IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
Resolved vulnerabilities in SNS 3.11.1 LTSB
Web administration interface / Captive portal / Sponsorship
Additional controls have been implemented for connections via the web administration interface, the captive portal or sponsorship, to prevent JavaScript code or additional HTML tags from being executed through the optional disclaimer page.
NTP service
Vulnerability CVE-2019-8936 was resolved and various fixes were applied with the upgrade of the NTP service to version 4.2.8p14.
FreeBSD
Vulnerabilities CVE-2019-15879 and CVE-2019-15880 relating to cryptodev were fixed after a FreeBSD security patch was applied, to counter the risk of memory corruption by users authenticated on the operating system.
OpenSSH
Vulnerability CVE-2016-8858 was fixed after the OpenSSL software suite was updated.
Details on this vulnerability can be found on our website https://advisories.stormshield.eu.
OpenSSL
A vulnerability was fixed after the OpenSSL cryptographic library was updated.
XSS flaw
A vulnerability affecting the Users > Access privileges module, Detailed access tab in the web administration interface has been fixed.