Jsmart
03-25-2010, 04:20 PM
We have identified a security vulnerability in the 64-bit CentOS VDS template application that is distributed with AppLogic 2.8.9. Specifically, the vulnerable application is the VDS64_CentOS50_r16 template (VDS64_CentOS50_r16-1.0.17-1.tar).
If you have this template installed you should NOT use it to deploy any applications prior to installing the new hotfix. If you have already created instances of the template application, you can use the hotfix below to remove the vulnerability and ensure that any new instances will be created without the vulnerability.
Other template applications are NOT affected; the CentOS 64 bit template on releases other than AppLogic 2.8.9 are not affected.
Hotfix hf3553 for AppLogic 2.8.9 has been created to resolve this issue. hf3553 is a mandatory hotfix for AppLogic 2.8.9. This hotfix updates (a) the AppLogic distribution (which can then be used to deploy new AppLogic systems with the vulnerable application fixed) and (b) existing AppLogic 2.8.9 system installations.
This hotfix can only be used with AppLogic version 2.8.9.
Installing the hotfix and resolving the vulnerability does not require downtime of the system or any applications created from the affected template.
The hotfix updates:
- the AppLogic distribution, so that new systems installed will not contain the vulnerable application template
- the VDS_CentOS50 template application on existing AppLogic installations, so that new application instances created from this template will not be vulnerable
- optionally, you can supply a list of application instances created from the affected template that will be secured; the instances may be running or stopped. If they are running, the hotfix secures the instance without causing downtime; if they are not running, the hotfix secures the instance for future operation.
Your system may contain vulnerable applications if:
- you have AppLogic 2.8.9 AND you don't see hf3553 listed next to the AppLogic version on the dashboard (or displayed by the "grid info" CLI command), AND
- you have template application VDS64_CentOS50_r16 in your application list, OR
- you have created application instances from the VDS64_CentOS50_r16 template
When the hotfix is applied, you might see:
- the text "hf3553" is shown next to the AppLogic version on the dashboard (or displayed by the "grid info" CLI command), or
- the version of the VDS_CentOS50 template is r18 (VDS_CentOS50_r18) or higher
If you use AppLogic through one of our service provider partners, please contact your service provider to have this hotfix applied.
If you are a service provider you can see details on this hotfix here:
http://wiki.3tera.net/bin/view/AppLogic27/HotFixHf3553. Existing customers can contact customer support for more information.
Regards,
3tera Support
If you have this template installed you should NOT use it to deploy any applications prior to installing the new hotfix. If you have already created instances of the template application, you can use the hotfix below to remove the vulnerability and ensure that any new instances will be created without the vulnerability.
Other template applications are NOT affected; the CentOS 64 bit template on releases other than AppLogic 2.8.9 are not affected.
Hotfix hf3553 for AppLogic 2.8.9 has been created to resolve this issue. hf3553 is a mandatory hotfix for AppLogic 2.8.9. This hotfix updates (a) the AppLogic distribution (which can then be used to deploy new AppLogic systems with the vulnerable application fixed) and (b) existing AppLogic 2.8.9 system installations.
This hotfix can only be used with AppLogic version 2.8.9.
Installing the hotfix and resolving the vulnerability does not require downtime of the system or any applications created from the affected template.
The hotfix updates:
- the AppLogic distribution, so that new systems installed will not contain the vulnerable application template
- the VDS_CentOS50 template application on existing AppLogic installations, so that new application instances created from this template will not be vulnerable
- optionally, you can supply a list of application instances created from the affected template that will be secured; the instances may be running or stopped. If they are running, the hotfix secures the instance without causing downtime; if they are not running, the hotfix secures the instance for future operation.
Your system may contain vulnerable applications if:
- you have AppLogic 2.8.9 AND you don't see hf3553 listed next to the AppLogic version on the dashboard (or displayed by the "grid info" CLI command), AND
- you have template application VDS64_CentOS50_r16 in your application list, OR
- you have created application instances from the VDS64_CentOS50_r16 template
When the hotfix is applied, you might see:
- the text "hf3553" is shown next to the AppLogic version on the dashboard (or displayed by the "grid info" CLI command), or
- the version of the VDS_CentOS50 template is r18 (VDS_CentOS50_r18) or higher
If you use AppLogic through one of our service provider partners, please contact your service provider to have this hotfix applied.
If you are a service provider you can see details on this hotfix here:
http://wiki.3tera.net/bin/view/AppLogic27/HotFixHf3553. Existing customers can contact customer support for more information.
Regards,
3tera Support