Three vulnerabilities in McAfee Products have been discovered and resolved.

AFFECTED SOFTWARE

• DLP Prevent 10.0.100
• DXL 3.0.0, 3.0.01
• MAR 1.1.0
• TIE Server 2.0.0

REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:

• DLP Prevent 10.0.101
• DXL 3.0.0 Build 334
• DXL 3.0.1 Build 182
• MAR 1.1.0 -245
• TIE Server 2.0.0.653

IMPACT

• CVE-2016-5195 (CVSS: 6.7; Severity: Medium) is a race condition found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10176, Security Bulletin: Fixes for privilege escalation via MAP_PRIVATE COW breakage (CVE-2016-5195) (https://kc.mcafee.com/corporate/index?page=content&id=SB10176)

A vulnerability in McAfee Application Control (MAC) and Endpoint Security (ENS) has been discovered and resolved.

AFFECTED PRODUCT VERSIONS

• MAC 7.0.0 and earlier
• ENS 10.2 and earlier

PROTECTED VERSIONS

• 6.2.0 Build 567 or later
• 7.0.1 Build 275 or later
• ENS 10.x with AMCore Trust DAT version 300.0 or later

IMPACT
CVE-2016-8010
An application protection bypass vulnerability in McAfee Application Control (MAC) 7.0 (and earlier) allows local users to bypass local security protection via a command-line utility.

RECOMMENDATION
Intel Security recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see Knowledge Base article SB10179, Intel Security - Security Bulletin: Endpoint Security and Application Control updates fix an application protection bypass flaw (CVE-2016-8010)  (https://kc.mcafee.com/corporate/index?page=content&id=SB10179

VirusScan Enterprise for Linux 2.0.3 Hotfix 1156487 is now available. This release includes new features, fixes, and enhancements including:

• The Threat Event Log in McAfee ePO now displays the appropriate IP address details in the Detecting Product, Threat Source, and Threat Target IP Address fields.
• This hotfix contains the fix for the OpenSSL SWEET32 issue CVE-2016-2183 vulnerability.
• This hotfix upgrades the OpenSSL Library version to 1.0.1u.

NOTE: After applying this hotfix, VirusScan Enterprise for Linux generates new keys and installs the new certificate. When you launch the software web interface, you will be prompted to accept the new certificate.

To download McAfee VirusScan Enterprise for Linux 2.0.3 Hotfix 1156487 (McAfeeVSEForLinux-2.0.3.29216-HF1156487.zip), go to the Product Downloads site at:
http://www.mcafee.com/us/downloads/downloads.aspx

For a full list of changes, see the Release Notes in PD26753:
https://kc.mcafee.com/corporate/index?page=content&id=PD26753

For a list of Known Issues, see KB80085:
https://kc.mcafee.com/corporate/index?page=content&id=KB80085