Professional Documents
Culture Documents
Server-Embedded
This document contains information for Security Update 2017-08, to be applied to Alliance Access, Alliance Entry and
Alliance Web Platform Server-Embedded.
08 September 2017
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Table of Contents
Table of Contents
Practical Information.........................................................................................................................................3
3 Support...................................................................................................................................................13
Legal Notices................................................................................................................................................... 14
08 September 2017 2
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Practical Information
Practical Information
Installation is:
Based on customer's deployment policy
When no policy is available, SWIFT recommends:
CVSS 9.0+ applied within 1 month of release
08 September 2017 3
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Security Update Overview
Installation deadline
In line with the SWIFT Customer Security Control Framework, SWIFT mandates the following:
A risk assessment process is in place to determine the most appropriate treatment of vendor
security updates. Risk assessment considerations may include: the vendor-reported criticality of
the update, user exposure and vulnerability, mitigating controls, and operational impact.
User-defined deployment timelines are established for applying updates based on criticality,
system type, and required update testing.
In the absence of established internal processes and timelines, SWIFT recommends the use of
Common Vulnerability Scoring System (CVSS) Version 3 as a guideline for criticality, with the
following update deployment targets:
- For vulnerabilities with a CVSS ranking of 9 and above, customers must install the security
update within 1 month of general availability.
- For vulnerabilities with a CVSS ranking of 7 to 9, customers must install the security update
within 2 months of general availability.
- For vulnerabilities with a CVSS ranking of less than 7, installation of the security update is
customer-defined.
SWIFT reserves the right to inform non-compliant users' supervisors of their failure to install the
latest mandatory SWIFT releases or updates in a timely manner and, in the case of non-supervised
users, their messaging counterparties. Non-compliance may also require SWIFT to suspend or
terminate customers' use of the related SWIFT services and products.
Please note that support for past software releases and updates automatically terminates after the
installation deadline (except for the limited support needed to help customers upgrade to the latest
mandatory releases).
08 September 2017 4
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Security Update Overview
If installed before 7.1.30, Security Update 2017-08 must be installed again on 7.1.30 (this does
not apply to 7.1.40).
Alliance Entry 7.1.23 and higher
This security update can be installed before or after Alliance Entry 7.1.30 or 7.1.40.
If installed before 7.1.30, Security Update 2017-08 must be installed again on 7.1.30 (this does
not apply to 7.1.40).
Alliance Web Platform Server-Embedded 7.0.71 and higher
Note This security update must not be installed on top of Alliance Access 7.2.00, Alliance
Entry 7.2.00, or Alliance Web Platform Server-Embedded 7.2.00. Release 7.2.00
includes this security update.
Description CVE
08 September 2017 5
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Installation and Configuration
If any packages are not installed, enter the following command (for each package missing):
yum install <package_name>
08 September 2017 6
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Installation and Configuration
Note The required disk space in the installation directory varies, depending on the
configuration. To cover all situations SWIFT decided to set the disk space
requirement to 10 GB.
If you cannot accommodate 10 GB of free disk space, contact SWIFT Support for
further assistance.
4. If Alliance Web Platform Server-Embedded is running on Red Hat Enterprise Linux, then the
following packages must have been installed as root:
glibc.i686
libstdc++.i686
zlib.i686
libidn.i686
krb5-libs.i686
To check the packages, enter the following command:
yum info <package_name>
If any packages are not installed, enter the following command (for each package missing):
yum install <package_name>
Procedure
1. Download the security update to a temporary folder (for example, /tmp)
2. Log in as Alliance System Administrator.
3. If you are working remotely, then export the display to your local machine by typing: export
DISPLAY=<IPaddressComputer>:0.0 where <IPaddressComputer> must be replaced
by the IP address for the computer where the upgrade windows will be displayed.
4. In an Xterm of the Alliance System Administration window, navigate to the temporary folder
where you copied the Security Update 2017-08 software: cd /tmp
5. Run the executable:
./secupd-2017-08-install
If the instance to be updated cannot be located, then add the -location argument to point to
the root path of that instance.
6. If you run the installation in silent mode, execute the command as follows:
./secupd-2017-08-install -silent <path to file silent.properties>
08 September 2017 7
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Installation and Configuration
Procedure
1. Download the security update to a temporary folder (for example, /tmp)
2. Log in as Alliance System Administrator.
3. If you are working remotely, then export the display to your local machine by typing:
export DISPLAY=<IPaddressComputer>:0.0
where <IPaddressComputer> must be replaced by the IP address for the computer where
the upgrade windows will be displayed.
4. In an Xterm of the Alliance System Administration window, navigate to the temporary folder
where you copied the Alliance Security Update 2017-08 software: cd /tmp
5. Run the executable:
./secupd-2017-08-install
If the instance to be updated cannot be located, then add the -location argument to point to
the root path of that instance.
6. If you run the installation in silent mode, execute the command as follows:
./secupd-2017-08-install -silent <path to file silent.properties>
Note The <path to file silent.properties> can be found under the
installation software on the temporary folder, where it was copied (/tmp). The
following lines in the file must be edited before launching the installation:
## Uncomment to specify your agreement with licensing terms
Mandatory.Accept.LicensingTerms=Agree
Replace /Alliance/Access with the path of the Alliance Access software
## Installation root directory (mandatory)
08 September 2017 8
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Installation and Configuration
Procedure
1. Download the security update to a temporary folder (for example, C:\Temp)
2. Log in as Alliance System Administrator.
3. In a Command Prompt of the Alliance System Administration application, navigate to the
temporary folder: cd C:\Temp
4. Run the executable:
secupd-2017-08-install.exe
If the instance to be updated cannot be located, then add the -location argument to point to
the root path of that instance.
5. If you run the installation in silent mode, execute the command as follows:
secupd-2017-08-install.exe -silent <path to file silent.properties>
where <root> is the path of the Alliance Access software.
Note The <path to file silent.properties> can be found under the
installation software on the temporary folder, where it was copied (C:\Temp). The
following lines in the file must be edited before launching the installation:
## Uncomment to specify your agreement with licensing terms
Mandatory.Accept.LicensingTerms=Agree
Replace C\:\\Alliance\\Access with the path of the Alliance Access
software
## Installation root directory (mandatory)
Procedure
1. Download the security update to a temporary folder (for example, C:\Temp)
2. Log in as Alliance System Administrator.
3. In a Command Prompt of the Alliance System Administration application, navigate to the
temporary folder: cd C:\Temp
4. Run the executable:
08 September 2017 9
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Installation and Configuration
secupd-2017-08-install.exe
If the instance to be updated cannot be located, then add the -location argument to point to
the root path of that instance.
5. If you run the installation in silent mode, execute the command as follows:
secupd-2017-08-install.exe -silent <path to file silent.properties>
Note The <path to file silent.properties> can be found under the
installation software on the temporary folder, where it was copied (C:\Temp). The
following lines in the file must be edited before launching the installation:
## Uncomment to specify your agreement with licensing terms
Mandatory.Accept.LicensingTerms=Agree
Replace C\:\\Alliance\\Entry with the path of the Alliance Entry software
## Installation root directory (mandatory)
Procedure
1. Download the security update to a temporary folder (for example, /tmp)
2. If you are working remotely, then export the display to your local machine by typing: export
DISPLAY=<IPaddressComputer>:0.0 where <IPaddressComputer> must be replaced
by the IP address for the computer where the upgrade windows will be displayed.
3. Run the following executable from the /tmp folder with the following arguments:
./secupd-2017-08-install
4. If you run the installation in silent mode, execute the command as follows:
./secupd-2017-08-install -silent <path to file silent.properties>
08 September 2017 10
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Installation and Configuration
Procedure
1. Download the security update to a temporary folder (for example, /tmp)
2. If you are working remotely, then export the display to your local machine by typing: export
DISPLAY=<IPaddressComputer>:0.0 where <IPaddressComputer> must be replaced
by the IP address for the computer where the upgrade windows will be displayed.
3. Run the following executable from the /tmp folder with the following arguments:
./secupd-2017-08-install
4. If you run the installation in silent mode, execute the command as follows:
./secupd-2017-08-install -silent <path to file silent.properties>
Note The <path to file silent.properties> can be found under the
installation software on the temporary folder, where it was copied (/tmp). The
following lines in the file must be edited before launching the installation:
## Uncomment to specify your agreement with licensing terms
Mandatory.Accept.LicensingTerms=Agree
Replace /Alliance/WebPlatform with the path of the Alliance Web Platform
software
## Installation root directory (mandatory)
08 September 2017 11
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Installation and Configuration
Procedure
1. Download the security update to a temporary folder (for example, C:\Temp)
2. Run the following executable from the C:\Temp folder with the following argument:
secupd-2017-08-install.exe
3. If you run the installation in silent mode, execute the command as follows:
secupd-2017-08-install.exe -silent <path to file silent.properties>
Note The <path to file silent.properties> can be found under the
installation software on the temporary folder, where it was copied (/tmp). The
following lines in the file must be edited before launching the installation:
## Uncomment to specify your agreement with licensing terms
Mandatory.Accept.LicensingTerms=Agree
Replace C\:\\Alliance\WebPlatform with the path of the Alliance Web
Platform software
## Installation root directory (mandatory)
08 September 2017 12
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Support
3 Support
Support for SWIFT customers
By default, SWIFT Support is the single point of contact to report all problems and queries that
relate to SWIFT services and products. Support is available to all SWIFT customers.
Individuals within a customer organisation must register to use the Support service.
For more information about the different services that SWIFT offers as part of the support
packages and the procedure to order support, see Comparison of support packages on swift.com.
Related information
For more information about Support services, see the service description related to the applicable
support package:
Support documentation
08 September 2017 13
Alliance Access, Alliance Entry, Alliance Web Platform Server-
Embedded
Security Update 2017-08 Legal Notices
Legal Notices
Copyright
SWIFT 2017. All rights reserved.
Restricted Distribution
Do not distribute this publication outside your organisation unless your subscription or order
expressly grants you that right, in which case ensure you comply with any other applicable
conditions.
Disclaimer
The information in this publication may change from time to time. You must always refer to the
latest available version.
Translations
The English version of SWIFT documentation is the only official and binding version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT:
the SWIFT logo, SWIFT, SWIFTNet, Accord, Sibos, 3SKey, Innotribe, the Standards Forum logo,
MyStandards, and SWIFT Institute. Other product, service, or company names in this publication
are trade names, trademarks, or registered trademarks of their respective owners.
08 September 2017 14