Environment
Reflection for IBM version 14.x
Reflection for UNIX and OpenVMS version 14.x
Reflection X version 14.x
Reflection X for x64 version 14.x
Reflection Suite for X version 14.x
Reflection for the Multi-Host Enterprise Professional Edition version 14.1
Reflection for the Multi-Host Enterprise Standard Edition version 14.x
Situation
The Reflection Windows-based products version 14.1 Service Pack 3 Update 1 (Update 14.1.3.247) is available to maintained users who already have 14.1 installed and to customers who have downloaded and installed the version 14.1 evaluation package. This technical note provides information about how to obtain your update and a list of fixes included in the update. Update 1 is cumulative and also applies the features and fixes provided in earlier service packs.
- A newer version of this product, Reflection 14.1 Service Pack 4, released January 2015. For details, see KB 7021739.
- For a list of features included Reflection 14.1 service packs, see KB 7021736.
- For important information regarding security updates and Reflection, see https://support.microfocus.com/security/.
Resolution
Before you apply the update, note the following:
- This document references a Reflection update. Updates are available to licensed Attachmate customers with current maintenance plans for these products. For information about logins and accessing Attachmate Downloads, see KB 7021965.
- If you have installed (or plan to install) Reflection Administrator's Toolkit, you must use the latest version of the Toolkit. The Reflection Administrator's Toolkit features may not work correctly if you are running a version of Reflection that is newer than your Toolkit version. The latest version of Reflection Administrator's Toolkit, ratkit-14.1.3-prod-w32.exe, is available for download from Attachmate Downloads. If you have not yet installed this version of the Reflection Administrator's Toolkit, you need to download and install the latest Reflection Administrator's Toolkit in addition to applying this Update.
- Removing Reflection software packages will result in your users losing settings information for those components that store this information in the registry. This affects Reflection X, Reflection Windows-based products, and the FTP client. To save these settings, refer to KB 7021647, Saving Customized Settings Before Uninstalling Reflection.
This technical note includes the following sections:
Supported Platforms
Reflection 14.1 SP3 Update 1 Security Updates
Reflection for IBM 14.1 SP3 Update 1
Reflection X 14.1 SP3 Update 1
Reflection FTP Client 14.1 SP3 Update 1
Secure Shell Changes
Obtaining the Update
The Reflection 14.1 Service Pack 3 Update 1, reflect-14.1.3.247-update-w32.exe, is available from Attachmate Downloads and applies to version 14.1 of the following products:
Reflection for UNIX and OpenVMS (includes Reflection for ReGIS Graphics)
Reflection for IBM
Reflection for the Multi-Host Enterprise, Professional Edition
Reflection for the Multi-Host Enterprise, Standard Edition
Reflection X
Reflection Suite for X
If you have the 64-bit components of Reflection X version 14.1 installed, you must apply a different update: rx-14.1.3.247-update-wx64.exe.
Note the following:
- This update is identified as Update 14.1.3.247 in the Windows Programs and Features (or Add or Remove Programs) Control Panel.
- If you have more than one Reflection product installed on a workstation, applying Update 1 will update all products at the same time. (It is not possible to run multiple versions of Reflection Windows-based products on the same workstation.)
The information about applying or uninstalling a service pack also applies to an update. See the following technical notes:
How to apply a service pack to a workstation installation of Reflection | KB 7021752 |
How to apply a service pack to an administrative installation of Reflection | KB 7021753 |
Supported Platforms
For information about platform support in Reflection, see KB 7021763.
Reflection 14.1 SP3 Update 1 Security Updates
The following security updates apply to:
Reflection for UNIX and OpenVMS 14.1 SP3 Update 1
Reflection for HP 14.1 SP3 Update 1
Security Updates
- CVE-2014-0160- OpenSSL "Heartbleed" Vulnerability - This update includes updated OpenSSL libraries that resolve this issue. Note: This OpenSSL vulnerability affected only Reflection TLS 1.2 connections made to a malicious server. The default Reflection TLS 1.0 connections are not subject to this vulnerability.
- CVE-2013-4353 - The ssl3_take_mac function allows remote TLS servers to cause a denial of service via a crafted TLS handshake. This update includes updated OpenSSL libraries that resolve this issue. Note: This OpenSSL vulnerability affected only Reflection TLS 1.2 connections. The default Reflection TLS 1.0 connections are not subject to this vulnerability.
For security updates that apply to Reflection X, see Reflection X 14.1 SP3 Update 1.
Reflection for IBM 14.1 SP3 Update 1
Resolved Issues
- In 3270 sessions, the response is now faster when you expand a mapped network drive in the Local folders display of the Transfer dialog box.
- Reflection for IBM now correctly handles a DDE "LinkRequest" to return the "ServerNames" property when more than one Reflection for IBM session is open.
