Software Security Updates - Waterfall Security

Software Security Updates

Note: This page is best viewed on desktop

Windows Version 7.0.7.0-R2301220555
Linux Version 7.0.7.0-R2301220556

Component	Old Version	New Version	Fixed Issues	Link
CURL	7.81.0	7.86.0	CVE-2022-42916 CVE-2022-42915 CVE-2022-32221 CVE-2022-35252 CVE-2022-32208 CVE-2022-32207 CVE-2022-32206 CVE-2022-32205 CVE-2022-27782 CVE-2022-27781 CVE-2022-27780 CVE-2022-27776 CVE-2022-27775 CVE-2022-27774 CVE-2022-22576	https://curl.se/docs/releases.html
OpenSSL	1.1.1m	1.1.1s	CVE-2022-2097 CVE-2022-2068 CVE-2022-1292 CVE-2022-0778	https://www.openssl.org/news/vulnerabilities-1.1.1.html
Apache	2.4.50	2.4.54	CVE-2022-31813 CVE-2022-30556 CVE-2022-30522 CVE-2022-29404 CVE-2022-28615 CVE-2022-28614 CVE-2022-28330 CVE-2022-26377 CVE-2022-23943 CVE-2022-22721 CVE-2022-22720 CVE-2022-22719 CVE-2021-44790 CVE-2021-44224 CVE-2021-42013 CVE-2021-41773	https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES

Windows:

Component	Old Version	New Version	Fixed Issues	Link
CURL	7.76.1	7.81.0	CVE-2021-22945 CVE-2021-22946 CVE-2021-22947 CVE-2021-22897 CVE-2021-22898 CVE-2021-22901	https://curl.se/changes.html
OpenSSL	1.1.1k	1.1.1m	CVE-2021-3711 CVE-2021-3712 CVE-2021-4160	https://www.openssl.org/news/vulnerabilities-1.1.1.html
libXML2	2.9.9	2.9.12	CVE-2021-3537 CVE-2021-3518 CVE-2021-3517 CVE-2020-24977 CVE-2020-7595 CVE-2019-20388 CVE-2019-19956	https://www.cvedetails.com/vulnerability-list/vendor_id-1962/product_id-3311/Xmlsoft-Libxml2.html

Windows: 7.0.5.0-R2107081105
Linux: 7.0.5.0-R2107081112

Component	Old Version	New Version	Fixed Issues	Link
CURL	7.74.0	7.76.1
OpenSSL	1.1.1g	1.1.1k

Windows: 7.0.5.2-R2111111925
Linux: 7.0.5.2-R2111111928

Component	Old Version	New Version	Fixed Issues	Link
Apache		2.4.50

WINDOWS: WATERFALL-SETUP-7.0.4.0-R2012281035.EXE

Component	Old Version	New Version	Fixed Issues	Link
CURL	7.70.0	7.74.0	CVE-2020-8231 CVE-2020-8286 CVE-2020-8285 CVE-2020-8284	https://curl.se/docs/CVE-2020-8231.html https://curl.se/docs/CVE-2020-8286.html https://curl.se/docs/CVE-2020-8285.html https://curl.se/docs/CVE-2020-8284.html

LINUX: WATERFALL-SETUP-7.0.4.0-R2012281045.RUN

Component	Old Version	New Version	Fixed Issues	Link
CURL	7.70.0	7.73.0	CVE-2020-8231	https://curl.se/docs/CVE-2020-8231.html

WINDOWS: WATERFALL-SETUP-7.0.3.0-R2008201034.EXE

Component	Old Version	New Version	Fixed Issues	Link
OpenSSL	1.1.1d	1.1.1g	CVE-2019-1551 CVE-2020-1967	https://www.openssl.org/news/vulnerabilities.html#2020
CURL	7.65.3	7.70.0	CVE-2019-5481 CVE-2019-5482 CVE-2019-15601	https://curl.haxx.se/changes.html
FFMPEG	3.2.4	4.2.2	CVE-2019-12730 CVE-2018-1999010 CVE-2018-14395 CVE-2018-14394 CVE-2017-9996 CVE-2017-9994 CVE-2017-9993 CVE-2017-9992 CVE-2017-9991 CVE-2017-9608 CVE-2017-7859	https://www.cvedetails.com/vulnerability-list/vendor_id-3611/product_id-6315/version_id-212272/Ffmpeg-Ffmpeg-3.2.4.html
Apache	2.4.41	2.4.43	CVE-2020-1934 CVE-2020-1927	https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/Apache-Http-Server.html https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES

