Patch SOL-45844

This patch updates the sudo utility to address a heap-based buffer overflow in argument parsing.

This patch applies to ALL appliance types.

This patch applies to the following SolOS releases:

  • SolOS 9.3

This patch resolves the following Common Vulnerabilities and Exposures (CVEs):

  • CVE-2021-3156

You must reapply the patch after upgrading to any SolOS version before 9.8.1.

Installation Procedure

You can run the patch script with the -c flag. If this flag is specified, the script verifies:

  • whether the patch can be applied to the appliance
  • whether the patch has already been applied
  1. Ensure direct shell access is enabled: 
    solace> show authentication

. . .

Shell Users                                        Direct shell login enabled
================================================== ==========================
support                                                                   Yes

    To enable direct shell access, run the following commands:

    solace> enable
solace# configure
solace# authentication allow-direct-shell-login
  2. Copy the patch package to the Solace appliance: 
    $ scp patch-sol-45844.tgz support@<appliance-mgmt-ip>:
  3. Log in to the appliance with the support account over an SSH connection: 
    $ ssh support@<appliance-mgmt-ip>
  4. Unpack the patch package:
    $ cd /usr/sw/support
$ tar zxf patch-sol-45844.tgz
  5. Change to the patch-sol-45844 directory:
    $ cd /usr/sw/support/patch-sol-45844
  6. Check whether the appliance needs this patch (the root password is required): 
    $ sudo ./patch-sol-45844 -c

    • If the output is Patch is not installed, proceed to Step 7.

    • If the output is any of the following, patching is not required. Stop this procedure.

      Patch is installed

      or

      This patch does not apply to this platform. Supported platforms:
CHS-3230AC-01-D, CHS-3230AC-02-A, CHS-3260AC-01-A, CHS-3260AC-01-B,
CHS-3260AC-01-C, CHS-3260AC-02-A, CHS-3260AC-03-A, CHS-3260AC-04-A,
CHS-3530AC-01-A, CHS-3530AC-02-A, CHS-3530AC-03-A, CHS-3560AC-01-A,
CHS-3560AC-02-A, CHS-3560AC-03-A, CHS-3560AC-04-A, CHS-3560AC-05-A,
CHS-3560AC-06-A, CHS-3560AC-07-A.

      or

      This patch does not apply to SolOS versions less than SolOS 8.4.

      or

      This patch does not apply to software event brokers.
For software event brokers, please upgrade to SolOS 9.8.1 or newer versions.
  7. Run the patch script with sudo to install the patch (the root password is required). 
    $ sudo ./patch-sol-45844 -i
Installation succeeded
Patch was applied successfully
  8. If you had to enable direct shell access in Step 1 to run this procedure, turn it off now. 
    solace> enable
solace# configure
solace# no authentication allow-direct-shell-login

You have completed this procedure.