Translation Notice
Please note that this content includes text that has been machine-translated from English. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.
InfoScale_sig_licensing_log4j-2.17.1_7.0_to_7.4.2_HF
Abstract
Description
* * * READ ME * * *
* * * InfoScale_sig_licensing_7.0_to_7.4.2_HF * * *
* * * Patch 204 * * *
Patch Date: 2022-01-06
This document provides the following information:
* PATCH NAME
* OPERATING SYSTEMS SUPPORTED BY THE PATCH
* PACKAGES AFFECTED BY THE PATCH
* BASE PRODUCT VERSIONS FOR THE PATCH
* SUMMARY OF INCIDENTS FIXED BY THE PATCH
* DETAILS OF INCIDENTS FIXED BY THE PATCH
* INSTALLATION PRE-REQUISITES
* INSTALLING THE PATCH
* REMOVING THE PATCH
PATCH NAME
----------
InfoScale Sig Licensing log4j HotFix 7.0 to 7.4.2 Patch 204
OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
Windows 2012, 2016, 2019 Servers
PACKAGES AFFECTED BY THE PATCH
------------------------------
InfoScale Licensing
BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
* InfoScale Availability 7.0, 7.1, 7.2, 7.3, 7.3.1, 7.4, 7.4.1, 7.4.2
* InfoScale Enterprise 7.0, 7.1, 7.2, 7.3, 7.3.1, 7.4, 7.4.1, 7.4.2
* InfoScale Foundation 7.0, 7.1, 7.2, 7.3, 7.3.1, 7.4, 7.4.1, 7.4.2
* InfoScale Storage 7.0, 7.1, 7.2, 7.3, 7.3.1, 7.4, 7.4.1, 7.4.2
*Note: This patch is not required if you have already upgraded to python based collector service on InfoScale.
SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: 7.4.2.204
* 4058872 Security Fix for InfoScale Licensing Module
DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:
Patch ID: 7.4.2.204
* 4058872 (Tracking ID: 4058872)
SYMPTOM:
No Symptom Found
DESCRIPTION:
Apache Log4j upgrade to version 2.17.1 to fix CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832 Vulnerabilities in InfoScale Licensing.
RESOLUTION:
NONE
INSTALLING THE PATCH
--------------------
Pre requisite :
1. Pleae make sure all other windows(folders) are closed.
2. InfoScale product must already be installed on system.
3. Please make sure you are logged-in with Administrator user.
Steps
1. Extract(un-zip) the InfoScale_sig_licensing-7.0_to_7.4.2_HF.zip file.
2. Open Administrator CMD console.
3. Go to the extracted InfoScale_sig_licensing-7.0_to_7.4.2_HF folder(done in step '1') and find Installer.exe
4. Run the following command to install new patch on the system:
# Installer.exe
5. Verification steps
a. Open Administrator CMD and go to InfoScale installation directory
Example- C:\Program Files\Veritas\Veritas Shared\VPI\{F834E070-8D71-4c4b-B688-06964B88F3E8}\{7.4.20000.1}\tele\
Note : {F834E070-8D71-4c4b-B688-06964B88F3E8}\{7.4.20000.1} – This path could be different on InfoScale Node w.r.t. host and InfoScale version.
b. run: certutil -hashfile TelemetryCollector.jar MD5
c. MD5 hash from above step 'b' should be "f0ae0366971273811423754270a0d14b"
REMOVING THE PATCH
------------------
NONE
SPECIAL INSTRUCTIONS
--------------------
Nagging warning and Error in Collector Service Log will come once in 90 days if InfoScale deployment is keyless and node is not registered with Veritas.
This has no functional impact and it can be ignored.
OTHERS
------
Applies to the following product releases
Update files
|
|
File name | Description | Version | Platform | Size |
|---|