Frequently Asked Questions about 11.3.05.001 release and RHEL support 1

This topic presents some of the Frequently Asked Questions (FAQ) about RHEL support and Log4j Vulnerabilities.

Related topics
  • 11.3.05: Service Pack Open link
  • 11.3.05.001: Patch Open link
  • Technical bulletin — Announcing the availability of TrueSight Operations Management 11.3.04 to support RHEL 8.x Open link

FAQs about RHEL support

This section presents some of the FAQs about RHEL support.


You should first install 11.3.04 using the new image available on the EPD site Open link and then upgrade to 11.3.05.001.

TrueSight Operations Management 11.3.05 is not supported on RHEL 8.4 and later. You must use 11.3.05.001.

You should first upgrade Infrastructure Management server to Infrastructure Management 11.3.05.001 and then perform the OS upgrade to RHEL 8.4 or later.

Fresh install for Remote ISN and Remote cell is available. You can use new 11.3.04 image or 11.3.05.001 image based on the version you are targeting.

Existing TrueSight Presentation Server image is supported on all RHEL versions, so there is no release needed for TrueSight Presentation Server.

FAQs about Log4j Vulnerability fixes

This section presents some of the FAQs about Log4j Vulnerability fixes.


From Log4j point of view, TrueSight Presentation Server 11.3.05.001 is equivalent to the latest Log4j hotfixes provided in 11.3.05.

In TrueSightInfrastructure Management 11.3.05.001,the usage of Log4j 1.x version that was vulnerable is removed. This was not provided in 11.3.05 version, so use 11.3.05.001 to solve Log4j issues.

Log4j 2.x is upgraded to 2.17.1 in TrueSight Presentation Server.

The usage of Log4j 1.x version that was vulnerable is removed and now using reload4j 1.2.17 in TrueSight Infrastructure Management server, Remote ISN, and Remote Admin.

Following are the list of TPS, their versions, and CVE’s addressed in TrueSight Operations Management 11.3.05.001 release:

Component

TPS version in 11.3.05.001

CVE Fixed

Reference

TrueSight Presentation Server/TrueSight Infrastructure Management

Tomcat 9.0.58

CVE-2022-23181

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.58

TrueSight Infrastructure Management

Apache 2.4.52 

CVE-2021-44224 and CVE-2021-44790

https://httpd.apache.org/security/vulnerabilities_24.html

TrueSight Infrastructure Management

reload4j 1.2.17

CVE-2021-4104 , CVE-2022-23302 , CVE-2019-17571 , CVE-2020-9493, CVE-2022-23305, CVE-2020-9488

https://reload4j.qos.ch/

TrueSight Presentation Server

Log4j-2.17.1

CVE-2021-44832 , CVE-2021-45105 , CVE-2021-45046 , CVE-2021-44228

https://logging.apache.org/log4j/2.x/security.html

TrueSight Infrastructure Management

Active MQ-5.16.4

Removal of Log4j

https://activemq.apache.org/activemq-5016004-release

TrueSight Infrastructure Management

log4j2-jboss-logmanager-1.1.1.Final

CVE-2022-23305, CVE-2022-23307,CVE-2022-23302,CVE-2021-4104,SONATYPE-2010-0053

https://logging.apache.org/log4j/1.2/index.html

Was this page helpful? Yes No Submitting... Thank you

Comments