~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Service Pack 3 for ThinPro 8.1 3.5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Service Pack 3 for ThinPro 8.1 ============================================================================ HP announces the service pack 'Service Pack 3 for ThinPro 8.1'. 2. Support Matrix ============================================================================ Package Platform Image ---------------------------------------------------------------------------- ThinPro8.1_SP-3.5-signed.xar PC 8.1 ThinPro8.1_SP-3.5-signed.xar mt21 8.1 ThinPro8.1_SP-3.5-signed.xar mt22 8.1 ThinPro8.1_SP-3.5-signed.xar mt32 8.1 ThinPro8.1_SP-3.5-signed.xar mt440 8.1 ThinPro8.1_SP-3.5-signed.xar mt45 8.1 ThinPro8.1_SP-3.5-signed.xar mt46 8.1 ThinPro8.1_SP-3.5-signed.xar mt645 8.1 ThinPro8.1_SP-3.5-signed.xar mt645g8 8.1 ThinPro8.1_SP-3.5-signed.xar t430 8.1 ThinPro8.1_SP-3.5-signed.xar t530 8.1 ThinPro8.1_SP-3.5-signed.xar t540 8.1 ThinPro8.1_SP-3.5-signed.xar t550 8.1 ThinPro8.1_SP-3.5-signed.xar t630 8.1 ThinPro8.1_SP-3.5-signed.xar t640 8.1 ThinPro8.1_SP-3.5-signed.xar t655 8.1 ThinPro8.1_SP-3.5-signed.xar t730 8.1 ThinPro8.1_SP-3.5-signed.xar t740 8.1 ThinPro8.1_SP-3.5-signed.xar t755 8.1 3. What's New ============================================================================ This is the first ThinPro version that supports HP Elite mt645 G8 Mobile Thin Client ThinPro kernel has been upgraded to 6.6.16 SP3 (v3.5) Bug Fixes: - SIO2247632 Fixed Domain Join issue - SIO2251094 Fixed 802.1x-TLS Network Security Configuration issue - SIO2252090 Fixed 802.1x-PEAP Network Security Configuration issue - SIO2253950 Allow ThinClient to connect to unmanaged port while 802.1x mode is enabled - SIO2261431 Fixed errorneous SNMP packets generation during system boot - SIO2275570 Fixed port forwarding error while optional WWAN module is installed on the ThinClient Security Updates: - Bash vulnerabilities :: CVE-2022-3715 - Bind vulnerabilities :: CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679 - Expat vulnerabilities :: CVE-2023-52425, CVE-2024-28757 - GLib vulnerabilities :: CVE-2024-34397 - GNU C Library vulnerabilities :: CVE-2024-2961 - GNU binutils vulnerabilities :: CVE-2022-47695, CVE-2022-48063, CVE-2022-48065 - GNU cpio vulnerabilities :: CVE-2023-7207 - GnuTLS vulnerabilities :: CVE-2024-28834, CVE-2024-28835 - LibTIFF vulnerabilities :: CVE-2023-52356, CVE-2023-6228, CVE-2023-6277 - Linux kernel vulnerabilities :: CVE-2023-46838, CVE-2023-50431, CVE-2023-52429, CVE-2023-52434, CVE-2023-52435, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-6610, CVE-2024-22705, CVE-2024-23850, CVE-2024-23851 - NSS vulnerabilities :: CVE-2023-4421, CVE-2023-5388, CVE-2023-6135 - OpenLDAP vulnerabilities :: CVE-2023-2953 - OpenSSL vulnerabilities :: CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727 - Pillow vulnerabilities :: CVE-2023-44271, CVE-2023-50447 - TeX Live vulnerabilities :: CVE-2019-18604, CVE-2023-32668, CVE-2024-25262 - Vim vulnerabilities :: CVE-2024-22667 - WebKitGTK vulnerabilities :: CVE-2024-23206, CVE-2024-23213, CVE-2024-23222 - X.Org X Server vulnerabilities :: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082, CVE-2024-31083 - curl vulnerabilities :: CVE-2024-2004, CVE-2024-2398 - klibc vulnerabilities :: CVE-2016-9840, CVE-2016-9841, CVE-2018-25032, CVE-2022-37434 - less vulnerabilities :: CVE-2022-48624 - libuv vulnerabilities :: CVE-2024-24806 - libxml2 vulnerabilities :: CVE-2024-25062 - nghttp2 vulnerabilities :: CVE-2019-9511, CVE-2019-9513, CVE-2023-44487, CVE-2024-28182 - python-cryptography vulnerabilities :: CVE-2023-50782, CVE-2024-26130 - shadow vulnerabilities :: CVE-2023-4641 - util-linux vulnerabilities :: CVE-2024-28085 4. Documentation Set ============================================================================ There is no additional documentation associated with this softpaq. 5. Installation ============================================================================ 5.1 Installing update for ThinPro To install this addon: 1. Use the installer to deploy files to the server. 2. Copy the add-on from the appropriate directory to the "/tmp" directory. 3. On the device, run the command as follows: "xarinstall /tmp/ThinPro8.1_SP-3.5-signed.xar" 4. Reboot the affected devices. Tip: This section describes the manual process of installing packages. To perform the recommended update method, use "Easy Update" in the ThinPro Control Panel. For detailed information see the "HP ThinPro Administrator's Guide". 6. Known Issues ============================================================================ There are no known issues. 