CVEs fixed VMware Aria Operations for Logs 8.16
Article ID: 320338
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
The following CVEs have been resolved as of VMware Aria Operations for Logs 8.16:
| Component Name | CVE |
| bind | CVE-2023-3341 |
| ch.qos.logback:logback-classic | CVE-2021-42550 |
| CVE-2023-6378 | |
| com.google.guava:guava | CVE-2018-10237 |
| commons-fileupload:commons-fileupload | CVE-2023-24998 |
| cri-o | CVE-2022-3466 |
| CVE-2022-4318 | |
| curl | CVE-2023-38039 |
| CVE-2023-38545 | |
| CVE-2023-38546 | |
| CVE-2023-52071 | |
| etcd | CVE-2022-34038 |
| gawk | CVE-2023-4156 |
| glibc | CVE-2015-20109 |
| CVE-2023-4527 | |
| CVE-2023-4806 | |
| CVE-2023-4813 | |
| CVE-2023-4911 | |
| CVE-2023-5156 | |
| golang-runtime | CVE-2023-29406 |
| CVE-2023-29409 | |
| CVE-2023-39318 | |
| CVE-2023-39319 | |
| CVE-2023-39323 | |
| CVE-2023-39326 | |
| CVE-2023-45284 | |
| CVE-2023-45285 | |
| linux_kernel | CVE-2020-12363 |
| CVE-2022-4696 | |
| CVE-2023-0386 | |
| CVE-2023-0469 | |
| CVE-2023-1872 | |
| CVE-2023-34324 | |
| CVE-2023-39189 | |
| CVE-2023-39192 | |
| CVE-2023-39193 | |
| CVE-2023-4134 | |
| CVE-2023-4244 | |
| CVE-2023-42752 | |
| CVE-2023-42753 | |
| CVE-2023-42754 | |
| CVE-2023-42755 | |
| CVE-2023-45863 | |
| CVE-2023-45871 | |
| CVE-2023-4610 | |
| CVE-2023-4622 | |
| CVE-2023-4623 | |
| CVE-2023-46813 | |
| CVE-2023-4921 | |
| CVE-2023-5178 | |
| CVE-2023-5197 | |
| CVE-2023-5717 | |
| CVE-2023-6176 | |
| CVE-2023-6560 | |
| CVE-2023-6610 | |
| CVE-2023-6622 | |
| open-vm-tools | CVE-2023-34058 |
| CVE-2023-34059 | |
| org.apache.tomcat:tomcat-util | CVE-2023-28709 |
| org.springframework:spring-core | CVE-2023-20860 |
| CVE-2023-20861 | |
| CVE-2023-20863 | |
| perl | CVE-2023-47100 |
| python | CVE-2023-40217 |
| shadow | CVE-2023-4641 |
| sudo | CVE-2023-42465 |
| tar | CVE-2023-39804 |
| vim | CVE-2023-46246 |
| CVE-2023-48231 | |
| CVE-2023-48232 | |
| CVE-2023-48233 | |
| CVE-2023-48234 | |
| CVE-2023-48235 | |
| CVE-2023-48236 | |
| CVE-2023-48237 | |
| CVE-2023-48706 | |
| CVE-2023-5344 | |
| CVE-2023-5441 | |
| CVE-2023-5535 |
Resolution
Prerequisites
- Create a snapshot or backup copy of the VMware Aria Operations for Logs virtual appliance(s)
- Obtain a copy of the VMware Aria Operations for Logs upgrade bundle .pak file for the release you are upgrading to
- Verify that you are logged in to the VMware Aria Operations for Logs web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the primary node of the VMware Aria Operations for Logs virtual cluster.
- Make a note of any nodes you are upgrading that are in maintenance mode. Ensure you take all nodes out of maintenance mode prior to the upgrade. When the upgrade is finished, you may move them from the state Connected to Maintenance mode.
Procedure
- Download the upgrade .pak file from the Broadcom Support Portal.
- Under Management, click Cluster.
- Click 'Upgrade Cluster' to upload the pak file.
- Accept the new EULA to complete the upgrade procedure.
- Reference Document Link: Upgrading VMware Aria Operations for Logs.
What to do next
- After the primary node upgrade process is complete, you can view the remaining upgrade process, which is automatic.
- Check for the email sent to the Admin to confirm the upgrade completed successfully.
- After upgrade, all nodes are brought online even if they were in maintenance mode before the upgrade. Move these nodes back to maintenance mode as needed.
- Remove the snapshots from the VMware Aria Operations for Logs appliance(s) within ~72 hours after a successful upgrade to avoid performance issues
Feedback
Yes
No
Powered by