Reflection X 14.1 SP3 Update 1
The following features, security updates, and resolved issues are available in Reflection X 14.1 SP3 Update 1.
New Features
- Reflection X now enables IPv6 by default on new
installs. (Network Settings > Enable IPv6 listening socket). Note the
following:
- Applying this update to a workstation on which you have already installed and run Reflection X does not change your current IPv6 setting.
- If you apply this update to an administrative installation point, and then use the updated administrative installation to install Reflection on a workstation that did not previously have Reflection X installed, the new installation will have IPv6 enabled by default.
- The Reflection X IPv6 setting cannot be enabled if your system does not support IPv6.
- The "About Reflection X" dialog box now includes IPv6 addresses when IPv6 is enabled and active.
Security Updates
This update includes fixes for the following security vulnerabilities
- CVE-2013-6424 - Reflection X now rejects upside-down trapezoids to avoid an integer overflow and possible denial of service attack.
- CVE-2013-6462 - Reflection X now manages the reading of BDF font files with very long comment lines in order to avoid a possible denial of service attack.
- CVE-2013-4396 - Reflection X incorporates an X.org fix for this vulnerability to avoid using freed memory.
Resolved Issues
- The first attempt to move or resize some Java X client applications no long results in the Java window returning to its original position and size.
- Password caching enabled using regconv -pw now works correctly.
- Resolves a problem seen in version 14.1 SP2 and higher that caused a missing log file error.
- Bitmap and pixmap images are now copied correctly to the Windows clipboard.
- Resolves an issue introduced in version 14.1 SP1 that caused slow performance when resizing some X client applications.
- Reflection X now works correctly with a 3DConnexion SpacePilot device using current driver software.
- The "Exit when last client closed" setting now works correctly when the window mode is set to "X terminal desktop" and the Reflection Window Manager is selected.
- Reflection X can now add fonts with XLFD filenames that include more than 14 '-' characters.
- The CentOS desktop now draws correctly when the RENDER extension is enabled.
- When a runrx.exe command line includes multiple macros (such as %HN% and %IP#%), the macros are now all expanded correctly.
- When the Window mode is set to "X terminal desktop," an X window display that spans two monitors is now updated correctly.
- This update adds support for newer OpenGL/GLX extensions: GL_ARB_get_program, GL_NV_fragment_program, GL_ARB_vertex_array_object, GLX_ARB_create_context, and GLX_ARB_create_context_profile.
- Improvements to trace processing were made including:
- decoding additional OpenGL 4.x and OpenGL extension constants
- a fix for tracing with more than one active screen
- decoding WM_HINTS property correctly
- SSH connections started with rxstart.exe no longer use excess CPU.
Also see Secure Shell Changes for additional Secure Shell changes that apply to Reflection X.
Reflection FTP Client 14.1 SP3 Update 1
The following issues are resolved in Reflection FTP Client 14.1 SP3 Update 1.
Security Updates
- CVE-2014-0160- OpenSSL "Heartbleed" Vulnerability - This update includes updated OpenSSL libraries that resolve this issue. Note: This OpenSSL vulnerability affected only Reflection TLS 1.2 connections made to a malicious server. The default Reflection TLS 1.0 connections are not subject to this vulnerability.
- CVE-2013-4353 - The ssl3_take_mac function allows remote TLS servers to cause a denial of service via a crafted TLS handshake. This update includes updated OpenSSL libraries that resolve this issue.
Resolved Issues
- The "Download As" option now works correctly when you are connected to a NonStop (Guardian API) server.
- When connected to a NonStop (Guardian API) server, the server pane now correctly displays files that contain an owner value that has multiple entries, such as "101,255".
- This update resolves an issue that caused intermittent FTP Client crashes in module ntdll.dll when navigating server folders.
Also see Secure Shell Changes for Secure Shell changes that apply to the FTP Client.
Secure Shell Changes
The following Secure Shell changes apply to:
Reflection for UNIX and OpenVMS 14.1 SP3 Update 1
Reflection for HP 14.1 SP3 Update 1
Reflection FTP Client 14.1 SP3 Update1
This release includes changes that improve Secure Shell response times.
Specific issues resolved by this fix include slow SFTP file download times and slow X client display response in SSH connections.
To support these changes, the following Secure Shell configuration file keyword was added and is enabled by default. Note that applying this update automatically enables this setting; you do not need to make any configuration changes.
Nodelay - This setting addresses a change made by Microsoft that enables the Nagle algorithm on Windows tcp sockets by default, and can adversely affect performance in Secure Shell connections. Setting Nodelay to yes (the default) disables this algorithm and improves performance on most systems.
Resolved Issue
- Command line input redirection (for example sftp<input.txt) now works correctly with the sftp command line utility.