Frequently Asked Questions about 11.3.05.001 release and RHEL support 1

This topic presents some of the Frequently Asked Questions (FAQ) about RHEL support and Log4j Vulnerabilities.

Related topics

FAQs about RHEL support

This section presents some of the FAQs about RHEL support.


I am planning to install a fresh version of TrueSight Operations Management on RHEL 8.x. Which image I will use?

You should first install 11.3.04 using the new image available on the EPD site and then upgrade to 11.3.05.001.

TrueSight Operations Management 11.3.05 is not supported on RHEL 8.4 and later. You must use 11.3.05.001.

I am already using TrueSight Infrastructure Management 11.3.04 or 11.3.05 with RHEL 8.3 or earlier version. How should I upgrade if I want to use RHEL 8.4 and later?

You should first upgrade Infrastructure Management server to Infrastructure Management 11.3.05.001 and then perform the OS upgrade to RHEL 8.4 or later.

I want to use Remote ISN or Remote Cell on RHEL 8.4 and later. Which image I should use?

Fresh install for Remote ISN and Remote cell is available. You can use new 11.3.04 image or 11.3.05.001 image based on the version you are targeting.

Why there is no release of new image for TrueSight Presentation Server 11.3.04?

Existing TrueSight Presentation Server image is supported on all RHEL versions, so there is no release needed for TrueSight Presentation Server.

FAQs about Log4j Vulnerability fixes

This section presents some of the FAQs about Log4j Vulnerability fixes.


There are already hotfixes available for Log4j. What is new in TrueSight Operations Management 11.3.05.001?

From Log4j point of view, TrueSight Presentation Server 11.3.05.001 is equivalent to the latest Log4j hotfixes provided in 11.3.05.

In TrueSightInfrastructure Management 11.3.05.001,the usage of Log4j 1.x version that was vulnerable is removed. This was not provided in 11.3.05 version, so use 11.3.05.001 to solve Log4j issues.

What changes are done in TrueSight Operations Management for Log4j fixes? Which Log4j version are used in TrueSight Operations Management products?

Log4j 2.x is upgraded to 2.17.1 in TrueSight Presentation Server.

The usage of Log4j 1.x version that was vulnerable is removed and now using reload4j 1.2.17 in TrueSight Infrastructure Management server, Remote ISN, and Remote Admin.

Are there any other Third Party Software (TPS) updated in TrueSight Operations Management 11.3.05.001?

Following are the list of TPS, their versions, and CVE’s addressed in TrueSight Operations Management 11.3.05.001 release:

Component

TPS version in 11.3.05.001

CVE Fixed

Reference

TrueSight Presentation Server/TrueSight Infrastructure Management

Tomcat 9.0.58

CVE-2022-23181

TrueSight Infrastructure Management

Apache 2.4.52 

CVE-2021-44224 and CVE-2021-44790

TrueSight Infrastructure Management

reload4j 1.2.17

CVE-2021-4104 , CVE-2022-23302 , CVE-2019-17571 , CVE-2020-9493, CVE-2022-23305, CVE-2020-9488

TrueSight Presentation Server

Log4j-2.17.1

CVE-2021-44832 , CVE-2021-45105 , CVE-2021-45046 , CVE-2021-44228

TrueSight Infrastructure Management

Active MQ-5.16.4

Removal of Log4j

TrueSight Infrastructure Management

log4j2-jboss-logmanager-1.1.1.Final

CVE-2022-23305, CVE-2022-23307,CVE-2022-23302,CVE-2021-4104,SONATYPE-2010-0053

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*