CSP-97727: Patch instructions to upgrade Photon-OS Library
search cancel

CSP-97727: Patch instructions to upgrade Photon-OS Library

book

Article ID: 380348

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Patch Superseded

This patch (CSP-97727) has been superseded and is no longer available. Please install the latest cumulative update, CSP-102092, by following the instructions in KB 412021.

Vulnerabilities Addressed by This (Superseded) Patch

This article provides information on a previous patch that upgraded Photon OS libraries to fix the security vulnerabilities listed below.

Affected Product

  • VMware Identity Manager Appliance: 3.3.7

Applicable CVEs

CVE-2024-36971, CVE-2023-31130, CVE-2023-32067, CVE-2023-31147, CVE-2023-20867, CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2019-18276, CVE-2023-31486, CVE-2023-2953, CVE-2023-31124, CVE-2023-38039, CVE-2023-34058, CVE-2023-34059, CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2023-7104, CVE-2023-42465, CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-0743, CVE-2024-38428, CVE-2024-34459, CVE-2024-37370, CVE-2024-37371, CVE-2024-44987, CVE-2024-44998, CVE-2024-44999, CVE-2024-46673, CVE-2024-46674, CVE-2023-6597, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2022-45934, CVE-2024-1086, CVE-2024-0607, CVE-2022-41218, CVE-2022-3628, CVE-2023-0458, CVE-2022-36280, CVE-2022-3424, CVE-2023-0266, CVE-2023-28328, CVE-2022-47929, CVE-2023-0394, CVE-2023-23455, CVE-2023-0461, CVE-2023-2952, CVE-2019-17026, CVE-2020-15656, CVE-2021-29984

Environment

VMware Identity Manager 3.3.x

Resolution

Prerequisites

  • Version Support: It's recommended to upgrade any unsupported product versions to a supported version before applying this patch. Please refer to the VMware Product Lifecycle Matrix for a list of supported versions.

  • Snapshots/Backups: It is strongly recommended to take a snapshot or backup of the appliance(s) before proceeding.

  • GRUB Version Check: This patch requires grub2.
    1. Check for the presence of the grub configuration file: 
      ls -ltr /boot/grub
# OR
ls -ltr /boot/grub2
    2. The output must show a grub.cfg file. If it is missing or your grub version is below 2.0, you must update it before applying this patch. If you are unsure how to update the grub file, please contact Broadcom Support for assistance.

Procedure: Patch Deployment

Note: This is a cumulative patch and will also install fixes from several previous patches, including CSP-96928, CSP-95247, and others.

  1. Log in to the VMware Identity Manager appliance via SSH as sshuser and elevate to the root user with sudo su -.
  2. Download and transfer the CSP-97727-Appliance-3.3.7.zip file to a temporary location on the virtual appliance (e.g., /tmp).
  3. Unzip the file into a new directory: 
    unzip CSP-97727-Appliance-3.3.7.zip -d CSP-97727-Appliance-3.3.7
  4. Navigate into the new directory: 
    cd CSP-97727-Appliance-3.3.7
  5. Run the patch script: 
    ./CSP-97727-applyPatch.sh

Note: For a clustered deployment, repeat the steps above on all additional nodes of the cluster sequentially (Primary → Secondary → Secondary).

Validation

After the patch deployment, perform the following steps to confirm it was applied successfully:

  1. Log in to the VMware Identity Manager Console as an Administrator and verify the System Diagnostics page shows a green status.
  2. Verify that the patch flag file has been created in the /usr/local/horizon/conf/flags directory: 
    ls /usr/local/horizon/conf/flags/CSP-97727-3.3.7-hotfix.applied
  3. Verify Legacy Connector functionality by ensuring the Auth Adapters load and open without errors.
  4. Perform a Directory Sync and confirm that users and groups are synchronized correctly.
  5. Check that all UI portal tabs load properly, including the configuration page at https://<vidm-hostname>:8443.

Additional Notes

  • For Cluster Deployments: Patch application must be sequential (Primary → Secondary 1 → Secondary 2).
  • Aria Suite Lifecycle Integration:
    • For vRSLCM versions 8.12.0 and below, you must run the "Remediate" action on the vIDM cluster after patching.
    • For vRSLCM versions 8.14.0 and above, the "Auto recovery" feature should handle the cluster health update after the nodes reboot.

Rollback Procedure

To revert this patch, restore the appliance(s) and database from the snapshots and backups taken during the prerequisite phase.

Attachments

ntp-4.2.8p16-1.ph3.x86_64.rpm get_app
Powered by Wolken Software