Nexpose release announcements - August 2013

Document created by ryukhin on Aug 27, 2013
Version 1Show Document
  • View in full screen mode

To help you protect your environment against ever-evolving security threats Rapid7 releases coverage updates for Nexpose on a weekly basis. This page contains detailed announcements for the most recent Nexpose coverage releases:

For information on previous coverage releases go to Nexpose Release Notes (archive).

 

For information on the most recent full-feature release go to that Nexpose release announcement.

 

For details about restarting Nexpose after updating and other update information, see Nexpose release FAQ.


This Rapid7® Nexpose® 5.7.7 release contains the following update:                                                     

                                                          
  • application improvement
  • new and updated checks

      

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • In the API 1.2 schema, the SiloCreate API correctly identifies the CyberScope and XCCDF report formats so you can create silos that restrict the use of these report formats.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Update IDs, installer links,  md5sum links, and virtual appliance links

Update IDs, installer links, md5sum links, and virtual appliance links are added to this announcement on the release date.


This Rapid7® Nexpose® 5.7.6 release contains the following update:                                            

  • accuracy improvement
  • application improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Accuracy improvement | content

Better accuracy of scan results helps you to assess your security posture and prioritize remediation more effectively:

  • Checks for default CIFS/SMB credentials no longer return "false positive" results when an asset accepts arbitrary or invalid credentials.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • This update includes new installers.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Update IDs, installer links,  md5sum links, and virtual appliance links

Product Update IDs

 

  • Linux 32 | Update ID: 2158386869
  • Linux 64 | Update ID: 4068834854
  • Windows 32 | Update ID:  1076037198
  • Windows 64 | Update ID:  2515896461

 

Content update ID

 

  • Update ID: 1064324159

 

Installers

   Released on August 21, 2013 (see the FAQ).         

      

md5sum files       

       

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

      

       

Virtual Appliances

   Released on July 17, 2013.

      

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.7.5 release contains the following updates:                                   

  • application improvement
  • scanning improvement

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • Scans that are scheduled to run for limited durations on distributed Scan Engines now halt correctly if the Security Console restarts in mid-scan.

Scanning improvement | product

Better scan performance helps you to retrieve scan results more quickly with improved accuracy and more efficient use of resources:

  • A critical issue affecting Scan Engine initialization in certain environments has been corrected.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Update IDs, installer links, md5sum links, and virtual appliance links are added to this announcement on the release date.

Product Update IDs

 

  • Linux 32 | Update ID: 682475161
  • Linux 64 | Update ID: 2673349394
  • Windows 32 | Update ID:  1969959632
  • Windows 64 | Update ID:  1617330921

 

Content update ID

 

  • Update ID: 339834237

 

Installers

Released on July 17, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

Released on July 17, 2013.

 

Download the Virtual Appliance Deployment Guide.


This Rapid7® Nexpose® 5.7.4 release contains the following updates:                               

  • August 2013 Patch Tuesday checks
  • application improvement
  • coverage improvement
  • new and updated checks

 

These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

 

August 2013 Patch Tuesday checks | content

New vulnerability checks provide up-to-date Microsoft Patch Tuesday scan coverage for August 2013. For information about all current security bulletins covered in this release, see the Microsoft Security Bulletin Summary for August 2013. Use the checks in this update to verify that the latest Microsoft patches have been applied to system assets.

These checks help you determine where new risks are located in your environment, allowing you to prioritize what needs to be remediated and help minimize risk.

Weekly vulnerability check update | content

New vulnerability and patch checks bring coverage up to date for the following operating systems and applications:

  • Adobe
    • AIR
    • ColdFusion
    • Flash
    • Reader
    • Shockwave
  • Apache
    • HTTP
    • Tomcat
  • Apple
    • iTunes
    • Java
    • OS X
    • QuickTime
    • Safari
  • Atlassian JIRA
  • BIND
  • CentOS
  • Cisco devices
  • Debian GNU/Linux
  • Google Chrome
  • IBM AIX
  • Mozilla
    • Firefox
    • SeaMonkey
    • Thunderbird
  • OpenSSH
  • OpenSSL
  • Oracle
    • Database
    • Java Runtime Environment
    • Linux
    • MySQL
    • Solaris
  • PHP
  • Red Hat Enterprise Linux
  • Ubuntu/Linux
  • VideoLAN VLC
  • VMware
    • ESX
    • ESXi

Coverage improvement | product

Nexpose release 5.7.3 on August 7, 2013 fixed an XXE vulnerability that was discovered and reported independently by Drazen Popovic of Infigo IS and Brandon Perry of Rapid7, Inc. Rapid7 urges you to download and install the latest updates immediately. Given the importance of this fix, we are highlighting it again in today's release announcement.

Application improvement | product

Improvements to how the application integrates and presents scan data, and how it performs overall, help you to manage security issues more effectively in your environment:

  • This update fixes a bug that caused a potential security issue during searches within the Security Console's Web interface.

End-of-life for 32-bit installations

Rapid7 will end support for 32-bit versions of Nexpose on May 7, 2014, for both Windows and Linux operating systems. After that date, Rapid7 will not test Nexpose or provide bug fixes or technical support for Nexpose on 32-bit installations. For more information, see the end-of-life policy at http://www.rapid7.com/docs/end-of-life-policy.pdf.

Product Update IDs

 

  • Linux 32 | Update ID: 3384187579
  • Linux 64 | Update ID: 2504554238
  • Windows 32 | Update ID:  1631679119
  • Windows 64 | Update ID:  1062239734

 

Content update ID

 

  • Update ID: 3142488847

 

Installers

   Released on July 17, 2013 (see the FAQ).

 

md5sum files

 

Download the appropriate md5sum file to ensure that the installer was not corrupted during download:

 

 

Virtual Appliances

   Released on July 17, 2013.

 

Download the Virtual Appliance Deployment Guide.

Update IDs, installer links, md5sum links, and virtual appliance links are added to this announcement on the release date.

Attachments

    Outcomes