A security scan has revealed the below vulnerabilities in the Gateway 10 Azure image using the August monthly platform patch.
|CVE-2015-9289, CVE-2017-17807, CVE-2018-7191, CVE-2018-20169, CVE-2019-3901, CVE-2019-9503, CVE-2019-10207, CVE-2019-11884, CVE-2019-12382, CVE-2019-13233, CVE-2019-13648, CVE-2019-14283, CVE-2019-15916, CVE-2019-16746, CVE-2019-18660, CVE-2018-19985, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-15221|
|CVE-2019-11487, CVE-2019-17666, CVE-2019-11135, CVE-2019-19338|
The kernel vulnerabilities are addressed in the August monthly platform patch. However, after the patch is installed, the Gateway is supposed to pick up kernel-3.10.0-1127.18.2.el7.x86_64.rpm but is still stuck with kernel-3.10.0-1062.12.1.el7.x86_64.
Release : 10.0
Component : API GATEWAY
To make sure the Gateway is able to pick up the latest kernel a temporary fix has been created, see the attached update_grub_config.sh.
Once the script is executed, all the missing kernel entries will be added to /boot/grub2/grub.cfg file from /etc/grub2.cfg - this is the actual file that gets updated whenever we install new kernel rpm's. A soft link has also been added to /etc/grub2.cfg so that it will take care of future kernel updates.
This will be addressed in the September 2020 platform patch.
Steps to execute the script:
1. copy the script to Azure VM
2. add the execution permissions: chmod 755 <script path>/update_grub_config.sh
3. execute the shell script