ZCS 5.0.x Patch Instructions: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
'''''Note''': | '''''Note''': | ||
*This advisory does not apply to Zimbra OSX 10.4 | *This advisory does not apply to Zimbra OSX 10.4 | ||
*Read the FPUpdater Tool README, available from Oracle at the link below, before performing this update | *Read the [http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html FPUpdater Tool README], available from Oracle at the link below, before performing this update'' | ||
Line 10: | Line 10: | ||
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html | http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html | ||
To resolve this issue, Oracle has issued the '''FPUpdater Tool''' as a patch. If you are running ZCS 5.0.x, you may want to perform this update and can obtain this tool and README at: | To resolve this issue, Oracle has issued the '''FPUpdater Tool''' as a patch. If you are running ZCS 5.0.x, you may want to perform this update and you can obtain this tool and README at: | ||
http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html | http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html | ||
Line 17: | Line 17: | ||
'''''Note''': | '''''Note''': | ||
*Read the | *Read the [http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html FPUpdater Tool README] before performing this update | ||
*The following is an ''example'' of installing the '''FPUpdater Tool''' patch on ZCS and may vary from your update | *The following is an ''example'' of installing the '''FPUpdater Tool''' patch on ZCS and may vary from your update | ||
*Be sure to run the Java version located at '''/opt/zimbra/java/bin''' | *Be sure to run the Java version located at '''/opt/zimbra/java/bin''' | ||
Line 33: | Line 33: | ||
3. Run '''zmcontrol status''' to verify the ZCS server is running | 3. Run '''zmcontrol status''' to verify the ZCS server is running | ||
[zimbra@example ~]$ zmcontrol status | [zimbra@example ~]$ zmcontrol status | ||
Line 68: | Line 68: | ||
5. As root, unzip the FPUpdater Tool patch. Be sure to place the zip file in the ''tmp'' directory | 5. As root, unzip the FPUpdater Tool patch. Be sure to place the zip file in the ''tmp'' directory | ||
cd /tmp | cd /tmp | ||
Line 110: | Line 110: | ||
7. Confirm the patch files ''rt.jar.fpupdater'', ''rt.jar'', and ''.fpupdater.log'' are installed successfully. Cd to ''/opt/zimbra/java/jre/lib'' to confirm. Note "0" bytes for *.log is correct | 7. Confirm the patch files ''rt.jar.fpupdater'', ''rt.jar'', and ''.fpupdater.log'' are installed successfully. Cd to ''/opt/zimbra/java/jre/lib'' to confirm. Note "0" bytes for *.log is correct | ||
-rw-r--r-- 1 root root 40218589 Feb 28 12:22 rt.jar.fpupdater | -rw-r--r-- 1 root root 40218589 Feb 28 12:22 rt.jar.fpupdater | ||
Line 121: | Line 121: | ||
8. As Zimbra, '''su – zimbra''', enter '''zmcontrol start''' to restart ZCS for changes to take effect | 8. As Zimbra, '''su – zimbra''', enter '''zmcontrol start''' to restart ZCS for changes to take effect | ||
[root@example lib]# su – zimbra | [root@example lib]# su – zimbra |
Revision as of 00:07, 2 March 2011
Note:
- This advisory does not apply to Zimbra OSX 10.4
- Read the FPUpdater Tool README, available from Oracle at the link below, before performing this update
Overview
Oracle has issued Oracle Security Alert for CVE-2010-4476 that affects ZCS releases running version 5.0.x. This security alert addresses “security issue CVE-2010-4476 (Java Runtime Environment hangs when converting ‘2.2250738585072012e-308’ to a binary floating-point number)”. For the full security alert, go to: http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
To resolve this issue, Oracle has issued the FPUpdater Tool as a patch. If you are running ZCS 5.0.x, you may want to perform this update and you can obtain this tool and README at: http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
Example of Installing the FPUpdater Tool Patch on ZCS
Note:
