Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Log4j - Log4Shell Critical 10/10 vulnerbility 11

Status
Not open for further replies.
Biggest problem now is the One-X portal and Web collaboration.

Those files both gives a 'corrupted' message once we try to upgrade.
 
I still never had a 'corrupted' message.
But it may help to stop One-X Portal service before uploading files.

I had best results when doing it in this order:
- upload all the files, wail a moment
- update Webcontrol. Need to login again.
- Ignore if it still show as being on the old version.
- 'update all' with the respective button in one go.
- reboot, check if all good.
 
Webcontrol just fail to update at our systems.

We do as you told. Then when we update webcontrol, it gives us a message 'webcontrol not running' Then we are not able to logon again.

after restart the webcontrol via CLI, it's just on the 'old' version and we're back where we started.

 
Did you follow this @Okkie?

Deploying critical patch on Server Edition and Application Server

Please follow the exact sequence mentioned below.

Login to Web Control Panel.
Navigate to the ‘Settings->General’ and upload the RPM using ‘Applications’ options.
Navigate to the ‘Updates’ tab.
Apply the patch to ‘webcontrol’ service using the RPM provided for Sever Edition.
Apply the patch to ‘one-X Portal’ service.
Apply the patch to ‘Web Collaboration’ service.
Apply the patch to ‘WebRTC Gateway’ service.
Apply the patch to ‘Media Manager’ service.
Verify the versions in services tab of Web Control Panel match the artifact versions.
 
Yes, we did.
 
I have patched our Lab IPOSE as well as a customer now, I updated the RPMs in no particular order (I didn't read about the specific order), and while I got some errors about corrupted RPMs I just kept uploading them again and trying again, eventually it went through and updated all the packages.

So my advice for anyone getting 'corrupted rpm' messages, just keep re-uploading and trying again. I used Chrome.

Cheers,
BFG9K
Avaya IPO/ACCS Technician
Melbourne, Australia
 
The download address for the 1.2 is wrong
Avaya buggered it up, the download is not IPO00009417 but IPO00009415 if you search for it

the link is changed in the last digit to 5 from 7
Addendum:
That is the old download so maybe they didn't release the new one yet or pulled it because it makes the system blow smoke or something.


Joe
FHandw, ACSS, ACIS

"Dew knot truss yore Spell Cheque
 
I will apologize in advance of this question but am a bit confused as to the files that are contained in the 11.1.2 patch folder.

The RPM files are self explanatory and are loaded using web page and application button.

But there appears to be 2 checksum files that I am an not sure what to do with them and nothing in release notes that I can find.
AvayaOneXdesktopclients_11.1.2001.90.exe.SHA256
onexportal-11.1.2001-90.RPM.SHA256

There is another file onexportal-11.1.2001-90.RPM which I assume is the one to load.

But there is no other AvayaOneXdesktopclients_11.1.2001.90.exe

So I am confused as to which files need to be uploaded.

Your insight would be appreciated.

 
Just upload all of them.
The small *.SHA256 files may be needed or not, but they are uploaded in milliseconds, so just do it.
The AvayaOneXdesktopclients_11.1.2001.90.exe will match the version of oneX portal and is then available to download from the 1XP.
 
good to know, thanks Albus2
I have to say I have not done patches on Linux in ages so I was also unsure.
But at least they have added the download now to the site.


Joe
FHandw, ACSS, ACIS

"Dew knot truss yore Spell Cheque
 
The SHA256 files are literally just SHA256 sums for the files, if you open them in notepad you will get a string, it should match the SHA256 hash for each of the files.

They're hashfiles, and you should be comparing them to the file hashes to make sure they haven't been corrupted.

Cheers,
BFG9K
Avaya IPO/ACCS Technician
Melbourne, Australia
 
Thanks for responses. I'll try it tomorrow

 
To answer my comment above about 'GroGroundhog Day'.

There are several options to fix the initial problem:
Log4j 2.x mitigation: Implement one of the mitigation techniques below.
[ul]
[li]Java 8 (or later) users should upgrade to release 2.16.0 (now 2.17).[/li]
[li]Java 7 user should upgrade to release 2.12.2 (now 2.12.3).[/li]
[li]Remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class[/li]
[/ul]

Avaya did upgrade to 2.16 but also remove the JndiLookup class.
If I understand correctly, they are not exposed to CVE-2021-45105 because of this.
In addition, the issue which is solved by 2.17 is 'only' a DOS (Denial of Service) attack. The initial problem was a RCE (Remote Code Execution).
 
@BFG9K
Right, they just hold the checksum.

But is this file only provided to us for verifying the download?
They could also just have this info on the download page. I do check large downloads when this information is available.

Or is it also used by the system itself?

Anyway, why are only some of them available and not all?
I don't know. However, it only takes a second to upload them, so unless someone explains it, I will upload them. [wink]
 
Hi Guys,

Sorry if this has been addressed above, I have skimmed through and couldn't see it.

We have a customer on R11 with a Windows Server installation of One-X Portal. We have upgraded them to the latest R11 version, and run the Log4j patch, but when they do a search of the C drive for Log4j they still see version 2.12.1, which is one of the vulnerable versions. Do you know what this patch is designed to do? Should it have been upgraded to a none affected version (2.17.0 I believe), or have they nullified the vulnerability in some other way?

I need to reassure the customer that the patch has resolved the vulnerability.

Thanks!

Joe

Joe Newton
 
Am I reading this correctly, that to patch the IPO, it has to be on release R11.1 Feature Pack 2? Meaning most my customers would have to be ungraded first?

Also: "Apply the patch to ‘one-X Portal’ service." - The file incudes two versions? Is one or the other used? Both used?

oneXportal-11.1.2001-90.rpm
oneXportal-11.1.2001-90.rpm.SHA256


ACSS
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top