Filr 3.0 Security Update 3

  • Document ID:7022568
  • Creation Date:18-Jan-2018
  • Modified Date:18-Jan-2018
    • Micro Focus Products:
      Filr

Environment

Micro Focus Filr 3

Situation

Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).

Resolution

Overview:
This update is intended to address the issues outlined in the following TID:
  1. TID 7022541 - Meltdown and Spectre vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

System Requirements:
This update can be applied to a Filr site that is currently on any one of the following versions:

Micro Focus Filr Appliance version: 3.3
Micro Focus Filr Appliance version: 3.2.2
Micro Focus Filr Appliance version: 3.2.1
Micro Focus Filr Appliance version: 3.2
Micro Focus Filr Appliance version: 3.1.1
Micro Focus Filr Appliance version: 3.1
Micro Focus Filr Appliance version: 3.0.0.149 (equivalent of Filr 3.0 - Security Update 1)
Micro Focus Filr Appliance version: 3.0.0.148

Micro Focus Filr Search Appliance version: 3.3
Micro Focus Filr Search Appliance version: 3.2.1
Micro Focus Filr Search Appliance version: 3.0.0.122 (equivalent of Filr 3.0 - Security Update 1)
Micro Focus Filr Search Appliance version: 3.0.0.121

Micro Focus Filr MySQL Appliance version: 3.3
Micro Focus Filr MySQL Appliance version: 3.2.1
Micro Focus Filr MySQL Appliance version: 3.2
Micro Focus Filr MySQL Appliance version: 3.0.0.43 (equivalent of Filr 3.0 - Security Update 1)
Micro Focus Filr MySQL Appliance version: 3.0.0.42

Important Notes:
  • This update is provided via the Filr Online Update channel accessible via the Filr Appliance Configuration console (port 9443).
  • This update is required on the Filr, Filr Search and Filr MySQL appliance(s) in your deployment.
  • A reboot is required after applying this update.
  • The updates may take up to 20 minutes to complete depending on the number of updates being applied. For example, if you are updating from Filr 3.0 all the way to Security Update 3, it may take up to 20 minutes for the update progress bar to complete. We recommend that you wait for the progress bar to complete and not disrupt the update process.
  • Recommended: Stop Filr service and update the Filr MySQL and Filr Search appliances first before updating the Filr appliance(s).
  • An equivlent patch for Filr 2.0 is available via the Micro Focus Patch Finder under Filr 2.0.

Installation:
This update is provided via the Filr Online Update Channel. Please follow these steps on all Filr, Filr Search and Filr MySQL appliance(s) in your Filr deployment:
  1. Stop the Filr service on all Filr nodes and repeat Steps 2-7 in the following order: MySQL appliance first, then Search appliance(s) and Filr appliance(s) last.
  2. Login to the Filr Appliance Config (https://hostname:9443) as 'vaadmin' and select the Online Update icon.
  3. Toggle to the 'Needed Patches' in the patches download until you see the 'Filr 3.0 Security Update 3' patch update and then click 'Update Now' button.
    In the 'Update Now' pop-up, select:
       All Needed Patches: If you want to install all available updates
       Security patches only: If you want to install the Security Updates only

    Also select both of the following options:
    a. Automatically agree with all license agreements
    b. Automatically install all interactive patches
  4. Hit OK to apply the update.
  5. Toggle to the 'Installed Patches' in the patches download and verify the 'Filr 3.0 Security Update 3' patch update is shown as Installed.
  6. Reboot the appliance.
(Optional) Verify the Kernel update on each appliance in your Filr deployment:
  1. If SSH is not running, login to the Filr/Search/MySQL Appliance Config (https://hostname:9443) and Start SSH from System Services.
  2. Using a SSH client such as putty, connect to the appliance and run this command to verify that the kernel version matches 3.0.101-108.21.1:
    rpm -qa kernel*

Known Issues:
  1. After the patch is installed, the appliance version remains unchanged. For example, if you applied this update on a Filr 3.3 system, it would remain at 3.3 even after this update is applied.
    This is a known issue and can be ignored as long as you can see 'Filr 3 Security Update 3' under 'Installed Patches'.

  2. The update progress bar shows progress but patch update never completes. This usually happens if the two options (shown in Steps 4a/4b above) are not selected.
    To fix this problem, please cancel out of the update page and try installing the update again with the two options selected.

  3. It's been 20 minutes and the update progress bar is still spinning. Is it stuck?
    As noted in the Important Notes above, it may take up to 20 minutes for all updates to be applied depending on how many updates need to be applied. We recommend that you wait for the progress bar to complete and not disrupt the update process for at least 30 minutes before contacting Micro Focus Customer Care. If you have cancelled out of the browser, and updates are no longer showing under 'Needed patches', chances are that the updates are still being applied in the background and the activity should be logged in the /var/log/zypp/history file.

  4. If configuring a new Filr 3.0 system for Online Updates for the first time using "SMT Server" or with a "Proxy Server", the registration may fail if the Filr server is in a private network.
    To fix this problem, please consult KB 7020906 for Proxy configuration and/or KB 7018759  for SMT configuration.

Technical Support Information:
If you need help or have questions about this patch, please contact Micro Focus Customer Care.

Additional Information

This information is made available from the Filr 3.0 - Security Update 3 patch download page available at Micro Focus Patch Finder.

Security Fixes:
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

More information about Spectre and Meltdown vulnerabilities at:

https://spectreattack.com/
https://meltdownattack.com/