- Read the FPUpdater Tool README before performing this update
- The following is an example of installing the FPUpdater Tool patch on ZCS and may vary from your update
- Be sure to run the Java version located at /opt/zimbra/java/bin
- A full backup should be performed before any patch is applied
1. Obtain the FPUpdater Tool from Oracle at:
http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
2. On your system, confirm you are running a ZCS 5.0.x version. Enter zmcontrol -v
[zimbra@example ~]$ zmcontrol -v Release 5.0.26_GA_3366.RHEL4_20101215133223 RHEL4 NETWORK edition
3. Run zmcontrol status to verify the ZCS server is running
[zimbra@example ~]$ zmcontrol status Host example.eng.vmware.com antispam Running antivirus Running archiving Running convertd Running ldap Running logger Running mailbox Running mta Running snmp Running spell Running stats Running
4. Stop ZCS. Enter zmcontrol stop
[zimbra@example ~]$ zmcontrol stop Host zqa-052.eng.vmware.com Stopping stats...Done Stopping mta...Done Stopping spell...Done Stopping snmp...Done Stopping archiving...Done Stopping antivirus...Done Stopping antispam...Done Stopping imapproxy...Done Stopping mailbox...Done Stopping convertd...Done Stopping logger...Done Stopping ldap...Done
5. As root, unzip the FPUpdater Tool patch. Be sure to place the zip file in the tmp directory
cd /tmp [root@example tmp]# unzip ./fpupdater-1_0.zip Archive: ./fpupdater-1_0.zip creating: fpupdater/ inflating: fpupdater/fpupdater.jar
6. As root, run the FPUpdater Tool patch. Be sure to run the ZCS Java version in /opt/zimbra/java/bin
[root@example tmp]# cd /opt/zimbra/jdk1.5.0_20/jre/lib
- The command for running the patch is:
/opt/zimbra/java/bin/java -jar fpupdater/fpupdater.jar –u
Example of the FPUpdater Tool script installing on ZCS
Note: Your output will differ
[root@example tmp]# cd /opt/zimbra/jdk1.5.0_20/jre/lib java.home: /opt/zimbra/jdk1.5.0_20/jre java.vendor: Sun Microsystems Inc. java.version: 1.5.0_20 os.name: Linux Checking for update for major: 1.5.0 minor: 20 Retrieved update jar file from tool: /opt/zimbra/jdk1.5.0_20/jre/tmpUpdate1559471137797517925/tmpUpdate9221570560858611948.jar Updating files. Please note this can take several minutes to run. Allow FPUpdater tool to complete. Jar file /opt/zimbra/jdk1.5.0_20/jre/lib/rt.jar.fpupdater successfully verified. Done backup of rt.jar to /opt/zimbra/jdk1.5.0_20/jre/lib/rt.jar.fpupdater Made working copy of rt.jar: /opt/zimbra/jdk1.5.0_20/jre/lib/tmpUpdate1977471307117885279/copyofRt.jar Jar file /opt/zimbra/jdk1.5.0_20/jre/lib/tmpUpdate1977471307117885279/copyofRt.jar succesfully verified. Moving working copy of rt.jar back to live rt.jar. Update applied successfully to java.home path : /opt/zimbra/jdk1.5.0_20/jre
7. Confirm the patch files rt.jar.fpupdater, rt.jar, and .fpupdater.log are installed successfully. Cd to /opt/zimbra/java/jre/lib to confirm. Note "0" bytes for *.log is correct
-rw-r--r-- 1 root root 40218589 Feb 28 12:22 rt.jar.fpupdater -rw-r--r-- 1 root root 40211603 Feb 28 12:22 rt.jar -rw-r--r-- 1 root root 0 Feb 28 12:22 .fpupdater.log drwxr-xr-x 6 root root 4096 Feb 28 12:22 .. drwxr-xr-x 17 root root 4096 Feb 28 12:22 . [root@example lib]# pwd /opt/zimbra/jdk1.5.0_20/jre/lib
8. As Zimbra, su – zimbra, enter zmcontrol start to restart ZCS for changes to take effect
[root@example lib]# su – zimbra [zimbra@example ~]$ zmcontrol start Host example.eng.vmware.com Starting ldap...Done. Starting logger...Done. Starting convertd...Done. Starting mailbox...Done. Starting antispam...Done. Starting antivirus...Done. Starting archiving...Done. Starting snmp...Done. Starting spell...Done. Starting mta...Done. Starting stats...Done.
9. To verify the server is running, enter zmcontrol status
[zimbra@example ~]$ zmcontrol status Host example.eng.vmware.com antispam Running antivirus Running archiving Running convertd Running ldap Running logger Running mailbox Running mta Running snmp Running spell Running stats Running