Filr 2.0 Security Update 4

Security Update for Spectre and Meltdown vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).

Overview:
This update is intended to address the issues outlined in the following TID:

1. TID 7022541 - Meltdown and Spectre vulnerabilities in Filr (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)

System Requirements:
This patch should only be applied to a site that is currently on:
  Novell Filr Appliance version: 2.0.0.421-HP.493
  Novell Filr Search Appliance version: 2.0.0.398-HP.422
  Novell Filr MySQL Appliance version: 2.0.0.181-HP.204

Important Notes:

• This patch requires that your Filr site is patched with 'Filr 2.0 - Hot Patch 5'.
• This patch is applicable to the Filr, Filr Search and Filr MySQL appliances.
• The patch may take 3-5 minutes to install, DO NOT interrupt the installation until complete.
• Recommended: Stop the Filr service first and apply the patch in this order: MySQL appliance first, Search appliance(s) next, Filr appliance(s) last.
• After the patch is installed, a Reboot is required in this order: MySQL appliance first, Search appliance(s) next, Filr appliance(s) last.
• An equivalent patch for Filr 3.0 is available via the Micro Focus Patch Finder under Filr 3.0.
  

Installation:
This patch comprises of 3 zip files; one each for Filr, Search and MySQL appliances.

  a. Filr-2.0.0.494.HP.zip
  b. Search-2.0.0.423.HP.zip
  c. MySQL-2.0.0.205.HP.zip

Follow these steps to install the patch:

1. Download the patch files: (a) Filr-2.0.0.494.HP.zip (b) Search-2.0.0.423.HP.zip (c) MySQL-2.0.0.205.HP.zip
2. Recommended: Stop Filr service and apply patch in this order: MySQL, Search and then Filr last.
3. Login to the Filr/Search/MySQL Appliance Config (https://hostname:9443).
4. Under Appliance Configuration, select Field Patch icon.
5. Browse and select the patch file you downloaded in Step 1.
6. Select Install and wait for confirmation that the patch has been applied.
7. A reboot is required after this patch is applied. When rebooting, it is best to follow the following order:
   - Reboot MySQL appliance
   - Reboot Search appliance(s)
   - Reboot Filr appliance(s)
   

(Optional) Verify the Kernel update on each appliance in your Filr deployment:

1. If SSH is not running, login to the Filr/Search/MySQL Appliance Config (https://hostname:9443) and Start SSH from System Services.
2. Using a SSH client such as putty, connect to the appliance and run this command to verify that the kernel version matches 3.0.101-108.21.1:
   rpm -qa kernel*
   

Known Issues:

1. Filr service stopped / unresponsive after applying the patch.
   This patch requires a reboot after the patch is applied and accessing the Filr service prior to the reboot will not work.
   

Uninstalling:

NOTE: Uninstalling this patch from GUI will not downgrade the kernel. If you wish to revert the kernel, please contact Micro Focus Customer Care.

1. Login to the Filr/Search/MySQL Appliance Config (https://hostname:9443).
2. Under Appliance Configuration, select Field Patch icon.
3. Select 'Uninstall Latest Patch' and wait for confirmation that the patch has been uninstalled.
4. A reboot is required after this patch is uninstalled. When rebooting, it is best to follow the following order:
   - Reboot MySQL appliance
   - Reboot Search appliance(s)
   - Reboot Filr appliance(s)
   

Technical Support Information:
If you need help or have questions about this patch, please contact Micro Focus Customer Care.

This information is made available from the Filr 2.0 - Security Update 4 patch download page available at Micro Focus Patch Finder.

Security Fixes:
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

More information about Spectre and Meltdown vulnerabilities at:

https://spectreattack.com/
https://meltdownattack.com/