Release notes for update package 1791-5242

This update package improves the detection capabilities of the Forcepoint NGFW system.

RELEASE DATE:    Monday October 21, 2024
MD5 CHECKSUM:    32eb6d3e8f2d7e2951cbbb6aad2718b1
SHA1 CHECKSUM:    d55944bda7a530bff0e07f6198b52c1611aa1722
SHA256 CHECKSUM:    05e3c9f891b0091c75147c09ebe1fc50deb5edb66ff9f21a9f843db31dd8482f


UPDATE CRITICALITY:    HIGH

MINIMUM SOFTWARE VERSIONS
- Forcepoint NGFW Security Management Center:    6.10.1.11125
- Forcepoint NGFW:    6.8.1.24103

List of detected attacks in this update package:

Risk levelDescriptionReferenceVulnerability
High     An attempt to exploit a vulnerability in Apport detected     CVE-2016-9949     Apport-Remote-Code-Execution-Via-CrashDB-Field-CVE-2016-9949

Jump to: Detected Attacks Other Changes

DETECTED ATTACKS

New detected attacks:

Text File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation Type
High Apport-Remote-Code-Execution-Via-CrashDB-Field-CVE-2016-9949 CVE-2016-9949 File-Text_Apport-Remote-Code-Execution-Via-CrashDB-Field-CVE-2016-9949 Suspected Compromise

Updated detected attacks:

Other Binary File Stream

RiskVulnerability/SituationReferencesRelated FingerprintSituation TypeChange Description
High CUPS-Remote-Command-Execution-Via-FoomaticRIPCommandLine-CVE-2024-47177 CVE-2024-47177 File-Binary_CUPS-Remote-Command-Execution-Via-FoomaticRIPCommandLine-CVE-2024-47177 Suspected Compromise
Description has changed
Fingerprint regexp changed

LIST OF OTHER CHANGES:

New objects:

TypeName
CategoryApport
Certificate AuthoritySecureSign Root CA12
Certificate AuthoritySecureSign Root CA14
Certificate AuthoritySecureSign Root CA15
Certificate AuthorityTWCA CYBER Root CA
Certificate AuthorityTWCA Global Root CA G2
Certificate AuthorityCertum Trusted Root CA (1)
Certificate AuthoritySSL Secure Site CA
Certificate AuthorityJoySSL DV TLS G2 R33 CA
Certificate AuthorityShoper DV TLS G2 R34 CA
Certificate AuthorityXinChaCha Trust EV TLS G2 R34 CA
Certificate AuthorityDigiCert Assured ID TLS RSA4096 SHA256 2022 CA1
Certificate AuthorityGandiCert
Certificate AuthorityTrustAsia TLS RSA CA G8
Certificate AuthorityDigiCert Secure Site Pro G3 TLS CN ECC P-384 SHA384 2022 CA1
Certificate AuthorityMicrosoft Azure ECC TLS Issuing CA 08
Certificate AuthorityEntrust Root Certification Authority - G2 (1)
Certificate AuthorityGlobalSign Atlas R3 AlphaSSL CA 2024 Q3
Certificate AuthorityGlobalSign Atlas R3 DV TLS CA 2024 Q4
Certificate AuthorityKeysec GR3 OV TLS CA 2024
Certificate AuthorityNAVER Secure Certification Authority 1
Certificate AuthoritySectigo Public Server Authentication Root E46 (1)
Certificate AuthoritySectigo Public Server Authentication Root R46 (1)
Certificate AuthoritySectigo SHA-256 OV Secure Server CA
Certificate AuthoritySSL.com TLS Transit RSA CA R2
Certificate AuthorityApple Public Server ECC CA 11 - G1
Certificate AuthoritycPanel ECC Domain Validation Secure Server CA 3
Certificate AuthoritycPanel RSA Domain Validation Secure Server CA 3
Certificate AuthoritySectigo Public Server Authentication Root E46 (2)
Certificate AuthorityTrustAsia ECC OV TLS CA G3
Certificate AuthorityCloudSecure RSA Extended Validation Secure Server CA 2
Certificate AuthorityValid Certificadora RSA EV SSL CA
Certificate AuthorityXinChaCha Trust DV CA
Certificate Authority纳网 RSA Domain Validation Secure Server CA
Certificate Authority纳网 RSA Organization Validation Secure Server CA
Certificate AuthoritySHECA DV Server CA G5
Certificate AuthoritySSL.com TLS RSA Root CA 2022 (1)
Certificate AuthorityDomain The Net Technologies Ltd CA for TLS R3
Certificate AuthorityEntrust OV TLS Issuing RSA CA 1
Certificate AuthorityLeocert TLS Issuing RSA CA 1
Certificate AuthorityTelia RSA TLS Root CA v3

Updated objects:

TypeNameChanges
SituationURL_List-DNS-Over-HTTPS
Detection mechanism updated
SituationURL_List-Common_Global_CRL
Detection mechanism updated
SituationURL_List-Common_Global_OCSP
Detection mechanism updated
IPListTOR exit nodes IP Address List
IPListAmazon AMAZON
IPListAmazon EC2
IPListTOR relay nodes IP Address List
IPListZscaler IP Address List
IPListAmazon ROUTE53_HEALTHCHECKS_PUBLISHING
IPListMalicious Site IP Address List
IPListAmazon AMAZON ap-southeast-6
IPListAmazon EC2 ap-southeast-6
IPListNordVPN Servers IP Address List
IPListAmazon AMAZON ap-southeast-5
IPListAmazon EC2 ap-southeast-5
IPListAmazon AMAZON me-south-1
IPListAmazon EC2 me-south-1
IPListForcepoint Drop IP Address List
IPListAmazon AMAZON us-west-2
IPListAmazon EC2 us-west-2
SituationFile-Name_Shared-Variables
ApplicationTOR
ApplicationDNS-Over-HTTPS
ApplicationNordVPN
SituationURL_List-Common_Global_CRL
Detection mechanism updated
SituationURL_List-Common_Global_OCSP
Detection mechanism updated

HOW TO IMPORT AND ACTIVATE THE DYNAMIC UPDATE PACKAGE

  1. Download the dynamic update package, then make sure that the checksums for the original files and the files that you have downloaded match.
  2. In the Management Client, select Menu > File > Import > Import Update Packages.
  3. Browse to the file, select it, then click Import.
  4. Select  Configuration, then browse to Administration > Other Elements > Updates.
  5. Right-click the imported dynamic update package, then select Activate.
  6. When the activation is finished, refresh the policy on all NGFW Engines. If your policy uses a custom template, you might need to edit the policy.

DISCLAIMER AND COPYRIGHT

Copyright © 2024 Forcepoint
Forcepoint and the FORCEPOINT logo are trademarks of Forcepoint.

All other trademarks used in this document are the property of their respective owners.

Every effort has been made to ensure the accuracy of this document. However, Forcepoint makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.