Sign In
Forgot Password

Don’t have an account? Create One.

Instructions for How to Create, View, and Manage Cases

sig_licensing-log4j-2.17.1-HF-7.4-to-7.4.3

HotFix Critical
Update ID: UPD838718
Version: 7.4 - 7.4.3
Platform: Cross-platform
Release date: 2022-01-07

Abstract

Security Fix for InfoScale Licensing Module

Description

Apache Log4j upgrade to 2.17.1 to fix CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832 Vulnerability on InfoScale Licensing.
*Note: This patch is not required if you have already upgraded to python based collector service on InfoScale.

                                       * * * READ ME * * *
                              * * * sig_licensing-log4j-HF-7.4-to-7.4.3 * * *
                                      * * * Patch 205 * * *
                                      Patch Date: 2022-01-03


This document provides the following information:

     * PATCH NAME
     * OPERATING SYSTEMS SUPPORTED BY THE PATCH
     * PACKAGES AFFECTED BY THE PATCH
     * BASE PRODUCT VERSIONS FOR THE PATCH
     * SUMMARY OF INCIDENTS FIXED BY THE PATCH
     * DETAILS OF INCIDENTS FIXED BY THE PATCH
     * INSTALLATION PRE-REQUISITES
     * INSTALLING THE PATCH
     * REMOVING THE PATCH


PATCH NAME
----------
Sig Licensing log4j HotFix 7.4 to 7.4.3 Patch 205


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
RHEL6 x86-64 , RHEL7 x86-64 ,  RHEL8  x86-64 , SLES11  x86-64 , SLES12  x86-64 , SLES15  x86-64 , Solaris 11 SPARC ,  Solaris 11 x86 , AIX


PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSvlic


BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
     * InfoScale Availability 7.4, 7.4.1, 7.4.2, 7.4.3
     * InfoScale Enterprise 7.4, 7.4.1, 7.4.2, 7.4.3
     * InfoScale Foundation 7.4, 7.4.1, 7.4.2, 7.4.3
     * InfoScale Storage 7.4, 7.4.1, 7.4.2, 7.4.3


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: 7.4.3.205
* 4058872 Security Fix for InfoScale Licensing Module


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:

Patch ID: 7.4.3.205

* 4058872 (Tracking ID: 4058872)

SYMPTOM:
No Symptom Found

DESCRIPTION:
Apache Log4j upgrade to 2.17.1 to fix CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832 Vulnerability on InfoScale Licensing

RESOLUTION:
NONE

INSTALLING THE PATCH
--------------------
1.Untar "sig_licensing-log4j-HF-7.4-to-7.4.3.tar"

              tar -xvf sig_licensing-log4j-HF-7.4-to-7.4.3.tar

2.Change directory location to sig_licensing-log4j-HF-7.4-to-7.4.3

              cd ./sig_licensing-log4j-HF-7.4-to-7.4.3

3.Run HotFix installer script

              ./installer_sig_licensing-log4j-HF-7.4-to-7.4.3.sh

5. Verification steps
    a. Run below command
        cksum /opt/VRTSvlic/tele/bin/TelemetryCollector.jar
       
    b. cksum value from step a above should be "3442669387 5760190 /opt/VRTSvlic/tele/bin/TelemetryCollector.jar"


REMOVING THE PATCH
------------------
NONE


SPECIAL INSTRUCTIONS
--------------------
1. Please ignore warning messages during patch upgrade.

2. After patch upgrade, you may observe messages like "This instance of InfoScale is not registered with Veritas" in syslogs. You may also observe same message in syslogs at every 90 days interval.
This has no functional impact and it can be ignored.

3. Supported InfoScale versions : InfoScale 7.4, InfoScale 7.4.1, InfoScale 7.4.2 and InfoScale 7.4.3


OTHERS
------
NONE


 

Applies to the following product releases

InfoScale Availability 7.4.1
Release date: 2019-02-01
End of standard support: 2024-07-31
Sustaining support starts: 2026-07-31
End of support life: To be determined
InfoScale Availability 7.4
Release date: 2018-05-30
End of standard support: 2023-02-28
Sustaining support starts: 2025-02-28
End of support life: To be determined
InfoScale Availability 7.4.2
Release date: 2020-06-01
End of standard support: 2025-06-01
Sustaining support starts: 2027-06-01
End of support life: To be determined
InfoScale Availability 7.4.3
Release date: 2020-11-17
End of standard support: To be determined
Sustaining support starts: To be determined
End of support life: 2022-12-13
InfoScale Storage 7.4.1
Release date: 2019-02-01
End of standard support: 2024-07-31
Sustaining support starts: 2026-07-31
End of support life: To be determined
InfoScale Storage 7.4
Release date: 2018-05-30
End of standard support: 2023-02-28
Sustaining support starts: 2025-02-28
End of support life: To be determined
InfoScale Storage 7.4.2
Release date: 2020-06-01
End of standard support: 2025-06-01
Sustaining support starts: 2027-06-01
End of support life: To be determined
InfoScale Enterprise 7.4.1
Release date: 2019-02-01
End of standard support: 2024-07-31
Sustaining support starts: 2026-07-31
End of support life: To be determined
InfoScale Enterprise 7.4
Release date: 2018-05-30
End of standard support: 2023-02-28
Sustaining support starts: 2025-02-28
End of support life: To be determined
InfoScale Enterprise 7.4.2
Release date: 2020-06-01
End of standard support: 2025-06-01
Sustaining support starts: 2027-06-01
End of support life: To be determined
InfoScale Foundation 7.4.1
Release date: 2019-02-01
End of standard support: 2024-07-31
Sustaining support starts: 2026-07-31
End of support life: To be determined
InfoScale Foundation 7.4
Release date: 2018-05-30
End of standard support: 2023-02-28
Sustaining support starts: 2025-02-28
End of support life: To be determined
InfoScale Foundation 7.4.2
Release date: 2020-06-01
End of standard support: 2025-06-01
Sustaining support starts: 2027-06-01
End of support life: To be determined

Update files

 File name Description Version Platform Size