VMware Aria Operations 8.18 Hot Fix 1

VMware Aria Operations 8.18 Hot Fix 1

book

Article ID: 373987

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

VMware Aria Operations 8.18 Hot Fix 1 is a public Hot Fix that addresses the following issues:

  • [Diagnostics MP] Add new VMSA rules; vSphere-CVE-2024-37079, CVE-2024-37080, CVE-2024--37081, to VMSA-2024-0012
  • In case of Metric chart Metrics mode, for deleted object widget is throwing an exception
  • The "Product Versions" card should be active by default in the Launchpad -> VMware Cloud Foundation page
  • Roles: Upgrade: "Administration Menu" is not selected after the upgrade from 8.17 to 8.18 in the described case
  • Payload Template: Template name has disappeared from the Payload Template Preview
  • Self Monitoring: Issues with some of the self-monitoring objects' collection states on greenfield and brownfield
  • Notification: Email: Symptoms/Conditions Table is not being drawn in Email Notification
  • [Troubleshooting Workbench] The "Add Peers" button is missing in the "Troubleshooting Workbench" custom scopes
  • "Help" URL is broken for Dashboards
  • [Platform] Custom and Dynamic properties become unavailable in Object's metric picker after the Aria Operations upgrade from the older version to 8.18
  • [Launchpad] The Launchpad videos placed in the "Learn More" content are not working
  • [G11N] Out of bound text on Audit Events page for French / German
  • Agent Installation failing with HA Disabled Cloud Proxy Group
  • Node is in "Waiting for Analytics" state
  • [What-If] Show the list of existing datacenters and clusters in what-if/committed saved scenarios filtering
  • [Dashboards] The widget interaction is not working in the described case
  • vIDB integration doesn't work with CA certificates
  • License Management: The chart data and its legend is duplicated when refreshing the License Management in chart
  • [vCenter Adapter] Unnecessary calls to VC while adapter instance certificate is expired or invalid
  • Postgres DB Upgrade failed on 16 nodes XL setup
  • Change Dashboard Names - VCF HRM
  • Schema xsd files are missing in suite-api
  • Suite APIs: /internal/desiredstateconfiguration/drift/** should be hidden
  • Cost Calculation fails with NullPointerException

 

The following CVEs have been resolved as of version 8.18 Hot Fix 1:

Note: Inclusion of a given CVE in the following table does not imply exploitability of said CVE.

Component Name CVE
apache CVE-2024-36387
CVE-2024-38472
CVE-2024-38473
CVE-2024-38474
CVE-2024-38475
CVE-2024-38476
CVE-2024-38477
CVE-2024-39573
coreutils CVE-2024-0684
cri-o CVE-2024-5154
cryptography CVE-2023-50782
CVE-2024-26130
golang-runtime CVE-2024-24789
libarchive CVE-2024-26256
CVE-2024-37407
linux_kernel CVE-2024-24858
CVE-2024-26900
CVE-2024-26945
CVE-2024-27397
CVE-2024-27400
CVE-2024-27407
CVE-2024-35848
CVE-2024-35947
CVE-2024-36891
CVE-2024-36893
CVE-2024-36897
CVE-2024-36901
CVE-2024-36902
CVE-2024-36926
CVE-2024-36930
CVE-2024-36938
CVE-2024-36965
CVE-2024-36967
CVE-2024-36969
CVE-2024-36971
CVE-2024-38571
CVE-2024-38577
CVE-2024-38581
CVE-2024-38583
CVE-2024-38603
CVE-2024-38662
CVE-2024-38667
CVE-2024-38780
CVE-2024-39277
CVE-2024-39292
CVE-2024-39474
CVE-2024-39475
CVE-2024-39476
CVE-2024-39480
CVE-2024-39481
CVE-2024-39482
CVE-2024-39484
CVE-2024-39489
CVE-2024-39493
CVE-2024-39494
CVE-2024-39495
CVE-2024-39496
CVE-2024-40902
CVE-2024-40903
CVE-2024-41009
CVE-2024-42068
CVE-2024-42070
CVE-2024-42073
CVE-2024-42076
CVE-2024-42077
CVE-2024-42080
CVE-2024-42082
openssh CVE-2024-6387

Environment

VMware Aria Operations 8.18

Resolution

VMware Aria Operations 8.18 Hot Fix 1 can be applied to any 8.18.x environment.
Note: Upgrading from older versions directly to this Hot Fix is not supported.  You must upgrade to 8.18.x before applying this Hot Fix.

Important: Take snapshots of each of the VMware Aria Operations nodes before applying the Hot Fix by following How to take a Snapshot of VMware Aria Operations.

  1. Download the VMware Aria Operations 8.18 Hot Fix 1 PAK file from the Broadcom Support Portal.

Note: You will need to login to the portal first to allow download of the file using the direct links below.

Release Name Release Date Build Number UI Build Number File Name
VMware-Aria-Operations-8.18-HF1 8/8/2024 24186800  24186805 vRealize_Operations_Manager_With_CP-8.10.x-to-8.18.24186800.pak
vrlcm-vrops-8.18.0_HF1       *vrlcm-vrops-8.18.0-HF1.patch

* Aria Operations HF1 for version 8.18 to be used in Aria Suite Lifecycle.

  1. Log in to the primary node VMware Aria Operations Administrator interface of your cluster at https://primary-node-FQDN-or-IP-address/admin .
  2. Click Software Update in the left panel.
  3. Click Install a Software Update in the main panel.
  4. Follow the steps in the wizard to locate and install your PAK file.
  5. Install the product update PAK file.
    Wait for the software update to complete. When it does, the Administrator interface logs you out.
  6. Log back into the primary node Administrator interface.
    The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
  7. Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
    The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.

    Note: If a cluster fails and the status changes to offline during the installation process of a PAK file update then some nodes become unavailable. To fix this, you can access the Administrator interface and manually take the cluster offline and click Finish Installation to continue the installation process.
     
  8. Click Software Update to check that the update is done.
    A message indicating that the update completed successfully appears in the main pane.

Once the update is complete delete the snapshots you made before the software update.