LINUX: WATERFALL-SETUP-7.0.3.0-R2008201040.RUN

Component	Old Version	New Version	Fixed Issues	Link
GNU File	5.11	5.37	CVE-2014-8116 CVE-2014-8117 CVE-2014-9652 CVE-2014-9653 CVE-2014-9620	https://github.com/file/file/blob/master/ChangeLog

WINDOWS: WATERFALL-SETUP-7.0.2.0-R2002231042

Component	Old Version	New Version	Fixed Issues	Link
OpenSSL	1.0.2q	1.1.1d	CVE-2019-1559 CVE-2019-1563 CVE-2019-1547 CVE-2019-1552	https://www.openssl.org/news/vulnerabilities.html#y2019
XERCES-C	3.1.1	3.2.2	CVE-2015-0252	https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-31348/version_id-180832/Apache-Xerces-c-3.1.1.html
libCURL	7.63.0	7.65.3	CVE-2019-5435 CVE-2019-5436 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823	https://curl.haxx.se/changes.html
GNU File	5.03	5.37	CVE-2014-8116 CVE-2014-8117 CVE-2014-9652 CVE-2014-9653	https://github.com/file/file/blob/master/ChangeLog
7zip	9.20	19.00	CVE-2018-10172 CVE-2018-10115 CVE-2018-5996 CVE-2017-17969 CVE-2016-7804 CVE-2016-2335 CVE-2016-2334	https://www.cvedetails.com/vulnerability-list/vendor_id-9220/7-zip.html
WGET	1.20	1.20.3	CVE-2019-5953 CVE-2018-20483	https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-332/GNU-Wget.html
libxml2	2.9.2	2.9.9	CVE-2018-14567 CVE-2018-14404 CVE-2018-9251 CVE-2017-18258 CVE-2017-16932 CVE-2017-16931 CVE-2017-15412 CVE-2017-9050 CVE-2017-9049 CVE-2017-9048 CVE-2017-9047 CVE-2017-8872 CVE-2017-7376 CVE-2017-7375 CVE-2017-5969 CVE-2017-5130 CVE-2016-9598 CVE-2016-9597 CVE-2016-9596 CVE-2016-9318 CVE-2016-5131 CVE-2016-4616 CVE-2016-4615 CVE-2016-4614 CVE-2016-4483 CVE-2016-4449 CVE-2016-4448 CVE-2016-4447 CVE-2016-3705 CVE-2016-3627 CVE-2016-2073 CVE-2015-8806 CVE-2015-8710 CVE-2015-8317 CVE-2015-8242 CVE-2015-8241 CVE-2015-8035 CVE-2015-7942 CVE-2015-7941 CVE-2015-7500 CVE-2015-7499 CVE-2015-7498 CVE-2015-7497 CVE-2015-6838 CVE-2015-6837 CVE-2015-5312	https://www.cvedetails.com/vulnerability-list/vendor_id-1962/product_id-3311/Xmlsoft-Libxml2.html
SQLite3	3.26.0	3.30.1	CVE-2019-16168 CVE-2019-9937 CVE-2019-9936 CVE-2019-8457 CVE-2019-5018

LINUX: WATERFALL-SETUP-7.0.2.0-R2002230958

Component	Old Version	New Version	Fixed Issues	Link
GNU File	5.11	5.37	CVE-2014-8116 CVE-2014-8117 CVE-2014-9652 CVE-2014-9653 CVE-2014-9620	https://github.com/file/file/blob/master/ChangeLog

WINDOWS: WATERFALL-SETUP-7.0.1.0-R1908281503

Component	Old Version	New Version	Fixed Issues	Link
OpenSSL	1.0.2p	1.0.2q	CVE-2018-5407 CVE-2018-0734	https://www.openssl.org/news/openssl-1.0.2-notes.html
Apache	2.4.29	2.4.39	CVE-2019-0197 CVE-2019-0196 CVE-2019-0211 CVE-2019-0196 CVE-2019-0217 CVE-2019-0215 CVE-2019-0220 CVE-2018-17199 CVE-2018-17189 CVE-2019-0190 CVE-2018-8011 CVE-2018-1333 CVE-2017-15710 CVE-2018-1283 CVE-2018-1303 CVE-2018-1301 CVE-2017-15715 CVE-2018-1312 CVE-2018-1302	https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES

LINUX: WATERFALL-SETUP-7.0.1.0-R1908281434

Component	Old Version	New Version	Fixed Issues	Link
libCURL	7.61.0	7.63.0	CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-14618	https://curl.haxx.se/changes.html

