Environment
Situation
Reflection for Secure IT Windows Client 7.2 Service Pack 5 (released March 2016) is available for maintained customers who have version 7.2 installed and to customers who have downloaded and installed the version 7.2 evaluation package. This technical note provides information about how to obtain your update and a list of features and fixes included in the update. This note also includes fixes in Reflection FTP Client 14.1 SP5, which is included with Reflection for Secure IT Windows Client.
Service Pack 5 is cumulative and also applies the features and fixes provided in earlier updates and service packs. For a list of these features and fixes see the following:
- Reflection for Secure IT Client 7.2 Service Pack 4 Update 1, see KB 7021993.
- Reflection for Secure IT Client 7.2 Service Pack 4, see KB 7021990.
- Reflection for Secure IT Client 7.2 Service Pack 3 Update 1, see KB 7022038.
- Reflection for Secure IT Client 7.2 Service Pack 3, see KB 7021991.
For important information regarding security updates and Reflection for Secure IT, see https://support.microfocus.com/security/.
Resolution
Obtaining the Update
Maintained customers are eligible to download the latest product releases from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/. For information about logging into and using the Download Library, see KB 7021965.
Supported Platforms
For information about platform support in Reflection, see KB 7022010.
Security Fixes
This service pack includes fixes for the following reported security vulnerabilities. For additional information, see https://support.microfocus.com/security/.
- CVE-2015-0204: OpenSSL Client RSA Silent Downgrade Vulnerability
- CVE-2015-4000: Diffie-Hellman Logjam Vulnerabilities
- CVE-2015-0289: NULL pointer dereferences
- CVE-2015-0292: Base64 decode
- CVE-2016-0705: Double-free in DSA code
- BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- CVE-2016-0702: Side channel attack on modular exponentiation
Reflection Client for Windows 7.2 SP5
- After configuring Client Authentication with "Automatically select client certificate" (the default) chosen, the automatic chooser no longer chooses an expired certificate when a valid certificate exists in the list.
- The following UTF-8 characters are now drawn correctly: U+25a0, U+203b, U+2234, U+2235, U+2312, U+223d.
- A problem closing the connection when downloading a large CRL (2 MB) exceeds the connection timeout has been resolved. Previously if the time required to download the CRL exceeded the connection timeout, Reflection lost the connection to the server with an exception error in rssh.exe.
- The sftp command line client now returns to command prompt after connection timed-out with exit code 84 on Windows 8, Windows Server 2012, and Windows 10.
Reflection FTP Client 14.1 SP5
- Reflection ftpCOM API IsConnected and LastError properties now return correct status after a Host disconnect event.
- An issue that could cause the Reflection FTP Client to shut down unexpectedly while transferring a large number of files going to an OpenVMS (Process software) SSH server has been resolved.
- Connections using SSL/TLS now support DH cipher suites, and no longer support 40-bit and 56-bit cipher suites.
Additional Information
Legacy KB ID
This document was originally published as Attachmate Technical Note 2862.