vRealize Business for Cloud 7.6 Security Build for VMSA-2021-0007
search cancel

vRealize Business for Cloud 7.6 Security Build for VMSA-2021-0007

book

Article ID: 337274

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The vRealize Business for Cloud 7.6 Security Patch is a public Security Patch that addresses the vulnerabilities described in VMSA-2021-0007.

Environment

VMware vRealize Business for Cloud 7.6

Cause

VMware vRealize Business for Cloud contains a remote code execution vulnerability due to an unauthorised end point. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Resolution

To resolve this exploit, download and install the correct Security Patch version that matches your version of vRealize Business.

  1. Download the vRealize Business for Cloud 7.6 Security Patch ISO file from the Broadcom Downloads page.
Note: Select vRealize Business for Cloud as the Product and select 7.6.0 as the version and click Search.
Select the option below.

Release Name Release Date Build Number File Name
    vRealize Business for Cloud 7.6 security release 05/05/2021 17828140 vRealize-Business-for-Cloud-7.6.0.46000-17828140-updaterepo.iso
  1. Connect the vRealize Business for Cloud  Server Appliance CD-ROM drive to the ISO file that you downloaded.
  2. Log in to the VAMI console at https://vRealize_Business_for_Cloud_IP_address:5480 using root credentials.
  3. If you have registered with vRealize Automation, you must unregister vRealize Business for Cloud.  If you have registered with VMware Identity Manager, ignore this step.
  4. Click Settings.
  5. Under Update Repository, select Use CD-ROM Updates and mount the path where you have uploaded ISO file.
  6. Click Save Settings.
  7. Click Check Updates to see the available updates and then click the Install Updates option.
  8. After a successful upgrade, verify the updated version number of the appliance.
  9. If you had registered with vRealize Automation, re-register vRealize Business for Cloud with vRealize Automation.  If you have registered with VMware Identity Manager, ignore this step.



Additional Information

Known Issues

  • While upgrading to the security patch, you may experience a kernel boot filesystem error.
If this issue occurs, the /opt/vmware/var/log/vami/updatecli.log file will show errors similar to:
Preparing packages...
              installing package kernel-default-4.12.14-122.26.1.x86_64 needs 4MB on the /boot filesystem
              [ERROR] Failed with exit code 65024

To resolve this issue, move the old kernel files to the /tmp folder.
  1. Log into the vRealize Business for Cloud VM via SSH.
  2. Run the following commands to create a /tmp/boot folder and move the old kernel files:
mkdir /tmp/boot
cd /boot/
mv vmlinu* initr* /tmp/boot
  1. Preform the upgrade again via the VAMI UI, following the steps above in the Resolution section.
 
  • While upgrading to the security patch, you may experience a file conflict error.
If this issue occurs, the /opt/vmware/var/log/vami/updatecli.log file will show errors similar to:
Preparing packages...
        file /usr/share/man/man5/netconfig.5.gz from install of libtirpc-netconfig-1.0.1-17.13.1.x86_64 conflicts with file from package libtirpc1-0.2.3-12.3.x86_64
             [ERROR] Failed with exit code 65024

To resolve this issue, follow the below steps to remove the old libtirpc1-0.2.3-12.3.x86_64 SUSE package.
  1. Log into the vRealize Business for Cloud VM via SSH.
  2. Run the below command to remove the old package:
zypper remove libtirpc1

Note: You will be prompted to key in [y/n] to proceed further; press y and wait for it to complete the operation.
  1. Perform the upgrade again via the VAMI UI, following the steps above in the Resolution section.


Impact/Risks:
It is recommended to take snapshots before applying the Security Patch.

Powered by Wolken Software