* * * READ ME * * *
* * * InfoScale 8.0.2 * * *
* * * Patch 1100 * * *
Patch Date: 2023-07-28
This document provides the following information:
* PATCH NAME
* OPERATING SYSTEMS SUPPORTED BY THE PATCH
* PACKAGES AFFECTED BY THE PATCH
* BASE PRODUCT VERSIONS FOR THE PATCH
* SUMMARY OF INCIDENTS FIXED BY THE PATCH
* DETAILS OF INCIDENTS FIXED BY THE PATCH
* INSTALLATION PRE-REQUISITES
* INSTALLING THE PATCH
* REMOVING THE PATCH
PATCH NAME
----------
InfoScale 8.0.2 Patch 1100
OPERATING SYSTEMS SUPPORTED BY THE PATCH
----------------------------------------
RHEL8 x86-64
PACKAGES AFFECTED BY THE PATCH
------------------------------
VRTSaslapm
VRTSvcs
VRTSveki
VRTSvxvm
BASE PRODUCT VERSIONS FOR THE PATCH
-----------------------------------
* InfoScale Availability 8.0.2
* InfoScale Enterprise 8.0.2
* InfoScale Foundation 8.0.2
* InfoScale Storage 8.0.2
SUMMARY OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
Patch ID: VRTSveki-8.0.2.1100
* 4118568 (4110457) Veki packaging were failing due to dependency
Patch ID: VRTSvxvm-8.0.2.1100
* 4125322 (4119950) Security vulnerabilities exists in third party components [curl and libxml].
Patch ID: VRTSvcs-8.0.2.1100
* 4124702 (4103073) Upgrading Netsnmp component to fix security vulnerabilities .
DETAILS OF INCIDENTS FIXED BY THE PATCH
---------------------------------------
This patch fixes the following incidents:
Patch ID: VRTSveki-8.0.2.1100
* 4118568 (Tracking ID: 4110457)
SYMPTOM:
Veki packaging failure due to missing of storageapi specific files
DESCRIPTION:
While creating the build area for different components like GLM, GMS, ORAODM, unixvm, VxFS veki build area creation were failing because of storageapi changes
were not taken care in the Veki mk-symlink and build scripts.
RESOLUTION:
Added support for creation of storageapi build area, storageapi packaging changes via veki, and storageapi build via veki from Veki makefiles.
This is helping to package the storageapi along with veki and resolving all interdependencies
Patch ID: VRTSvxvm-8.0.2.1100
* 4125322 (Tracking ID: 4119950)
SYMPTOM:
Vulnerabilities have been reported in third party components, [curl and libxml] that are used by VxVM.
DESCRIPTION:
Third party components [curl and libxml] in their current versions, used by VxVM have been reported with security vulnerabilities which
needs
RESOLUTION:
[curl and libxml] have been upgraded to newer versions in which the reported security vulnerabilities have been addressed.
Patch ID: VRTSvcs-8.0.2.1100
* 4124702 (Tracking ID: 4103073)
SYMPTOM:
Security vulnerabilities present in existing version of Netsnmp.
DESCRIPTION:
Upgrading Netsnmp component to fix security vulnerabilities
RESOLUTION:
Upgrading Netsnmp component to fix security vulnerabilities for security.
INSTALLING THE PATCH
--------------------
Run the Installer script to automatically install the patch:
-----------------------------------------------------------
Please be noted that the installation of this P-Patch will cause downtime.
To install the patch perform the following steps on at least one node in the cluster:
1. Copy the patch infoscale-rhel8_x86_64-Patch-8.0.2.1100.tar.gz to /tmp
2. Untar infoscale-rhel8_x86_64-Patch-8.0.2.1100.tar.gz to /tmp/hf
# mkdir /tmp/hf
# cd /tmp/hf
# gunzip /tmp/infoscale-rhel8_x86_64-Patch-8.0.2.1100.tar.gz
# tar xf /tmp/infoscale-rhel8_x86_64-Patch-8.0.2.1100.tar
3. Install the hotfix(Please be noted that the installation of this P-Patch will cause downtime.)
# pwd /tmp/hf
# ./installVRTSinfoscale802P1100 [<host1> <host2>...]
You can also install this patch together with 8.0.2 base release using Install Bundles
1. Download this patch and extract it to a directory
2. Change to the Veritas InfoScale 8.0.2 directory and invoke the installer script
with -patch_path option where -patch_path should point to the patch directory
# ./installer -patch_path [<path to this patch>] [<host1> <host2>...]
Install the patch manually:
--------------------------
Manual installation is not recommended.
REMOVING THE PATCH
------------------
Manual uninstallation is not recommended.
SPECIAL INSTRUCTIONS
--------------------
Vulnerability fixed:
CVE-2023-29469 (BDSA-2023-0811), CVE-2023-28484 (BDSA-2023-0813), CVE-2023-28322 (BDSA-2023-1238), CVE-2023-28319 (BDSA-2023-1234), CVE-2023-28321 (BDSA-2023-1237), CVE-2023-28320 (BDSA-2023-1233), CVE-2022-32221 (BDSA-2022-3049), CVE-2023-23914 (BDSA-2023-0305), CVE-2022-43551 (BDSA-2022-3659), CVE-2022-42916 (BDSA-2022-3047), CVE-2023-27533 (BDSA-2023-0598), CVE-2023-28319 (BDSA-2023-1234), CVE-2023-27534 (BDSA-2023-0599), CVE-2022-42915 (BDSA-2022-3050), CVE-2023-28322 (BDSA-2023-1238), CVE-2023-28320 (BDSA-2023-1233), CVE-2023-27538 (BDSA-2023-0608), CVE-2023-23915 (BDSA-2023-0312), BDSA-2022-1295, BDSA-2023-0018, CVE-2022-43552 (BDSA-2022-3660), CVE-2023-27536(BDSA-2023-0606), CVE-2023-28321 (BDSA-2023-1237), CVE-2023-23916 (BDSA-2023-0316), CVE-2022-35260 (BDSA-2022-3051), CVE-2023-27535 (BDSA-2023-0603), BDSA-2022-2160, BDSA-2022-2281, BDSA-2022-2282, BDSA-2022-2279, BDSA-2022-2150, BDSA-2022-2280.
OTHERS
------
NONE