OLDER RELEASES

RELEASE	DATE	DESCRIPTION
WF-Setup-5.1.0.0-r1805101931	5/10/2018	Updated ICCP library from version 5.4 to 6.1. The ICCP library is used only by the ICCP connector. For details see: https://www.sisconet.com/uncategorized/product-release-iccp-lite-plus/
WF-Setup-5.1.0.0-r1712241132	12/24/2017	Added connectors, functionality and fixed non-security-related defects.
WF-Setup-5.1.0.0-r1710091113	10/9/2017	Added connectors, functionality and fixed non-security-related defects.
WF-Setup-5.1.0.0-r1708160240	8/16/2017	Updated OpenSSL library from version 1.0r2f to 1.02g. OpenSSL is used only by the connectors: TCP Multicast, Syslog, Splunk and OPC UA. For details see: https://www.openssl.org/news/openssl-1.0.2-notes.html
WF-Setup-5.1.0.0-r1707061728	7/6/2017	Updated ACE library from version 5.7.6 to 6.0.3. The ACE library is used in all Unidirectional Gateway installations. For details see: https://github.com/DOCGroup/ACE_TAO/blob/master/ACE/NEWS

Windows: Waterfall-Setup-7.0.4.0-R2012281035.exe

Component	Old Version	New Version	Fixed Issues	Link
CURL	7.70.0	7.74.0	CVE-2020-8231, CVE-2020-8286, CVE-2020-8285, CVE-2020-8284	https://curl.se/docs/CVE-2020-8231.html https://curl.se/docs/CVE-2020-8286.html https://curl.se/docs/CVE-2020-8285.html https://curl.se/docs/CVE-2020-8284.html

Linux: Waterfall-Setup-7.0.4.0-R2012281045.run

Component	Old Version	New Version	Fixed Issues	Link
CURL	7.70.0	7.73.0	CVE-2020-8231	https://curl.se/docs/CVE-2020-8231.html

Windows: Waterfall-Setup-7.0.3.0-R2008201034.exe

Component	Old Version	New Version	Fixed Issues	Link
OpenSSL	1.1.1d	1.1.1g	CVE-2019-1551, CVE-2020-1967	https://www.openssl.org/news/vulnerabilities.html#2020
CURL	7.65.3	7.70.0	CVE-2019-5481, CVE-2019-5482, CVE-2019-15601	https://curl.haxx.se/changes.html
FFMPEG	3.2.4	4.2.2	CVE-2019-12730, CVE-2018-1999010, CVE-2018-14395, CVE-2018-14394, CVE-2017-9996, CVE-2017-9994, CVE-2017-9993, CVE-2017-9992, CVE-2017-9991, CVE-2017-9608, CVE-2017-7859	https://www.cvedetails.com/vulnerability-list/vendor_id-3611/product_id-6315/version_id-212272/Ffmpeg-Ffmpeg-3.2.4.html
Apache	2.4.41	2.4.43	CVE-2020-1934, CVE-2020-1927	https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/Apache-Http-Server.html, https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES

Linux: Waterfall-Setup-7.0.3.0-R2008201040.run

Component	Old Version	New Version	Fixed Issues	Link
GNU File	5.11	5.37	CVE-2014-8116, CVE-2014-8117, CVE-2014-9652, CVE-2014-9653, CVE-2014-9620	https://github.com/file/file/blob/master/ChangeLog

