Differences

This shows you the differences between two versions of the page.

--- aix:aix_internet_updates [2024/06/07 11:46]
manu created
+++ aix:aix_internet_updates [2025/02/19 14:59] (current)
manu [Efix DB location]
@@ Line 4: / Line 4: @@
 The tool is included with AIX 7.2 and AIX 7.3. It is delivered with the bos.rte.install AIX fileset. This requires an internet connection. It allows to download and install security fix
+  * **emgr_check_ifixes**
+  * **emgr_download_ifix**
+  * **emgr_sec_patch**
+FIXME currently (02-2025) you can't set a proxy to download ! Only direct connections to internet are supported
 <cli prompt='#'>
@@ Line 31: / Line 36: @@
 </cli>
-emgr_check_ifixes
+**emgr_check_ifixes**
-  * -D automatically download the required fixes to the host in /tmp/ifix_ ${PID}
+  * **-D** automatically download the required fixes to the host in /tmp/ifix_${PID}
 Download a specific efix
   # emgr_download_ifix -L https://aix.software.ibm.com/aix/efixes/security/ntp_fix14.tar -P .
+<cli prompt='#'>
+# emgr -lv3 | tail -18
+APAR information:
+=================
+APAR number:      IJ49378
+APAR abstract:    crl download fails after change in certificate server
+APAR number:      IJ49379
+APAR abstract:    emgr_download_ifix fails with ssl connection failed
+APAR number:      IJ49220
+APAR abstract:    default download path of emgr_check_ifixes is /tmp/ifix
+Description:
+============
+IJ49378 - crl download fails after change in certificate server
+IJ49379 - emgr_download_ifix fails with ssl connection failed
+IJ49220 - default download path of emgr_check_ifixes is /tmp/ifix
+</cli>
+===== Efix detailed info =====
+View the content of an efix package
+<cli prompt='>'>
+[root@aix001]/export/software/efix/openssh_fix15> emgr -d -v3 -e 38408m9a.230811.epkg.Z
++-----------------------------------------------------------------------------+
+Efix Manager Initialization
++-----------------------------------------------------------------------------+
+Initializing log /var/adm/ras/emgr.log ...
+Efix package file is: /export/software/efix/openssh_fix15/38408m9a.230811.epkg.Z
+MD5 generating command is /usr/bin/csum
+MD5 checksum is d44fd5020b283c0e3fc121daacabaa03
+Accessing efix metadata ...
+Verifying efix control file ...
+Unpacking efix package file ...
++-----------------------------------------------------------------------------+
+Efix Attributes
++-----------------------------------------------------------------------------+
+LABEL:            38408m9a
+PACKAGING DATE:   Fri Aug 11 06:51:30 CDT 2023
+ABSTRACT:         Ifix for openssh vulnerabilities
+PACKAGER VERSION: 7
+VUID:             00F787C74C00081106082923
+REBOOT REQUIRED:  no
+BUILD BOOT IMAGE: no
+LU CAPABLE:       yes
+PRE-REQUISITES:   yes
+SUPERSEDE:        no
+PACKAGE LOCKS:    no
+E2E PREREQS:      no
+FIX TESTED:       no
+EFIX FILES:       11
+Install Scripts:
+   PRE_INSTALL:   no
+   POST_INSTALL:  no
+   PRE_REMOVE:    no
+   POST_REMOVE:   no
+File Number:      1
+   LOCATION:      /usr/bin/ssh
+   FILE TYPE:     Standard (file or executable)
+   INSTALLER:     installp
+   SIZE:          5480
+   ACL:           DEFAULT
+   CKSUM:         49408
+   PACKAGE:       openssh.base.client
+   MOUNT INST:    no
+...
++-----------------------------------------------------------------------------+
+Efix Description
++-----------------------------------------------------------------------------+
+Ifix for CVE_2023_38408 and fix for sftp Allow/Deny Files Security Vulnerability
++-----------------------------------------------------------------------------+
+Displaying Configuration File "PREREQ"
++-----------------------------------------------------------------------------+
+openssh.base.client 8.1.102.2106 8.1.102.2106
+openssh.base.server 8.1.102.2106 8.1.102.2106
++-----------------------------------------------------------------------------+
+Displaying Configuration File "APARREF"
++-----------------------------------------------------------------------------+
+NONE
++-----------------------------------------------------------------------------+
+Operation Summary
++-----------------------------------------------------------------------------+
+Log file is /var/adm/ras/emgr.log
+EPKG NUMBER       LABEL               OPERATION              RESULT
+===========       ==============      =================      ==============
+                 38408m9a            DISPLAY                SUCCESS
+Return Status = SUCCESS
+</cli>
+View the content of an installed efix
+<cli prompt='>'>
+[root@aix001]/root> emgr -P
+PACKAGE                                                  INSTALLER   LABEL
+======================================================== =========== ==========
