HPE Community
HPE 3PAR StoreServ Storage
1754403 Members
3257 Online
108813 Solutions
New Discussion

SSMC and log4j vulnerability

 
SOLVED
Go to solution
sbhat09
HPE Pro

‎12-22-2021 06:36 PM

‎12-22-2021 06:36 PM

Re: SSMC and log4j vulnerability

@GregMoss Why are you upgrading to 2.6 or 2.7? Try from 3.8.x to 3.8.2.1

-Srinivas Bhat


I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
GregMoss
Occasional Advisor

‎12-22-2021 07:26 PM

‎12-22-2021 07:26 PM

Re: SSMC and log4j vulnerability

"3.6 to 3.812 Fails, 2.6 to 3.80 Fails, 2,6 to 2,7 Fails. " was a mistype. Should read "3.6 to 3.812 Fails, 2.6 to 3.80 Fails, 3.6 to 3.7 Fails. ADDING 3.6 to 3.8 Fails AND 3.6 to 3.8 Fails

SSH'ed in, pulled SSMC.log (2 days old, 22megs), filled with entries (simiar to) Below. I've attached logs to SR with HPE. 

2021-12-23 13:36:03.476+1100 ERROR c.h.t.n.i.AlertsLocalizationUtil - Badly formatted introduced version: {"alertType":"EVT_FSVC_STATE_CHANGE","catalogKey":"archiving-event:archiving.cmd.failedvalidation-file-store","customerCorrectiveAction":"An event occurred that requires attention. Contact your authorized service provider for assistance.","forService":false,"introducedVersion":"3.3.1.MU1.P07","messageCode":7208961,"serviceCorrectiveAction":"An event occurred that requires attention. Contact your authorized service provider.","stateText":"FAILED","tier":"general","typeDescription":"File Services state change"}

0 Kudos
Reply
andrewk4
Visitor

‎12-23-2021 12:40 PM

‎12-23-2021 12:40 PM

Re: SSMC and log4j vulnerability

I had no issues upgrading though I always keep fairly up to date and only had to go up one version.

For those having issues though - why not just spin up a fresh install of the latest version? Seems it would be way faster and less hassle. You can always keep the old one around (and offline so not vulnerable) and not delete till ready. Just a thought.

Happy holidays all

0 Kudos
Reply
BBARBAROS
Advisor

‎12-24-2021 07:41 AM

‎12-24-2021 07:41 AM

Re: SSMC and log4j vulnerability

@andrewk4 

Well, we definitely thought about that you can be sure same result....brand new 3.8, nothing is attached, tried both 3.8 upgrade and 3.8.2.1 upgrade, it wouldn`t do

0 Kudos
Reply
goslackware
Occasional Advisor

‎12-26-2021 07:12 AM

‎12-26-2021 07:12 AM

Re: SSMC and log4j vulnerability

Try: 3.3 -> 3.6 -> 3.8 -> 3.8.x.x (latest)

Or deploy a new SSMC, then shutdown the old SSMC when convenient

0 Kudos
Reply
sbhat09
HPE Pro

‎01-03-2022 11:39 PM - last edited on ‎06-29-2022 04:38 AM by

‎01-03-2022 11:39 PM - last edited on ‎06-29-2022 04:38 AM by

Re: SSMC and log4j vulnerability

Hello @BBARBAROS,

If you can check the SSMC upgrade activity logs, are you finding this error? '/var/lib/dpkg/lock was found to be acquired'

If yes, some other process may be running simultaneously that is stopping the SSMC new version to acquire lock to the directory /var/lib/dpkg/

You may wait for the other process to complete and then proceed with upgrading SSMC.

Or identify, terminate/stop the other process and then proceed.

Regards,
Srinivas Bhat

If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.


I am an HPE Employee

Accept or Kudo

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.