Sign In
Forgot Password

Don’t have an account? Create One.

Instructions for How to Create, View, and Manage Cases

sig_licensing-log4j-2.17.1-HF-6.2-to-6.2.1

HotFix Critical
Update ID: UPD864693
Version: 6.2 - 6.2.1
Platform: Cross-platform
Release date: 2022-01-07

Abstract

Security Fix for InfoScale Licensing Module

Description

Apache Log4j upgrade to 2.17.1 to fix CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832 Vulnerability on InfoScale Licensing

                                       * * * READ ME * * *
                              * * * sig_licensing-log4j-HF-6.2-and-6.2.1 * * *
                                      * * * Patch 404 * * *
                                      Patch Date: 2022-01-03


This document provides the following information:

     * PATCH NAME
     * OPERATING SYSTEMS SUPPORTED BY THE PATCH
     * PACKAGES AFFECTED BY THE PATCH
     * BASE PRODUCT VERSIONS FOR THE PATCH
     * SUMMARY OF INCIDENTS FIXED BY THE PATCH
     * DETAILS OF INCIDENTS FIXED BY THE PATCH
     * INSTALLATION PRE-REQUISITES
     * INSTALLING THE PATCH
     * REMOVING THE PATCH


PATCH NAME
----------
Sig Licensing log4j HotFix 6.2 and 6.2.1 Patch 404


OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
RHEL6 x86-64 , RHEL7 x86-64 , SLES11  x86-64 , SLES12  x86-64 , Solaris 11 SPARC , AIX


PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSvlic


BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
     * InfoScale Availability 6.2, 6.2.1
     * InfoScale Enterprise 6.2, 6.2.1
     * InfoScale Foundation 6.2, 6.2.1
     * InfoScale Storage 6.2, 6.2.1


SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: 6.2.1.404
* 4058872 Security Fix for InfoScale Licensing Module


DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:

Patch ID: 6.2.1.404

* 4058872 (Tracking ID: 4058872)

SYMPTOM:
No Symptom Found

DESCRIPTION:
Apache Log4j upgrade to 2.17.1 to fix CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832 Vulnerability on InfoScale Licensing

RESOLUTION:
NONE

INSTALLING THE PATCH
--------------------
1.Untar "sig_licensing-log4j-HF-6.2-and-6.2.1.tar"

              tar -xvf sig_licensing-log4j-HF-6.2-and-6.2.1.tar

2.Change directory location to sig_licensing-log4j-HF-6.2-and-6.2.1

              cd ./sig_licensing-log4j-HF-6.2-and-6.2.1

3.Run HotFix installer script

              ./installer_sig_licensing-log4j-HF-6.2-and-6.2.1.sh

5. Verification steps
    a. Run below command
        cksum /opt/VRTSvlic/tele/bin/TelemetryCollector.jar
       
    b. cksum value from step a above should be "1094323138 5760658 /opt/VRTSvlic/tele/bin/TelemetryCollector.jar"


REMOVING THE PATCH
------------------
NONE


SPECIAL INSTRUCTIONS
--------------------
1. Please ignore warning messages during patch upgrade.

2. After patch upgrade, you may observe  messages like "This instance of InfoScale is not registered with Veritas" in syslogs. You may also observe same message in syslogs at every 90 days interval.
This has no functional impact and it can be ignored.

3. Supported InfoScale versions : InfoScale 6.2 and InfoScale 6.2.1


OTHERS
------
NONE


 

Applies to the following product releases

Cluster File System 6.2
Release date: 2014-12-01
End of standard support: To be determined
Sustaining support starts: To be determined
End of support life: To be determined
Dynamic Multi-Pathing 6.2
Release date: 2014-12-01
End of standard support: 2020-10-04
Sustaining support starts: To be determined
End of support life: To be determined
Storage Foundation 6.2
Release date: 2014-11-30
End of standard support: 2020-10-04
Sustaining support starts: 2022-12-30
End of support life: 2028-12-30

Update files

 File name Description Version Platform Size