Windows: Waterfall-Setup-7.0.2.0-R2002231042

Component	Old Version	New Version	Fixed Issues	Link
OpenSSL	1.0.2q	1.1.1d	CVE-2019-1559 CVE-2019-1563 CVE-2019-1547 CVE-2019-1552	https://www.openssl.org/news/vulnerabilities.html#y2019
XERCES-C	3.1.1	3.2.2	CVE-2015-0252	https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-31348/version_id-180832/Apache-Xerces-c-3.1.1.html
libCURL	7.63.0	7.65.3	CVE-2019-5435 CVE-2019-5436 CVE-2018-16890 CVE-2019-3822 CVE-2019-3823	https://curl.haxx.se/changes.html
GNU File	5.03	5.37	CVE-2014-8116 CVE-2014-8117 CVE-2014-9652 CVE-2014-9653	https://github.com/file/file/blob/master/ChangeLog
7zip	9.20	19.00	CVE-2018-10172 CVE-2018-10115 CVE-2018-5996 CVE-2017-17969 CVE-2016-7804 CVE-2016-2335 CVE-2016-2334	https://www.cvedetails.com/vulnerability-list/vendor_id-9220/7-zip.html
WGET	1.20	1.20.3	CVE-2019-5953 CVE-2018-20483	https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-332/GNU-Wget.html
libxml2	2.9.2	2.9.9	CVE-2018-14567 CVE-2018-14404 CVE-2018-9251 CVE-2017-18258 CVE-2017-16932 CVE-2017-16931 CVE-2017-15412 CVE-2017-9050 CVE-2017-9049 CVE-2017-9048 CVE-2017-9047 CVE-2017-8872 CVE-2017-7376 CVE-2017-7375 CVE-2017-5969 CVE-2017-5130 CVE-2016-9598 CVE-2016-9597 CVE-2016-9596 CVE-2016-9318 CVE-2016-5131 CVE-2016-4616 CVE-2016-4615 CVE-2016-4614 CVE-2016-4483 CVE-2016-4449 CVE-2016-4448 CVE-2016-4447 CVE-2016-3705 CVE-2016-3627 CVE-2016-2073 CVE-2015-8806 CVE-2015-8710 CVE-2015-8317 CVE-2015-8242 CVE-2015-8241 CVE-2015-8035 CVE-2015-7942 CVE-2015-7941 CVE-2015-7500 CVE-2015-7499 CVE-2015-7498 CVE-2015-7497 CVE-2015-6838 CVE-2015-6837 CVE-2015-5312	https://www.cvedetails.com/vulnerability-list/vendor_id-1962/product_id-3311/Xmlsoft-Libxml2.html
SQLite3	3.26.0	3.30.1	CVE-2019-16168 CVE-2019-9937 CVE-2019-9936 CVE-2019-8457 CVE-2019-5018

Linux: Waterfall-Setup-7.0.2.0-R2002230958

Component	Old Version	New Version	Fixed Issues	Link
GNU File	5.11	5.37	CVE-2014-8116 CVE-2014-8117 CVE-2014-9652 CVE-2014-9653 CVE-2014-9620	https://github.com/file/file/blob/master/ChangeLog

Windows: Waterfall-Setup-7.0.1.0-R1908281503

Component	Old Version	New Version	Fixed Issues	Link
OpenSSL	1.0.2p	1.0.2q	CVE-2018-5407 CVE-2018-0734	https://www.openssl.org/news/openssl-1.0.2-notes.html
WGET	1.17	1.2	CVE-2018-0494 CVE-2017-13090 CVE-2017-13089 CVE-2016-4971	https://fossies.org/linux/wget/ChangeLog
PCRE	8.33	8.42	CVE-2016-1283 CVE-2015-2325 CVE-2015-2326	https://www.pcre.org/original/changelog.txt
Apache	2.4.29	2.4.39	CVE-2019-0197 CVE-2019-0196 CVE-2019-0211 CVE-2019-0196 CVE-2019-0217 CVE-2019-0215 CVE-2019-0220 CVE-2018-17199 CVE-2018-17189 CVE-2019-0190 CVE-2018-8011 CVE-2018-1333 CVE-2017-15710 CVE-2018-1283 CVE-2018-1303 CVE-2018-1301 CVE-2017-15715 CVE-2018-1312 CVE-2018-1302	https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES

Linux: Waterfall-Setup-7.0.1.0-R1908281434

Component	Old Version	New Version	Fixed Issues	Link
libCURL	7.61.0	7.63.0	CVE-2018-16839 CVE-2018-16840 CVE-2018-16842 CVE-2018-14618	https://curl.haxx.se/changes.html

Older Releases

Release	Date	Description
WF-Setup-5.1.0.0-r1805101931	5/10/2018	Updated ICCP library from version 5.4 to 6.1. The ICCP library is used only by the ICCP connector. For details see: https://www.sisconet.com/uncategorized/product-release-iccp-lite-plus/
WF-Setup-5.1.0.0-r1712241132	12/24/2017	Added connectors, functionality and fixed non-security-related defects.
WF-Setup-5.1.0.0-r1710091113	10/9/2017	Added connectors, functionality and fixed non-security-related defects.
WF-Setup-5.1.0.0-r1708160240	8/16/2017	Updated OpenSSL library from version 1.0r2f to 1.02g. OpenSSL is used only by the connectors: TCP Multicast, Syslog, Splunk and OPC UA. For details see: https://www.openssl.org/news/openssl-1.0.2-notes.html
WF-Setup-5.1.0.0-r1707061728	7/6/2017	Updated ACE library from version 5.7.6 to 6.0.3. The ACE library is used in all Unidirectional Gateway installations. For details see: https://github.com/DOCGroup/ACE_TAO/blob/master/ACE/NEWS