Question

Jamf Pro 10.32.1 Release

Forum|Forum|4 years ago
September 14, 2021
29 replies
192 views

+10

kaylee_carlson
Employee

Hi Jamf Nation,

Today we're releasing a hotfix for Jamf Pro that addresses a recently responsibly disclosed security issue.

We strongly recommended that you upgrade to Jamf Pro 10.32.1 as soon as possible. The following CVE is addressed by this release:
[PI-010111]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40808

This is a placeholder CVE that will be updated once we can disclose more information. We have scored this at a 7.5 High security severity using CVSSv3.1 and recommend this update to all customers as this impacts all supported versions of Jamf Pro.

Please read the resolved issues section of the release notes for more information. Additional details on the resolved vulnerability will be made available at a future date to allow for Jamf Pro instances to be patched before full disclosure.

Please note this does not affect the cloud upgrade schedule for this upcoming weekend. You can find the cloud upgrade schedule here.

Read the full release notes here.

Show first post

1
2

Forum|pagination.label 2 / 2

M

+22

mike_paul
Employee
Forum|Forum|4 years ago
September 16, 2021

Is this related to the forcedentry vulnerability?

@inflicted, No, the hot fix above is to resolve the Jamf product issue PI-010111.

The forcedentry vulnerability is related to Apple OS functionality. More information on their recent updates can be found at Apple: https://support.apple.com/en-ca/HT212807 & https://support.apple.com/en-us/HT212804

It is recommended that people update to versions recommended by vendors to resolve the issues.

Like

C

Claude7004
New Contributor
Forum|Forum|4 years ago
September 29, 2021

It looks like this release, according to the release notes, patches 3 serious IndigoCard security vulnerabilities. Why is that not addressed up-front either in this post or why was no notice sent out about the vulnerabilities like the notice that was sent for the 10.30.1 release?

Like

J

+13

jrippy
Valued Contributor
Forum|Forum|4 years ago
September 29, 2021

It looks like this release, according to the release notes, patches 3 serious IndigoCard security vulnerabilities. Why is that not addressed up-front either in this post or why was no notice sent out about the vulnerabilities like the notice that was sent for the 10.30.1 release?

As much as I don't like it (I agree with you @Claude7004 that it should be addressed up front), I can at least explain their logic.

When they discover a severe vulnerability, they put out a patch and hide the details hoping they can get the community (i.e. not JamfCloud) upgraded to a point where, when the details are released, the possibility of compromise is reduced or not existent.

Again, it sucks b/c you don't know the details of what this affects, especially if you have to run the update through a change management process.

Like

K

+10

kaylee_carlson
Author
Employee
Forum|Forum|4 years ago
September 29, 2021

It looks like this release, according to the release notes, patches 3 serious IndigoCard security vulnerabilities. Why is that not addressed up-front either in this post or why was no notice sent out about the vulnerabilities like the notice that was sent for the 10.30.1 release?

@Claude7004 There was one vulnerability that was addressed in this 10.32.1 release and three addressed in the 10.32 release to which we posted updates here in Jamf Nation and also sent communication via email. If you did not receive an email communication, please contact customers success at success@jamf.com.

Like

1
2

Forum|pagination.label 2 / 2

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded