AAEP: Vulnerabilities reported for EPM MPP 8.1.0.0.225

Doc ID		SOLN370449
Version:		4.0
Status:		Published
Published date:		09 Oct 2023
Created Date:

Author:

Sandeep ParvathReddy

Details

8.1.0.0.225

Problem Clarification

Vulnerabilities reported for EPM - MPP
2022-04 RHSA-2022:0267 https://access.redhat.com/errata/RHSA-2022:0267
2022-04 RHSA-2022:0307 https://access.redhat.com/errata/RHSA-2022:0307
2022-04 RHSA-2022:0332 https://access.redhat.com/errata/RHSA-2022:0332
2022-04 RHSA-2022:0368 https://access.redhat.com/errata/RHSA-2022:0368
2022-04 RHSA-2022:0370 https://access.redhat.com/errata/RHSA-2022:0370
2022-04 RHSA-2022:0441 https://access.redhat.com/errata/RHSA-2022:0441
2022-04 RHSA-2022:0658 https://access.redhat.com/errata/RHSA-2022:0658
2022-04 RHSA-2022:0825 https://access.redhat.com/errata/RHSA-2022:0825
2022-04 RHSA-2022:0892 https://access.redhat.com/errata/RHSA-2022:0892
2022-04 RHSA-2022:0894 https://access.redhat.com/errata/RHSA-2022:0894
2022-04 RHSA-2022:0896 https://access.redhat.com/errata/RHSA-2022:0896
2022-04 RHSA-2022:0899 https://access.redhat.com/errata/RHSA-2022:0899
2022-04 RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
2022-04 RHSA-2022:1049 https://access.redhat.com/errata/RHSA-2022:1049
2022-04 RHSA-2022:1065 https://access.redhat.com/errata/RHSA-2022:1065

Cause

Customer security concern

Solution

The vulnerabilities from report are fixed in next AVL patch that is released on May 1st 2022
The following vulnerabilities are fixed in new AVL patch

   2022-04   RHSA-2022:0267  https://access.redhat.com/errata/RHSA-2022:0267
    2022-04   RHSA-2022:0307  https://access.redhat.com/errata/RHSA-2022:0307
    2022-04   RHSA-2022:0332  https://access.redhat.com/errata/RHSA-2022:0332
    2022-04   RHSA-2022:0368  https://access.redhat.com/errata/RHSA-2022:0368
    2022-04   RHSA-2022:0370  https://access.redhat.com/errata/RHSA-2022:0370
    2022-04   RHSA-2022:0441  https://access.redhat.com/errata/RHSA-2022:0441
    2022-04   RHSA-2022:0658  https://access.redhat.com/errata/RHSA-2022:0658
    2022-04   RHSA-2022:0825  https://access.redhat.com/errata/RHSA-2022:0825
    2022-04   RHSA-2022:0892  https://access.redhat.com/errata/RHSA-2022:0892
    2022-04   RHSA-2022:0894  https://access.redhat.com/errata/RHSA-2022:0894
    2022-04   RHSA-2022:0896  https://access.redhat.com/errata/RHSA-2022:0896
    2022-04   RHSA-2022:0899  https://access.redhat.com/errata/RHSA-2022:0899
    2022-04   RHSA-2022:0951  https://access.redhat.com/errata/RHSA-2022:0951
    2022-04   RHSA-2022:1049  https://access.redhat.com/errata/RHSA-2022:1049
    2022-04   RHSA-2022:1065  https://access.redhat.com/errata/RHSA-2022:1065

Red Hat Update for httpd:2.4 (RHSA-2022:0891) included to RHSA-2022:1049
Red Hat Update for httpd:2.4 (RHSA-2022:0258) included to RHSA-2022:1049

For Open SSH vulnerabilities the following packege was updated:
openssh-8.0p1-10.el8.x86_64.rpm 2022-01 d38bb13b6315f1a366f0c8c7d88975824c5c7be1282b10339f689b27d4b2fb71
openssh-clients-8.0p1-10.el8.x86_64.rpm 2022-01 c82f9d74c138a866cd2636064ce3d21fc12dd006698029049fbe74cffa0ac3f7
openssh-server-8.0p1-10.el8.x86_64.rpm

Red Hat Update for vim (RHSA-2022:0366) -> RHSA-2022:0894
Red Hat Update for kernel (RHSA-2022:0188) -> RHSA-2022:0825
OpenSSH Command Injection Vulnerability (Generic) Will not be addressed till Red Hat assigns a RHSA which they have stated they “will not fix”

Avaya Enterprise Linux for Avaya Experience Portal 8.x Security Updates - April2022 > https://support.avaya.com/downloads/download-details.action?contentId=C2021112154544200_8&productId=P0407&releaseId=8.1.x

Security Updates - Avaya Enterprise Linux for Avaya Experience Portal 8.x -- PSN005774u: https://download.avaya.com/css/public/documents/101073576

Avaya Enterprise Linux for Avaya Experience Portal 8.x Hotfix 2022-04: https://download.avaya.com/css/public/documents/101073308

Additional Relevant Phrases

EP: vulnerabilities on top of AEP version 8.1.1 EP: RHSA-2022:1065

Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy