PRODUCT_LINE: BCM50
============================================

TITLE
=====

BCM050.202-SOFTWARE-MANAGEMENT-PROVIDER

========================
Release: 1.0 Issue: N/A
Category: EMG
Superceded By: NONE
Release Date: 20090217
Patch Conflict(s): N/A
Special Instructions: NO
Patch Version: N/A
========================

Software Update Name: BCM050.202-SOFTWARE-MANAGEMENT-PROVIDER

Applicable H/W Platforms: BCM50, BCM50a, BCM50e, SRG50

Applicable S/W Platforms: 1.00.2.04g, 1.00.2.04j , SRG50

Category: EMG

Installation Recommendations: 
This update should be applied to all new installs of BCM50 R1 and SRG50 systems. 
It is recommended to apply this update to all BCMs at the earliest service 
opportunity to address the security vulnerability.

Component & Version: 
   software-managment-provider 3.04.0

Dependencies: 
Required Updates: 
   - BCM050.SU.System.002-200709 or greater

Product Dependencies: None

Size: 0.1MB

System Impact: 
   Time to apply approximately 2 minutes

   Does update application force reboot: No

   Other Impacts: None

Limitations: None

Update Removable: No

Description:
-----------
The following issues are addressed:

1. user id and password stored in cleartext within log file during software updates
   The SoftwareUpdateProviderAgent.log records the user id and password in 
   cleartext when retrieving patches from remote locations. Exposure of this 
   information is an issue because this log file is included in the Log Collection 
   utility and then shipped off the BCM for browsing. Anyone looking at this file on 
   their PC will be able to see the user id and password.
   Q01927648-04

This update includes the content of the following superseded updates: 

No previous updates.