Product: Stratusphere FIT/UX
Product Version: 5.6.x
Expires on:365 days from publish date
Updated: Sept 30, 2014
How do I address the Shellshock and Aftershock vulnerabilities.
Remediation for bash vulnerability (shell shock) in hub appliance
Please make sure you on the latest release before applying patch, See release notes on upgrading to the latest release prior to applying patch.
To address this vulnerability please update the HUB and DB Virtual Appliances along with any Network Stations..
Items Addressed in this Patch
Applied critical patches for Shellshock and Aftershock vulnerabilities. The CVE Identifiers specifically for these patches are CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE- 2014-7187.
Security Updates for RHEL and CentOS. The updates address Common Vulnerability and Exposure (CVE) Identifier CVE-2014-0221, CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE- 2014-3510, CVE-2014-0475, CVE-2014-5119, CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, and CVE-2014-3917. For additional information please refer to http://cve.mitre.org/index.html.
Please use the following process for updates:
**As with all upgrades, please take a snapshot of your appliances or secure backup**
Upgrading offline or firewall isolated Stratusphere appliances
The following section applies specifically to Stratusphere appliances running 5.6.5. If your appliances are on an earlier version please refer to the specific release version’s ‘Upgrading’ section in this document for additional instructions. To perform online/offline manual upgrades of Stratusphere appliances use the instructions below:
o Download offline upgrade packages for your virtualization platform for each appliance from the following links:
Take a snapshot of the appliance.
o Copy the appropriate offline upgrade package to the appropriate appliance using any SCP tool such as WinSCP or FileZilla. Use User ID: friend & Password: sspassword as credentials for the initiating the transfer.
o Log into the VMware console of the appliance using User ID: friend and Password: sspassword as credentials first and then switch to the root super user using command: ‘su -’ and Password: sspassword.
o If upgrading the Database appliance, please make sure you have stopped the services on the Stratusphere Hub appliance as noted in the section prior to the one above.
o On the console command line enter the following commands:
This command will take you to the folder where the upgrade packages were uploaded.
Execute this command for each version of the upgrade files starting with the oldest version first until you reach the latest version. The upgrade scripts will take care of rebooting the appliance if required.
Note: If you see a “not enough space in /” error message, please do the following:
mv /home/friend/upgradefilename.sh /var/lib/pgsql
If there are any errors during this upgrade such as “uudecode: command not found”, please contact Support@LiquidwareLabs.com.
o Perform the above steps on each appliance that needs to be upgraded.
o Once the appliance reboots, give it a few minutes to start all required services. Log into the Web UI and check the version number on the bottom of the login page and verify if it states 5.6.6 in the bottom blue ribbon. Check the Web UI for standard functionality and if all looks well, delete the snapshot taken prior to starting the upgrade, and delete the upgrade files using the following command: