Nexpose release announcements - July 2013

Document created by ryukhin on Aug 7, 2013
Version 1Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains detailed announcements for the most recent Nexpose coverage releases:

 

For information on previous coverage releases go to Nexpose Release Notes (archive).

 

For information on the most recent full-feature release go to that Nexpose release announcement.

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


This Rapid7® Nexpose® 5.7.2 release contains the following updates:                                                   

  • application improvements
  • new and updated checks

    

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

     

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Charts on the Policies panel now generate correctly when large numbers of assets are included in scan results.
  • The Security Console now manages generation of reports with large numbers of assets better.
  • You can now configure settings for sending logs to Technical Support through a proxy by using the Proxy Settings page of the Security Console Configuration panel.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 4032093431
  • Linux 64 | Update ID: 4154385143
  • Windows 32 | Update ID:  795460866
  • Windows 64 | Update ID:  1580384445

 

Content update ID

 

  • Update ID: 2915455355

 

Installers

   Released on July 17, 2013 (see the FAQ).           

        

md5sum files         

         

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

        

         

Virtual Appliances

   Released on July 17, 2013.

        

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.7.1 release contains the following updates:                                        

  • application improvements
  • scanning improvement
  • accuracy improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

Accuracy improvement | content

Windows RT assets are now correctly identified as tablet devices.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • MAC addresses now appear correctly on detail pages for scanned assets.
  • A bug fix ensures that when you click a vulnerability listed on the page for an asset, you will see the detailed vulnerability information for that asset only instead of all assets affected by the vulnerability.

Scanning improvements | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • PCI vulnerabilities with a CVSS score of less than 4, now appear consistently in the Web interface.
  • Fingerprinting is now more accurate for assets exposing the CIFS service with very specific configurations.
  • Fingerprinting has been corrected for certain Cisco IOS devices that use multi-line message-of-the day banners.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 1899471953
  • Linux 64 | Update ID: 4032029039
  • Windows 32 | Update ID:  1267353214
  • Windows 64 | Update ID:  3034510468

 

Content update ID

 

  • Update ID: 1571374191

 

Installers

   Released on July 17, 2013 (see the FAQ).       

    

md5sum files     

     

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

    

     

Virtual Appliances

   Released on July 17, 2013.

    

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.6.13 release contains the following updates:                                  

  • July 2013 Patch Tuesday checks
  • scanning improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

July 2013 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for July 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for July 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Scanning improvement | product

The Intelligent Platform Management Interface (IPMI) is now fingerprinted to help you track assets better, provide a more comprehensive software inventory, and present more accurate information on vulnerabilities.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 463625665
  • Linux 64 | Update ID: 3910187157
  • Windows 32 | Update ID:  326231336
  • Windows 64 | Update ID:  1148065670

 

Content update ID

 

  • Update ID: 259441390

 

Installers

  Released on June 19, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

  Released on May 29, 2013.

 

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.6.12 release contains the following updates:                              

  • application improvements
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvements | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • An out-of-memory error that occurred in certain instances during scans of Windows assets has been corrected.
  • Several operations involving multiple ranges of included or excluded assets have improved:
    • When you view a site, it displays asset ranges more quickly.
    • When you save a site with multiple asset ranges, the save operation completes more quickly.
    • When you launch a local or remote scan with multiple asset ranges, it starts more quickly.
    • When you perform database maintenance, it completes more quickly.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 445916575
  • Linux 64 | Update ID: 3663685528
  • Windows 32 | Update ID:  1051999773
  • Windows 64 | Update ID:  1518371699

 

Content update ID

 

  • Update ID: 1102047746

 

Installers

  Released on June 19, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

  Released on May 29, 2013.

 

Download the Virtual Appliance Deployment Guide.

Attachments

    Outcomes