Version 3

    SolarWinds Log & Event Manager version 6.2 HotFix 2

     

    This hotfix addresses the following issues:

    • LEM Manager: Vulnerability to an XML external entity injection through the agent message-processing service. This vulnerability was reported by Digital Defense and ZDI.
    • All previous fixes addressed by Hotfix 1

     

    This hotfix is installed on the SolarWinds LEM Virtual Appliance.


    Hotfix 1 is not required to be applied before installing this hotfix.

     

    To install Hotfix 2, verify that the LEM Appliance is running 6.2.0 or 6.2.0 hotfix1

    version. When completed, install hotfix 2 on the following LEM components:

    - LEM Manager

    - LEM Database Server

    - LEM Syslog Server

    -----------------------------------------------------------------------------------

    VERIFYING THE LEM APPLIANCE RELEASE VERSION

       1.  Open the LEM vSphere/Hyper-V console (or an ssh client) and authenticate to

           the LEM Virtual Appliance.

       2.  Click Manage > Appliances.

       3.  Under the Version column, check the current LEM version.

           If the version is Release 6.2.0, install the hotfix.

           If the version is not Release 6.2.0, do not install the hotfix.

    -----------------------------------------------------------------------------------

    INSTALLING HOT FIX 2 ON THE LEM MANAGER

       1.  Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.

           a.  At the cmc> prompt, enter:

               manager

           b.  At the cmc::cmm# prompt, enter:

               scriptupgrade

       2.  Follow the instructions on your screen, providing the network path to your

           hotfix 2 files and the appropriate credentials with read access to this

           path.

           For example:

           \\server\unzipped_hotfix_folder\manager

           If you receive a message stating that no upgrades were found, ensure you

           entered the correct path to the files.

       3.  When prompted, apply the appropriate cmc script.

           When completed, a cmc: prompt appears.

       4.  At the prompt, enter:

           manager

       5.  At the cmc::cmm# prompt, enter:

           hotfix

           Hotfix 2 is copied off the network share and applied to the system.

       6.  Reboot the appliance:

           a.  Exit the cmm# prompt or at the cmc# prompt, enter

               appliance

           b.  At the prompt, enter:

               reboot

       7.  Log in to CMC.

           At the prompt, enter:

           manager

       8.  At the prompt, enter:

           viewsysinfo

           The system info appears on your screen.

       9.  At the top of your screen, the following message should appear if the

           hotfix was installed correctly:

           TriGeo manager version is: 6.2.0

           TriGeo manager build is: hotfix2

           Hotfix 2 is installed on LEM Manager.

    -----------------------------------------------------------------------------------

    UNINSTALLING THE HOTFIX 2 FROM LEM MANAGER

       To uninstall hotfix 2, contact SolarWinds Support at solarwinds.com/support.

    -----------------------------------------------------------------------------------

    INSTALLING HOT FIX 2 ON THE LEM DATABASE SERVER

       1.  Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.

           a.  At the cmc> prompt, enter:

               manager

           b.  At the cmc::cmm# prompt, enter:

               scriptupgrade

       2.  Follow the instructions on your screen, providing the network path to your

           hotfix 2 files and the appropriate credentials with read access to this

           path.

           For example:

           \\server\unzipped_hotfix_folder\manager

           If you receive a message stating that no upgrades were found, ensure you

           entered the correct path to the files.

       3.  When prompted, apply the appropriate cmc script.

           When completed, a cmc: prompt appears.

       4.  At the prompt, enter:

           manager

       5.  At the cmc::cmm# prompt, enter:

           hotfix

           Hotfix 2 is copied off the network share and applied to the system.

       6.  Reboot the appliance.

           a.  Exit the cmm# prompt or at the cmc# prompt, enter

               appliance

           b.  At the prompt, enter:

               reboot

       7.  Log in to CMC.

           At the prompt, enter:

           manager

       8.  At the prompt, enter:

           viewsysinfo

           The system info appears on your screen.

       9.  At the top of your screen, the following message should appear if the

           hotfix was installed correctly:

           TriGeo manager version is: 6.2.0

           TriGeo manager build is: hotfix2

           Hotfix 2 is installed on LEM Manager.

    -----------------------------------------------------------------------------------

    UNINSTALLING THE HOTFIX 2 FROM DATABASE SERVER

       To uninstall hotfix 2, contact SolarWinds Support at solarwinds.com/support.

    -----------------------------------------------------------------------------------

    INSTALLING HOT FIX 2 ON THE LEM SYSLOG SERVER

       1.  Using the LEM Console or an SSH client (such as PuTTY), log in to CMC.

           a.  At the cmc> prompt, enter:

               manager

           b.  At the cmc::cmm# prompt, enter:

               scriptupgrade

       2.  Follow the instructions on your screen, providing the network path to your

           hotfix 2 files and the appropriate credentials with read access to this

           path.

           For example:

           \\server\unzipped_hotfix_folder\manager

           If you receive a message stating that no upgrades were found, ensure you

           entered the correct path to the files.

       3.  When prompted, apply the appropriate cmc script.

           When completed, a cmc: prompt appears.

       4.  At the prompt, enter:

           manager

       5.  At the cmc::cmm# prompt, enter:

           hotfix

           Hotfix 2 is copied off the network share and applied to the system.

       6.  Reboot the appliance.

           a.  Exit the cmm# prompt or at the cmc# prompt, enter

               appliance

           b.  At the prompt, enter:

               reboot

       7.  Log in to CMC.

           At the prompt, enter:

           manager

       8.  At the prompt, enter:

           viewsysinfo

           The system info appears on your screen.

       9.  At the top of your screen, the following message should appear if the

           hotfix was installed correctly:

           TriGeo manager version is: 6.2.0

           TriGeo manager build is: hotfix2

           Hotfix 2 is installed on LEM Manager.

    -----------------------------------------------------------------------------------

    UNINSTALLING THE HOTFIX 2 FROM SYSLOG SERVER

       To uninstall hotfix 2, contact SolarWinds Support at solarwinds.com/support.