vRealize Business for Cloud 7.6 Security release for VMSA-2021-0028
Article ID: 312295
Updated On:
Products
Issue/Introduction
• CVE-2021-44228, CVE-2021-45046 - VMSA-2021-0028
Symptoms:
NA
Environment
Cause
Resolution
We have upgraded log4j libraries to 2.17.1 version to resolve these vulnerabilities. Download and install/upgrade the correct Security Patch version that matches your version of vRealize Business for Cloud.
1. Download the vRealize Business for Cloud 7.6 Security Patch ISO or OVF file from the VMware Downloads page.
Note: Select vRealize Business for Cloud as the Product and select 7.6.0 as the version and click Search.
Select the option below.
| Release Name | Release Date | Build Number | File Name | File Type |
| vRealize Business for Cloud 7.6 security release | 02/07/2022 | 19293145 | http://build-squid.eng.vmware.com/build/mts/release/bora-19293145/publish/exports/iso/vRealize-Business-for-Cloud-7.6.0.53350-19293145-updaterepo.iso | ISO |
| Business for Cloud 7.6 security release | 02/07/2022 | 19293145 | http://build-squid.eng.vmware.com/build/mts/release/bora-19293145/publish/exports/ova/vRealize-Business-for-Cloud-7.6.0.53350-19293145_OVF10.ova | OVA |
2. Connect the vRealize Business for Cloud Server Appliance CD-ROM drive to the ISO file that you downloaded.
3. Log in to the VAMI console at https://vRealize_Business_for_Cloud_IP_address:5480 using root credentials.
4. If you have registered with vRealize Automation, you must unregister vRealize Business for Cloud. If you have registered with VMware Identity Manager, ignore this step.
5. Click Settings.
6. Under Update Repository, select Use CD-ROM Updates and mount the path where you have uploaded ISO file.
7. Click Save Settings.
8. Click Check Updates to see the available updates and then click the Install Updates option.
9. After a successful upgrade, verify the updated version number of the appliance.
10. If you had registered with vRealize Automation, re-register vRealize Business for Cloud with vRealize Automation. If you have registered with VMware Identity Manager, ignore this step.
Workaround:
NA
Additional Information
Known Issues
• While upgrading to the security patch, you may experience a kernel boot filesystem error.
If this issue occurs, the /opt/vmware/var/log/vami/updatecli.log file will show errors similar to:
Preparing packages...
installing package kernel-default-4.12.14-122.26.1.x86_64 needs 4MB on the /boot filesystem
[ERROR] Failed with exit code 65024
To resolve this issue, move the old kernel files to the /tmp folder.
1. Log into the vRealize Business for Cloud VM via SSH.
2. Run the following commands to create a /tmp/boot folder and move the old kernel files:
mkdir /tmp/boot
cd /boot/
mv vmlinu* initr* /tmp/boot
3. Perform the upgrade again via the VAMI UI, following the steps above in the Resolution section.
• While upgrading to the security patch, you may experience a file conflict error.
If this issue occurs, the /opt/vmware/var/log/vami/updatecli.log file will show errors similar to:
Preparing packages...
file /usr/share/man/man5/netconfig.5.gz from install of libtirpc-netconfig-1.0.1-17.13.1.x86_64 conflicts with file from package libtirpc1-0.2.3-12.3.x86_64
[ERROR] Failed with exit code 65024
To resolve this issue, follow the below steps to remove the old libtirpc1-0.2.3-12.3.x86_64 SUSE package.
1. Log into the vRealize Business for Cloud VM via SSH.
2. Run the below command to remove the old package:
zypper remove libtirpc1
Note: You will be prompted to key in [y/n] to proceed further; press y and wait for it to complete the operation.
3. Perform the upgrade again via the VAMI UI, following the steps above in the Resolution section.
Change Log:
- February 4th, 2022 - 2:30 PM IST - Added information about resolution remediates CVE-2021-45046
Impact/Risks:
It is recommended to take snapshots before upgrading to security release.
Feedback
