CSP-91401 - Patch instructions to upgrade OpenSSH version
search cancel

CSP-91401 - Patch instructions to upgrade OpenSSH version


Article ID: 327324


Updated On:




This article provides important information for upgrading the OpenSSH to fix the below vulnerability. 
List of affected version

 Product Component  


 Applicable CVE(s) 

 VMware Identity Manager Appliance 




VMware Identity Manager 3.3.x


Before You Begin:

  • It is recommended to upgrade instances of unsupported versions to newer, supported versions first before applying the patch. This procedure will not work for other versions. Please refer to the VMware Lifecycle Matrix https://lifecycle.vmware.com/ for the list of supported versions of the product.
  • It is strongly recommended to take a snapshot or backup of the Appliance(s) and the database server before applying the procedure
  • Download the patches:

     Product Component  


     VMware Identity Manager Appliance 


Patch Deployment Procedure:

  1. Login as sshuser, sudo to root level access
  2. Download and transfer CSP-91401-Appliance-3.3.7.zip to the virtual appliance. This zip file can be saved anywhere on the file system. VMware recommends SCP protocol to transfer the file to the appliance. Tools such as winscp can also be used to transfer the file to the appliance.
  3. Unzip the file using the command below.
            unzip CSP-91401-Appliance-3.3.7.zip -d CSP-91401-Appliance-3.3.7
  4. Navigate to the files within the unzipped folder using the command below.
            cd CSP-91401-Appliance-3.3.7
  5. Run the patch script using the below command

Note: If you are running a cluster deployment, repeat the steps above on all additional nodes of the cluster.

Patch Deployment Validations:
After the patch deployment, perform the below steps to confirm the patch is applied successfully

  1. Login as an Administrator to the VIDM Console and verify the System Diagnostics page is green.
  2. If the patch is applied successfully you can find a flag file created as CSP-91401-3.3.7-hotfix.applied in /usr/local/horizon/conf/flags directory.
  3. Try SSH with sshuser/root user to the vIDM appliance from another session

Additional Information

To revert this patch, revert to the appliance(s) snapshot and the database backup taken before applying these steps.