Service Bulletins

This is the place to find all service bulletins. You know, for stuff like security, end of life, recall, upgrades, etc.

bulletins.png

CatDV Service Notice - RMI Session Hijacking Vulnerability

CATDV SERVER: UPDATE NOW: MANDATORY SECURITY UPDATE

Summary: SBS is notifying you of a vulnerability impacting the CatDV Server software. There is a known CVE (Common Vulnerabilities & Exposures) related to this issue, which has been publicly disclosed and assigned ID number CVE-2021-26705. Under certain active session conditions, this vulnerability may be able to be exploited to allow an attacker to gain administrative level access to the CatDV Server system and it is therefore mandatory that all CatDV Server users upgrade to the latest versions to avoid any unauthorized access.

Read the full summary  

Spectre and Meltdown Vulnerability

Quantum has been made aware of multiple microarchitectural (hardware) implementation issues affecting many modern microprocessors, requiring updates to operating system software in combination with a microcode update. There are 3 known CVEs related to this issue in combination with Intel, AMD, and ARM architectures. Affected operating systems include recent versions of Linux (Red Hat, CentOS, SUSE), Microsoft Windows and Apple macOS.

Read the full summary  

Apache Struts2 REST Plug-in Vulnerability

The recent data breach announced by Equifax has raised concerns across enterprises and institutions about security vulnerabilities within widely used open source software.

Read the full summary  

GHOST glibc Vulnerability

Quantum products that have been developed using the GNU C Library (glibc) may be affected by the GHOST glibc vulnerability identified as CVE-2015-0235. The GHOST vulnerability is a serious weakness in the Linux glibc library.

Read the full summary  

GNU Bash Vulnerability 'Shellshock'

Like many other companies, Quantum has been affected by the Shellshock bug, a serious vulnerability in GNU Bourne Again Shell (Bash), the common command-line shell utility, which may allow an attacker to remotely execute arbitrary code.

Read the full summary  

Multiple Petya Ransomware Infections

ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk associated with this malware.

Read the full summary  

OpenSSL Heartbleed Bug Vulnerability

Like many other companies, Quantum has been affected by the Heartbleed bug, a serious vulnerability in the popular OpenSSL cryptographic software library.

Read the full summary  

SambaCry Vulnerability

All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Read the full summary  

WannaCry Ransomware

Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability.

Read the full summary  

Samba Heimdal Kerberos Vulnerability

Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 include an embedded Heimdal Kerberos.

Read the full summary