+invscout.rte                                             installp    is22026s1a
+oss.lib.libcurl                                          installp    853sa
+openssh.base.client                                      installp    9211224a
+openssh.base.server                                      installp    9211224a
+openssl.base                                             installp    3013sa
+[root@aix001]/root> emgr -l -v3 -L is22026s1a
++-----------------------------------------------------------------------------+
+EFIX ID: 1
+EFIX LABEL: is22026s1a
++-----------------------------------------------------------------------------+
+LABEL:                  is22026s1a
+STATE:                  STABLE
+UPDATED BY:
+ABSTRACT:               invscout fix for CVE-2024-27260
+VUID:                   00F7CD554C00051412053724
+PACKAGER VERSION:       7
+INSTALL DATE:           08/01/24 13:47:05
+EPKG VERSION:           7
+REBOOT REQUIRED:        no
+BUILD BOOT IMAGE:       no
+LU CAPABLE:             yes
+PACKAGE LOCKS:          no
+SUPERSEDE:              no
+INSTALLP PREREQUISITES: yes
+E2E PREREQUISITES:      no
+FIX TESTED:             no
+FILES:                  1
+Install Scripts
+===============
+PRE_INSTALL:            no
+POST_INSTALL:           no
+PRE_REMOVE:             no
+POST_REMOVE:            no
+FILE NUMBER:      1
+   LOCATION:      /usr/sbin/invscout
+   FILE TYPE:     Standard (file or executable)
+   INSTALLER:     installp
+   SIZE:          1044
+   CKSUM:         51101
+   ACL:           DEFAULT
+   PACKAGE:       invscout.rte
+   MOUNT INST:    no
+Installp Prerequisite Information:
+==================================
+PREREQUISITE NUM:      1
+   FILESET:            invscout.rte
+   MINIMAL LEVEL:      2.2.0.25
+   MAXIMUM LEVEL:      2.2.0.26
+   TYPE:               PREREQ
+   LEVEL AT INSTALL:   2.2.0.26
+Efix to Efix Prerequisite Information:
+======================================
+No efix to efix prerequisites data.
+APAR information:
+=================
+No APAR numbers listed.
+Description:
+============
+invscout fix - CVE-2024-27260
+</cli>
+===== Efix DB location =====
+Efix inventory is stored in a text file: “/usr/emgrdata/DBS/efix.db” and “/usr/emgrdata/DBS/pkglck.db”
+<cli prompt='#'>
+[root@aix01]/root# cat /usr/emgrdata/DBS/efix.db
+IJ36810s3a|:|IJ36810 Potential security issue|:|.|:|.|:|.|:|.|:|0|:|1|:|00F7CD554C00121710122121|:|1|:|05/02/22 12:21:09|:|S|:|0|:|7|:|.|:|.|:|.|:|0|:|1|:|1|:|.
+1022103a|:|Ifix for Openssl CVE-2022-0778|:|.|:|.|:|.|:|.|:|0|:|1|:|00F787C74C00042206045322|:|5|:|06/30/22 08:52:53|:|S|:|0|:|7|:|.|:|.|:|.|:|0|:|1|:|1|:|.
+[root@aix01]/root# cat /usr/emgrdata/DBS/pkglck.db
+IJ36810s3a|:|1|:|/usr/bin/lscore|:|bos.rte.security|:|1|:|1|:|050212051122|:|7.2.5.101
+1022103a|:|1|:|/usr/lib/libcrypto.a|:|openssl.base|:|1|:|5|:|063008060322|:|1.0.2.2103
+1022103a|:|2|:|/usr/lib/libssl.a|:|openssl.base|:|1|:|5|:|063008060422|:|1.0.2.2103
+1022103a|:|3|:|/usr/lib/libcrypto.a.min|:|openssl.base|:|1|:|5|:|063008060422|:|1.0.2.2103
+1022103a|:|4|:|/usr/bin/openssl|:|openssl.base|:|1|:|5|:|063008060422|:|1.0.2.2103
+1022103a|:|5|:|/usr/bin/openssl64|:|openssl.base|:|1|:|5|:|063008060522|:|1.0.2.2103
+</cli>
+===== Efix TAR installation =====
+To install an efix based on TAR efix package, use the following command
+<cli prompt='#'>
+# /usr/sbin/emgr_sec_patch kernext_fix.tar
+...
+Efix State
++-----------------------------------------------------------------------------+
+Setting efix state to: STABLE
++-----------------------------------------------------------------------------+
+Operation Summary
++-----------------------------------------------------------------------------+
+Log file is /var/adm/ras/emgr.log
+EPKG NUMBER       LABEL               OPERATION              RESULT
+===========       ==============      =================      ==============
+                 IJ52610m2a          INSTALL                SUCCESS
+Return Status = SUCCESS
+Done
+em+-----------------------------------------------------------------------------+
+Checking System Level Prerequisites
++-----------------------------------------------------------------------------+
+calling emgr -p -e /tmp/emgr_12321112/kernext_fix/IJ52977s2a.241113.epkg.Z
+gr -PSkipping ifix
+See /var/adm/ras/emgr.log for more details
++-----------------------------------------------------------------------------+
+Checking System Level Prerequisites
++-----------------------------------------------------------------------------+
+calling emgr -p -e /tmp/emgr_12321112/kernext_fix/IJ52977s3a.241113.epkg.Z
+Skipping ifix
+See /var/adm/ras/emgr.log for more details
+</cli>

wiki

User Tools

Site Tools

Differences

Page Tools