SolarWinds Log & Event Manager version 6.2 HotFix 2
This hotfix addresses the following issues:
- LEM Manager: Vulnerability to an XML external entity injection through the agent message-processing service. This vulnerability was reported by Digital Defense and ZDI.
- All previous fixes addressed by Hotfix 1
This hotfix is installed on the SolarWinds LEM Virtual Appliance.
Hotfix 1 is not required to be applied before installing this hotfix.
To install Hotfix 2, verify that the LEM Appliance is running 6.2.0 or 6.2.0 hotfix1
version. When completed, install hotfix 2 on the following LEM components:
- LEM Manager
- LEM Database Server
- LEM Syslog Server
-----------------------------------------------------------------------------------
VERIFYING THE LEM APPLIANCE RELEASE VERSION
1. Open the LEM vSphere/Hyper-V console (or an ssh client) and authenticate to
the LEM Virtual Appliance.
2. Click Manage > Appliances.
3. Under the Version column, check the current LEM version.
If the version is Release 6.2.0, install the hotfix.
If the version is not Release 6.2.0, do not install the hotfix.
-----------------------------------------------------------------------------------
INSTALLING HOT FIX 2 ON THE LEM MANAGER
1. Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.
a. At the cmc> prompt, enter:
manager
b. At the cmc::cmm# prompt, enter:
scriptupgrade
2. Follow the instructions on your screen, providing the network path to your
hotfix 2 files and the appropriate credentials with read access to this
path.
For example:
\\server\unzipped_hotfix_folder\manager
If you receive a message stating that no upgrades were found, ensure you
entered the correct path to the files.
3. When prompted, apply the appropriate cmc script.
When completed, a cmc: prompt appears.
4. At the prompt, enter:
manager
5. At the cmc::cmm# prompt, enter:
hotfix
Hotfix 2 is copied off the network share and applied to the system.
6. Reboot the appliance:
a. Exit the cmm# prompt or at the cmc# prompt, enter
appliance
b. At the prompt, enter:
reboot
7. Log in to CMC.
At the prompt, enter:
manager
8. At the prompt, enter:
viewsysinfo
The system info appears on your screen.
9. At the top of your screen, the following message should appear if the
hotfix was installed correctly:
TriGeo manager version is: 6.2.0
TriGeo manager build is: hotfix2
Hotfix 2 is installed on LEM Manager.
-----------------------------------------------------------------------------------
UNINSTALLING THE HOTFIX 2 FROM LEM MANAGER
To uninstall hotfix 2, contact SolarWinds Support at solarwinds.com/support.
-----------------------------------------------------------------------------------
INSTALLING HOT FIX 2 ON THE LEM DATABASE SERVER
1. Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.
a. At the cmc> prompt, enter:
manager
b. At the cmc::cmm# prompt, enter:
scriptupgrade
2. Follow the instructions on your screen, providing the network path to your
hotfix 2 files and the appropriate credentials with read access to this
path.
For example:
\\server\unzipped_hotfix_folder\manager
If you receive a message stating that no upgrades were found, ensure you
entered the correct path to the files.
3. When prompted, apply the appropriate cmc script.
When completed, a cmc: prompt appears.
4. At the prompt, enter:
manager
5. At the cmc::cmm# prompt, enter:
hotfix
Hotfix 2 is copied off the network share and applied to the system.
6. Reboot the appliance.
a. Exit the cmm# prompt or at the cmc# prompt, enter
appliance
b. At the prompt, enter:
reboot
7. Log in to CMC.
At the prompt, enter:
manager
8. At the prompt, enter:
viewsysinfo
The system info appears on your screen.
9. At the top of your screen, the following message should appear if the
hotfix was installed correctly:
TriGeo manager version is: 6.2.0
TriGeo manager build is: hotfix2
Hotfix 2 is installed on LEM Manager.
-----------------------------------------------------------------------------------
UNINSTALLING THE HOTFIX 2 FROM DATABASE SERVER
To uninstall hotfix 2, contact SolarWinds Support at solarwinds.com/support.
-----------------------------------------------------------------------------------
INSTALLING HOT FIX 2 ON THE LEM SYSLOG SERVER
1. Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.
a. At the cmc> prompt, enter:
manager
b. At the cmc::cmm# prompt, enter:
scriptupgrade
2. Follow the instructions on your screen, providing the network path to your
hotfix 2 files and the appropriate credentials with read access to this
path.
For example:
\\server\unzipped_hotfix_folder\manager
If you receive a message stating that no upgrades were found, ensure you
entered the correct path to the files.
3. When prompted, apply the appropriate cmc script.
When completed, a cmc: prompt appears.
4. At the prompt, enter:
manager
5. At the cmc::cmm# prompt, enter:
hotfix
Hotfix 2 is copied off the network share and applied to the system.
6. Reboot the appliance.
a. Exit the cmm# prompt or at the cmc# prompt, enter
appliance
b. At the prompt, enter:
reboot
7. Log in to CMC.
At the prompt, enter:
manager
8. At the prompt, enter:
viewsysinfo
The system info appears on your screen.
9. At the top of your screen, the following message should appear if the
hotfix was installed correctly:
TriGeo manager version is: 6.2.0
TriGeo manager build is: hotfix2
Hotfix 2 is installed on LEM Manager.
-----------------------------------------------------------------------------------
UNINSTALLING THE HOTFIX 2 FROM SYSLOG SERVER
To uninstall hotfix 2, contact SolarWinds Support at solarwinds.com/support.
