Environment
Reflection for IBM version 14.x
Reflection for UNIX and OpenVMS version 14.x
Reflection X version 14.x
Reflection X for x64 version 14.x
Reflection for the Multi-Host Enterprise Professional Edition version 14.x
Reflection for the Multi-Host Enterprise Standard Edition version 14.x
Situation
The Reflection Windows-based products version 14.1 Service Pack 5 (SP5) is available to maintained users who already have 14.1 installed and to customers who have downloaded and installed the version 14.1 evaluation package. This technical note provides information about how to obtain the service pack and a list of fixes included in the service pack. This note also includes fixes in Reflection FTP Client 14.1 SP5, which is included with all of the products listed in the Applies To section.
Service Pack 5 is cumulative and also applies features and fixes provided in earlier updates and service packs. For a list of these features and fixes see the following:
- Reflection 14.1 Service Pack 4 Update 1, see KB 7021743.
- Reflection 14.1 Service Pack 4, see KB 7021739.
- Reflection 14.1 Service Pack 3 Update 1, see KB 7021738.
- Reflection 14.1 Service Pack 3, see KB 7021736.
For important information regarding security updates and Reflection products, see https://support.microfocus.com/security/.
Resolution
Before you apply the update, note the following:
- Service Packs are available to licensed Attachmate customers with current maintenance plans for these products. For information about logins and accessing Attachmate Downloads, see KB 7021965.
- If you have installed (or plan to install) Reflection Administrator's Toolkit, you must use the latest version of the Toolkit. The Reflection Administrator's Toolkit features may not work correctly if you are running a version of Reflection that is newer than your Toolkit version. The latest version of Reflection Administrator's Toolkit, is available for download from Attachmate Downloads. If you have not yet installed this version of the Reflection Administrator's Toolkit, you need to download and install the latest Reflection Administrator's Toolkit in addition to installing this service pack.
- Removing Reflection software packages will result in your users losing settings information for those components that store this information in the registry. This affects Reflection X, Reflection Windows-based products, and the FTP client. To save these settings, refer to KB 7021647.
Obtaining the Service Pack
The latest Reflection 14.1 Service Pack is available from the Download page, https://download.attachmate.com, and applies to version 14.1 of the following products:
Reflection for UNIX and OpenVMS (includes Reflection for ReGIS Graphics)
Reflection for IBM
Reflection for the Multi-Host Enterprise, Professional Edition
Reflection for the Multi-Host Enterprise, Standard Edition
Reflection X
Reflection Suite for X
If you have the 64-bit components of Reflection X version 14.1 installed, you must apply the 64-bit service pack.
This service pack does apply to Reflection Desktop or InfoConnect Desktop, which include Reflection for HP as a component.
Note: If you have more than one Reflection product installed on a workstation, applying this service pack will update all products at the same time. (It is not possible to run multiple versions of Reflection Windows-based products on the same workstation.)
See the following technical notes for information about applying the service pack:
How to apply a service pack to a workstation installation of Reflection | KB 7021752 |
How to apply a service pack to an administrative installation of Reflection | KB 7021753 |
Supported Platforms
For information about platform support in Reflection, see KB 7021763.
Security Fixes
Fixes for the following security vulnerabilities are included with this Service Pack. For additional information, see https://support.microfocus.com/security/.
Security fixes that affect Reflection for HP, Reflection for UNIX and OpenVMS, Reflection for IBM, and Reflection FTP Client:
- CVE-2015-0204: OpenSSL Client RSA Silent Downgrade Vulnerability
- CVE-2015-4000: Diffie-Hellman Logjam Vulnerabilities
- CVE-2015-0289: NULL pointer dereferences
- CVE-2015-0292: Base64 decode
- CVE-2016-0705: Double-free in DSA code
- BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
- CVE-2016-0702: Side channel attack on modular exponentiation
Security fixes that affect Reflection X:
- CVE-2015-0255 Information leak in the XkbSetGeometry request
- CVE-2015-1802: X.Org out-of-bounds write in bdf parser bdfReadProperties() when reading font properties"
- CVE-2015-1803: X.Org crash in bdf parser bdfReadCharacters() if a char's bitmap cannot be read
- CVE-2015-1804: X.Org out-of-bounds memory access in bdf parser bdfReadCharacters() when working with xCharInfo struct
Reflection for UNIX and OpenVMS 14.1 SP5
- After configuring Client Authentication with "Automatically select client certificate" (the default) chosen, the automatic chooser no longer chooses an expired certificate when a valid certificate exists in the list.
- The following UTF-8 characters are now drawn correctly: U+25a0, U+203b, U+2234, U+2235, U+2312, U+223d.
- The GetPassword method can now handle passwords that are longer than 15 characters.
- Connections using SSL/TLS now support DH cipher suites, and no longer support 40-bit and 56-bit cipher suites.
- A problem closing the connection when downloading a large CRL (2 MB) exceeds the connection timeout is resolved. Previously if the time required to download the CRL exceeded the connection timeout, Reflection lost the connection to the server with an exception error in rssh.exe.
- The sftp command line client now returns to command prompt after connection timed-out with exit code 84 on Windows 8, Windows Server 2012, and Windows 10.
Reflection for IBM 14.1 SP5
- -In 5250 sessions, the Start of Field (SF) Order now automatically adds an 0x20 attribute to the end of field address + 1.
- The HLLAPI QuerySessions (function 10) no longer returns an empty datastring when called via an "MFC ActiveX Control" project.
- An issue that caused a "A write to display memory was out of bounds..." error to occur intermittently when pasting data into a 5250 session is resolved.
- An issue that caused missing characters in the command string sent to the host from a DDE application is resolved.
- Connections using SSL/TLS now support DH cipher suites, and no longer support 40-bit and 56-bit cipher suites.
- A problem closing the connection when downloading a large CRL (2 MB) exceeds the connection timeout is resolved. Previously if the time required to download the CRL exceeded the connection timeout, Reflection lost the connection to the server with an exception error in rssh.exe.
Reflection X 14.1 SP5
- A problem introduced in SP3 U1 that could cause a drop down menu to appear in the wrong location is resolved.
Reflection FTP Client 14.1 SP5
- Reflection ftpCOM API IsConnected and LastError properties now return correct status after a Host disconnect event.
- An issue that could cause the Reflection FTP Client to shut down unexpectedly while transferring a large number of files going to an OpenVMS (Process software) SSH server is resolved.
- Connections using SSL/TLS now support DH cipher suites, and no longer support 40-bit and 56-bit cipher suites.