The BigFix Patch Download Plugin and Cacher components have been updated to resolve the security vulnerabilities identified within the urllib3 Python package.
Updated Tools Version:
| Name | Version |
|---|---|
| AIX Download Plugin | 5.0.4.0 |
| AIX Download Cacher | 8.0.0.5 |
| AIX R2 Download Plugin | 1.0.1.5 |
| RHSM Download Plugin | 1.0.12.0 |
| RHSM Download Cacher | 1.0.12.0 |
| OEL Download Plugin | 1.0.2.0 |
| OEL Download Cacher | 1.0.2.0 |
| Rocky Download Plugin | 1.0.2.0 |
| Rocky Download Cacher | 1.0.2.0 |
| Solaris Download Plugin | 3.0.3.0 |
| Solaris Download Cacher | 7.0.0.3 |
| SCC Download Plugin | 1.1.7.0 |
| SCC Download Cacher | 1.1.7.0 |
| CentOS R2 Download Plugin | 1.0.2.0 |
| CentOS R2 Download Cacher | 1.0.2.0 |
| OpenSUSE Download Plugin | 1.0.3.0 |
| OpenSUSE Download Cacher | 1.0.3.0 |
| Middleware Download Plugin | 1.0.0.3 |
Reasons for update:
The new version of the plugins resolves security vulnerabilities. Along with this we have included some minor enhancements in RHSM Download Plugin and RHSM Download Cacher to check certificate validity.
Actions to take:
-
Gathering of the Patching Support site version 1287 or later will have the new content available.
-
From the āManage Download Plug-insā dashboard select each Plug-in with the following state of āNew Version Availableā and click on the āUpgradeā button. Then you must use the āConfigureā button to reapply any required proxy and/or 3rd party vendor credentials. If you do not require a proxy configuration, simply leave the requested entries blank with no values and proceed with the configuration process.
Note: Security Bulletins with the details of the resolved vulnerabilities are published here: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0128583
Published site version:
Patching Support, version 1288
Application Engineering Team
BigFix