7. Additional Notes ============================================================================ There are no additional notes. 8. Release History ============================================================================ 2024-06-23 Package version 3.5 - First official installer release SP2 (v2.5) Bug Fixes: - Fixed GUI corruption and missing icons under certain operations - Improved slow disk decryption speed - Allows display rotation from profile apply - Allow display configuration to be fully reverted upon user's request - Allows system language setting to be saved/restored - Fixed USB key detection issue with some models of USB keys - Fixed multiple monitor support issue - Fixed multiple bugs when connect the ThinClient to conferencing monitors - Fixed audio output volume to stay with set values after reboot - Fixed multiple WWAN GUI bugs - Fixed wifi connection issue when manual DNS setting is used - Fixed network status display while the system is domain joined - Fixed network applet to forget network password when requested as such - Fixed Realtek LAN DASH support - Fixed MAC address passthrough - Fixed wifi regulatory domain support for Indonesia - Fixed the wrong language used in IBus GUI - Added snapshot support for HPDM - Added sha256 cksum to ThinPro image/SP - Allows xar to be installed from USB key where directory names contains spaces - Fixed "mount devices read-only" settings to take effect immediately - Fixed certificate import - Fixed spontaneous wakeup of mobile ThinClient Security Updates: - Avahi vulnerabilities :: CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473 - BlueZ vulnerabilities :: CVE-2023-45866 - FFmpeg regression :: CVE-2022-48434 - GNU C Library vulnerabilities :: CVE-2023-4806, CVE-2023-4813, CVE-2023-5156 - GNU Tar vulnerabilities :: CVE-2023-39804 - GNU binutils vulnerabilities :: CVE-2020-19726, CVE-2021-46174, CVE-2022-35205, CVE-2022-38533, CVE-2022-4285 - GRUB2 vulnerabilities :: CVE-2023-4692, CVE-2023-4693 - GStreamer Bad Plugins vulnerabilities :: CVE-2023-37329, CVE-2023-40474, CVE-2023-40475, CVE-2023-40476, CVE-2023-44429, CVE-2023-44446 - GStreamer Base Plugins vulnerabilities :: CVE-2023-37327, CVE-2023-37328 - Ghostscript vulnerabilities :: CVE-2023-46751 - GnuTLS vulnerabilities :: CVE-2023-5981 - Kerberos vulnerabilities :: CVE-2023-36054 - LibTIFF vulnerabilities :: CVE-2022-40090, CVE-2023-3576 - OpenSSH vulnerabilities :: CVE-2023-28531, CVE-2023-48795 - PAM vulnerabilities :: CVE-2024-22365 - Perl vulnerabilities :: CVE-2022-48522, CVE-2023-47038 - Pillow vulnerabilities :: CVE-2023-44271, CVE-2023-50447 - Python vulnerabilities :: CVE-2023-40217 - SQLite vulnerabilities :: CVE-2022-46908, CVE-2023-7104 - Samba vulnerabilities :: CVE-2023-4091, CVE-2023-4154, CVE-2023-42669, CVE-2023-42670 - TeX Live vulnerabilities :: CVE-2023-32700 - Traceroute vulnerabilities :: CVE-2023-46316 - Vim vulnerabilities :: CVE-2022-1725, CVE-2022-1771, CVE-2022-1886, CVE-2022-1897, CVE-2022-2000, CVE-2022-2042, CVE-2023-46246, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706 - WebKitGTK vulnerabilities :: CVE-2023-42916, CVE-2023-42917 - X.Org X Server vulnerabilities :: CVE-2023-5367, CVE-2023-5380 - Xerces-C++ vulnerabilities :: CVE-2018-1311 - curl vulnerabilities :: CVE-2023-46218, CVE-2023-46219 - file vulnerabilities :: CVE-2022-48554 - libsndfile vulnerabilities :: CVE-2022-33065 - libssh vulnerabilities :: CVE-2023-48795 - nghttp2 vulnerabilities :: CVE-2023-44487 - poppler vulnerabilities :: CVE-2020-23804, CVE-2022-37050, CVE-2022-37051, CVE-2022-37052, CVE-2022-38349 - python-cryptography vulnerabilities :: CVE-2023-23931, CVE-2023-49083 - urllib3 vulnerabilities :: CVE-2018-25091, CVE-2023-43804, CVE-2023-45803 SP1 (v1.3) Bug Fixes: - Reduce excessive DNS query while running time sync - Translation updates - Fix ftp mode after firewall has been enabled - Sync WWAN status under airplane mode - Enable external monitors upon connect - Eliminate noise while using Bluetooth headset with 2.4G Wifi bands - Fix ELO Touch screen orientation issue - Save/Restore printer, SCEP and display settings along with registry - Fix background picture preview in control panel - Allow Bluetooth device to wake up system Security Updates: - grub2: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2021-3981, CVE-2022-2873, CVE-2022-2873, CVE-2022-2873, CVE-2022-2873, CVE-2022-2873, CVE-2022-3775, CVE-2022-28734 9. Contact Information ============================================================================ For contact and support information, refer to: http://www.hp.com/go/thinclient