ZCS 7.0, 6.0.x, and 5.0.x Security Patch Instructions: Difference between revisions
No edit summary |
No edit summary |
||
(19 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
'''''Note''': | {{Archive}}'''''Note''': | ||
*This advisory does not apply to ZCS 7.0.1 and 6.0.11 as | *This advisory '''does not''' apply to ZCS releases 7.0.1 and 6.0.11 as they include JDK 1.6u24, which has the security patch from Oracle. | ||
*This advisory does not apply to Zimbra OSX 10.4 | *This advisory '''does not''' apply to Zimbra OSX 10.4. | ||
*Read the [http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html FPUpdater Tool README] before performing this update'' | *Read the [http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html FPUpdater Tool README] before performing this update.'' | ||
Line 8: | Line 8: | ||
== Overview == | == Overview == | ||
Oracle has issued '''Oracle Security Alert for CVE-2010-4476''' that affects ZCS releases running | Oracle has issued '''Oracle Security Alert for CVE-2010-4476''' that affects ZCS releases running versions 7.0, 6.0.x, and 5.0.x. This security alert addresses “security issue CVE-2010-4476 (Java Runtime Environment hangs when converting ‘2.2250738585072012e-308’ to a binary floating-point number)”. For the full security alert, go to: | ||
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html | http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html | ||
To resolve this issue, Oracle has issued the '''FPUpdater Tool''' as a patch. If you are running ZCS 5.0.x, you may want to perform this update | To resolve this issue, Oracle has issued the '''FPUpdater Tool''' as a patch. If you are running ZCS 7.0, 6.0.x, or 5.0.x, you may want to perform this update. You can obtain this tool and README at: | ||
http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html | http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html | ||
== Example of Installing the FPUpdater Tool Patch on ZCS == | == Example of Installing the FPUpdater Tool Patch on ZCS == | ||
'''''Note''': | '''''Note''': | ||
*The following is an ''example'' of installing the '''FPUpdater Tool''' patch on ZCS and may vary from your update. | |||
*The following is an ''example'' of installing the '''FPUpdater Tool''' patch on ZCS and may vary from your update | |||
*Be sure to run the Java version located at '''/opt/zimbra/java/bin''' | *Be sure to run the Java version located at '''/opt/zimbra/java/bin''' | ||
*A full backup should be performed before any patch is applied'' | *A full backup should be performed before any patch is applied.'' | ||
Line 28: | Line 26: | ||
2. On your system, confirm you are running a ''ZCS 5.0.x version''. Enter '''zmcontrol -v''' | 2. On your system, confirm you are running a ''ZCS 7.0, 6.0.x or 5.0.x version''. Enter '''zmcontrol -v''' | ||
[zimbra@example ~]$ zmcontrol -v | [zimbra@example ~]$ zmcontrol -v | ||
Line 34: | Line 32: | ||
3. Run '''zmcontrol status''' to verify the ZCS server is running | 3. Run '''zmcontrol status''' to verify the ZCS server is running. | ||
[zimbra@example ~]$ zmcontrol status | [zimbra@example ~]$ zmcontrol status | ||
Line 69: | Line 67: | ||
5. As root, unzip the FPUpdater Tool patch. Be sure to place the zip file in the ''tmp'' directory | 5. As root, unzip the FPUpdater Tool patch. Be sure to place the zip file in the ''tmp'' directory. | ||
cd /tmp | cd /tmp | ||
Line 85: | Line 83: | ||
===== Example of the FPUpdater Tool script installing on ZCS ===== | ===== Example of the FPUpdater Tool script installing on ZCS ===== | ||
'''Note:''' Your output will differ'' | |||
[root@example tmp]# cd /opt/zimbra/jdk1.5.0_20/jre/lib | [root@example tmp]# cd /opt/zimbra/jdk1.5.0_20/jre/lib | ||
java.home: /opt/zimbra/jdk1.5.0_20/jre | java.home: /opt/zimbra/jdk1.5.0_20/jre | ||
Line 107: | Line 105: | ||
7. Confirm the patch files ''rt.jar.fpupdater'', ''rt.jar'', and ''.fpupdater.log'' are installed successfully. Cd to ''/opt/zimbra/java/jre/lib'' to confirm. Note "0" bytes for *.log is correct | 7. Confirm the patch files ''rt.jar.fpupdater'', ''rt.jar'', and ''.fpupdater.log'' are installed successfully. Cd to ''/opt/zimbra/java/jre/lib'' to confirm. | ||
'''Note:''' "0" bytes for *.log is correct. | |||
-rw-r--r-- 1 root root 40218589 Feb 28 12:22 rt.jar.fpupdater | -rw-r--r-- 1 root root 40218589 Feb 28 12:22 rt.jar.fpupdater | ||
Line 118: | Line 117: | ||
8. As Zimbra, '''su – zimbra''', enter '''zmcontrol start''' to restart ZCS for changes to take effect | 8. As Zimbra, '''su – zimbra''', enter '''zmcontrol start''' to restart ZCS for changes to take effect. | ||
[root@example lib]# su – zimbra | [root@example lib]# su – zimbra | ||
Line 153: | Line 152: | ||
{{Article Footer|5.0.x|3/1/2011}} | {{Article Footer|7.0, 6.0.x, 5.0.x|3/1/2011}} | ||
[[Category: ZCS 7.0]] | |||
[[Category: ZCS 6.0]] | |||
[[Category: ZCS 5.0]] | [[Category: ZCS 5.0]] |
Latest revision as of 16:56, 25 March 2015
Note:
- This advisory does not apply to ZCS releases 7.0.1 and 6.0.11 as they include JDK 1.6u24, which has the security patch from Oracle.
