CSP-95247: Patch instructions to upgrade Photon-OS
search cancel

CSP-95247: Patch instructions to upgrade Photon-OS

book

Article ID: 373159

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Patch Superseded

This patch (CSP-95247) has been superseded and is no longer available. Please install the latest cumulative update, CSP-102092, by following the instructions in KB 412021.

Vulnerabilities Addressed by This (Superseded) Patch

This article provides information on a previous patch (CSP-95247) that upgraded the Photon OS version to fix the security vulnerabilities listed below.

Affected Product

  • VMware Identity Manager Appliance: 3.3.7

Applicable CVEs

CVE-2023-45853, CVE-2024-24806

Environment

VMware Identity Manager 3.3.x

Resolution

Before You Begin:

  1.  It is recommended to upgrade instances of unsupported versions to newer, supported versions first before applying the patch. This procedure will not work for other versions. Please refer  to the VMware Lifecycle Matrix for the list of supported versions of the product.                                                                     
  2. It is strongly recommended to take a snapshot or backup of the Appliance(s) and the database server before applying the procedure.

Patch Deployment Procedure: 

  1. Login as sshuser, sudo to root level access.                                                                                                                                                                                                                                    
  2. Download and transfer "CSP-95247-Appliance-3.3.7.zip" to the virtual appliance. This zip file can be saved anywhere on the file-system.VMware recommends SCP protocol to transfer the file to the appliance. Tools such as winscp can also be used to transfer the file to the appliance.   
  3. Unzip the file using the command below
                  unzip CSP-95247-Appliance-3.3.7.zip -d CSP-95247-Appliance-3.3.7.zip
  4. Navigate to the files within the unzipped folder using the command below.
                   cd CSP-95247-Appliance-3.3.7.zip
  5. Run the patch script using below command
                  ./CSP-95247-applyPatch.sh                                                                                                                      

Note: If you are running a cluster deployment, repeat the steps above on all additional nodes of the cluster.

Patch Deployment Validations:

After the patch deployment, perform below steps to confirm patch is applied successfully.

  1. Login as an Administrator to the VIDM Console and verify the System Diagnostics page is green.                                                                                                                                                
  2. If the patch is applied successfully you can find a flag file created as CSP-95247-3.3.7-hotfix.applied in the /usr/local/horizon/conf/flags directory.                                                      
  3. Login as local administrator into the Service and navigate to Legacy Connector page.Click on the Worker link and check whether the auth adapters load under the "Auth Adapters" tab. Click on any Enabled auth adapter and check if the page opens correctly.                                                                                                                                                                                     
  4. Perform Directory Sync to validate users/groups are synced.                                                                                                                                                                                                         
  5. Check in the UI portal, if all tabs open properly, including the cfg page "https://vIDM-FQDN:8443"
  6. Check the Admin Portal and the Connectors page show the version as "3.3.7.0 Build 23103647"

Note:

  • If you are running a cluster deployment, repeat the steps above on all additional nodes of cluster.
  • Patch application should be sequential i.e Primary -> Secondary -> Secondary Nodes.
  • User needs to run Remediate action from LCM on the vIDM cluster if vRLCM version is 8.12.0 and
    below.
  • For vRLCM version 8.14.0 and above, Auto recovery would take care of the cluster health on
    reboot.

Download the patches:

 Product Component  

 Version 

 VMware Identity Manager Appliance 

 3.3.7

 

Note : This is a cumulative patch and this will perform a installation other patches including CSP-93316,CSP-91401,CSP-90495

Related Information:

To revert this patch, you can revert to the appliance(s) snapshot and the database backup taken before applying these steps.

Additional Information

This article was created as per Product Management Team request to patch affected VMware Identity Manager

Powered by Wolken Software