issue. Resolves problem when log- ging destinations. Fixes double authentication with SecurID. Fixes CyberPatrol blocking and coring issues. Patchlevel 4 Improves memory handling for October 20, 1999 http and ftp. Fixes message sent to browser when hostname is unresolveable. Fixes problem with sites using URL redirection. Patchlevel 5 Addresses problems with display December 14, 1999 and performance when using http proxy transparently. Fixes issues with HTTP 1.1. Fixes ftp-pdk problem with null data buffers that would cause a core. Patchlevel 6 HTTP: Resolves problems when March 30, 2000 client passes through Net- scape Proxy Server 3.5. Now limits username/password length. Fixes possible memory corruption on failed authen- tication. Improves performance. FTP: Removes listening port after data port acceptance. Removes password logging. cyber.patch Patchlevel 1 Fixes DOS vulnerability May 21, 2000 to HTTP proxy when CyberPatrol is enabled. MANDATORY PATCH esmp-gui n/a Script file needed to start the GUI on HP-UX or Solaris systems that do not have Gauntlet installed. Place script in /usr/local/etc. iiop_hp.tar N/A IIOP Update to 5.0 See IIOP.README for more info. iiop_solaris.tar N/A IIOP Update to 5.0 See IIOP.README for more info. kernel.BSDI.patch Patchlevel 1 Improved performance for May 13, 1999 dynamic packet filtering. Patchlevel 2 Fixes problems handling August 2, 1999 improperly formed ICMP packets. MANDATORY PATCH Patchlevel 3 Installs ip_input.o file that October 18, 1999 was missing from Patchlevel 2. MANDATORY PATCH Patchlevel 4 Fixes build_kernel script. October 22, 1999 MANDATORY PATCH kernel.HPUX.patch Patchlevel 1 Adds multi-processor support. May 13, 1999 Improved performance for dynamic packet filtering. Patchlevel 2 Fixes problems handling August 2, 1999 improperly formed ICMP packets. MANDATORY PATCH Patchlevel 3 Fixes array bounds violations March 13, 2000 in dynamic NAT. kernel.SOLARIS.patch Patchlevel 1 Adds multi-processor support. May 13, 1999 Improved performance for dynamic packet filtering. Patchlevel 2 Fixes problems handling August 2, 1999 improperly formed ICMP packets. MANDATORY PATCH Patchlevel 3 Not released. Patchlevel 4 Fixes array bounds violation November 8, 1999 in dynamic NAT that would exhibit itself with a panic. Patchlevel 5 Fixes problem with logging November 19, 1999 securityalerts on unserved ports accessed transparently. plug.patch Patchlevel 1 Support for partial shutdown April 13, 2000 of the socket and completing reads and writes. rsh.patch Patchlevel 1 Support for partial shutdown April 13, 2000 of the socket and completing reads and writes. run-backup.patch Patchlevel 1 Fixes "Backup Level Not March 28, 2000 Configured." error. smap.patch Patchlevel 1 Solves duplicate mail message October 28, 1999 problem. Solves HP specific problem with usernames of 8-byte multiple lengths. snmp.patch Patchlevel 1 Fixes port configuration April 17, 2000 via GUI. sql.patch Patchlevel 1 Provides support for Net8. December 21, 1999 Increases max relays to 2048. sql-gw timers work in GUI configuration. Enforces ASO. This patch is for Solaris ONLY.