- This advisory does not apply to Zimbra OSX 10.4.
- Read the FPUpdater Tool README before performing this update.
Overview
Oracle has issued Oracle Security Alert for CVE-2010-4476 that affects ZCS releases running versions 7.0, 6.0.x, and 5.0.x. This security alert addresses “security issue CVE-2010-4476 (Java Runtime Environment hangs when converting ‘2.2250738585072012e-308’ to a binary floating-point number)”. For the full security alert, go to: http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
To resolve this issue, Oracle has issued the FPUpdater Tool as a patch. If you are running ZCS 7.0, 6.0.x, or 5.0.x, you may want to perform this update. You can obtain this tool and README at: http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
Example of Installing the FPUpdater Tool Patch on ZCS
Note:
- The following is an example of installing the FPUpdater Tool patch on ZCS and may vary from your update.
- Be sure to run the Java version located at /opt/zimbra/java/bin
- A full backup should be performed before any patch is applied.
1. Obtain the FPUpdater Tool from Oracle at:
http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
2. On your system, confirm you are running a ZCS 7.0, 6.0.x or 5.0.x version. Enter zmcontrol -v
[zimbra@example ~]$ zmcontrol -v Release 5.0.26_GA_3366.RHEL4_20101215133223 RHEL4 NETWORK edition
3. Run zmcontrol status to verify the ZCS server is running.
[zimbra@example ~]$ zmcontrol status Host example.eng.vmware.com antispam Running antivirus Running archiving Running convertd Running ldap Running logger Running mailbox Running mta Running snmp Running spell Running stats Running
4. Stop ZCS. Enter zmcontrol stop
[zimbra@example ~]$ zmcontrol stop Host zqa-052.eng.vmware.com Stopping stats...Done Stopping mta...Done Stopping spell...Done Stopping snmp...Done Stopping archiving...Done Stopping antivirus...Done Stopping antispam...Done Stopping imapproxy...Done Stopping mailbox...Done Stopping convertd...Done Stopping logger...Done Stopping ldap...Done
5. As root, unzip the FPUpdater Tool patch. Be sure to place the zip file in the tmp directory.
cd /tmp [root@example tmp]# unzip ./fpupdater-1_0.zip Archive: ./fpupdater-1_0.zip creating: fpupdater/ inflating: fpupdater/fpupdater.jar
6. As root, run the FPUpdater Tool patch. Be sure to run the ZCS Java version in /opt/zimbra/java/bin
/opt/zimbra/java/bin/java -jar fpupdater/fpupdater.jar –u
Example of the FPUpdater Tool script installing on ZCS
Note: Your output will differ
[root@example tmp]# cd /opt/zimbra/jdk1.5.0_20/jre/lib java.home: /opt/zimbra/jdk1.5.0_20/jre java.vendor: Sun Microsystems Inc. java.version: 1.5.0_20 os.name: Linux Checking for update for major: 1.5.0 minor: 20 Retrieved update jar file from tool: /opt/zimbra/jdk1.5.0_20/jre/tmpUpdate1559471137797517925/tmpUpdate9221570560858611948.jar Updating files. Please note this can take several minutes to run. Allow FPUpdater tool to complete. Jar file /opt/zimbra/jdk1.5.0_20/jre/lib/rt.jar.fpupdater successfully verified. Done backup of rt.jar to /opt/zimbra/jdk1.5.0_20/jre/lib/rt.jar.fpupdater Made working copy of rt.jar: /opt/zimbra/jdk1.5.0_20/jre/lib/tmpUpdate1977471307117885279/copyofRt.jar Jar file /opt/zimbra/jdk1.5.0_20/jre/lib/tmpUpdate1977471307117885279/copyofRt.jar succesfully verified. Moving working copy of rt.jar back to live rt.jar. Update applied successfully to java.home path : /opt/zimbra/jdk1.5.0_20/jre
7. Confirm the patch files rt.jar.fpupdater, rt.jar, and .fpupdater.log are installed successfully. Cd to /opt/zimbra/java/jre/lib to confirm.
Note: "0" bytes for *.log is correct.
-rw-r--r-- 1 root root 40218589 Feb 28 12:22 rt.jar.fpupdater -rw-r--r-- 1 root root 40211603 Feb 28 12:22 rt.jar -rw-r--r-- 1 root root 0 Feb 28 12:22 .fpupdater.log drwxr-xr-x 6 root root 4096 Feb 28 12:22 .. drwxr-xr-x 17 root root 4096 Feb 28 12:22 . [root@example lib]# pwd /opt/zimbra/jdk1.5.0_20/jre/lib
8. As Zimbra, su – zimbra, enter zmcontrol start to restart ZCS for changes to take effect.
[root@example lib]# su – zimbra [zimbra@example ~]$ zmcontrol start Host example.eng.vmware.com Starting ldap...Done. Starting logger...Done. Starting convertd...Done. Starting mailbox...Done. Starting antispam...Done. Starting antivirus...Done. Starting archiving...Done. Starting snmp...Done. Starting spell...Done. Starting mta...Done. Starting stats...Done.
9. To verify the server is running, enter zmcontrol status
[zimbra@example ~]$ zmcontrol status Host example.eng.vmware.com antispam Running antivirus Running archiving Running convertd Running ldap Running logger Running mailbox Running mta Running snmp Running spell Running stats Running