Vulnerability/security patch management

I'm looking for the best way to manage SAP security patches and vulnerabilities. We have to do a monthly assessment of the newly released vulnerabilities from SAP and determine if they relate to our systems. I'm having a hard time finding a good place to get a list of recently released notes.
I found https://websmp210.sap-ag.de/security - click on Security Notes, but the list doesn't appear to list everything, and doesn't show what is new or updated from month to month. This creates a lot of manual work looking at each note every month.
Does anyone know of any tools that can help with this. I'm looking for something like what Microsoft does with it's monthly security updates, and ideally a tool like WSUS that can analyze the systems to determine if they require the patch or not.

Hello Jeff,
Very good question! I have very often thought about this, and how I would like to have the information communicated to me without it being communicated to anyone else...
Specifically regarding the security notes page, I have observed that the notes are added to the list at the top. However, the release date of the note, an update to the version of the note, nor a related note does not bump it to the top again nor influence the specific order.
Certainly, the notes which are listed there are important ones (as indicated by Keerti)... or the principle is... some components are worth keeping an eye on, particularly if you use them or they are new.
Alone the fact that they are published for all OSS users and additionally on that (security) page, should be reason enough to think seriously about implementing it or considering it in your own developments... If you look at some of them, you might also see they are corrections which enable security controls, so regarding your patch management I can also recommend that you differentiate between your "program error patching cycle", and your "correction and activation instruction cycle". Of course, some notes are not intrusive on customers who do not require the correction or are oblivious to it.... so you can patch until the cows come home... it will not help you until you activate the new security feature or change your technique... User types are an example of this.
In some special cases, you need to have found the problem, before you are able to activate a solution for it. Sometimes you have to use the potentially problematic feature (setting up customizing or settings for it, and assigning authorizations to use it...) at which point the system will point things out to you. In other cases, the system will hassle you to change it for many reasons, not only the security reason.
It makes sense to restrict authorizations and settings to only that which you use. That helps a lot. See various threads here on transaction SU24 for some examples from the authorizations aspect of security.
Another tricky aspect is, once someone has a patch installed in their system or a security researcher has found a bug... should they make statements about it in the internet (followed by Smiley's :-)...? Often, a 90 day grace-period for admins is observed.
If you stick around here at SDN and read some of the posts here carefully, then you can also learn a lot in a relatively short space of time, on an ongoing sort of distributed space of time....
Reading the security wiki's and guides are also very helpfull of course.
Risk rating can also be tricky. You might find that if your security analysts are all security or authorization admins, then they might prefer to go for program corrections rather than role changes... or concept changes... Management might even resist changes, for fear of them, their costs, etc.
Regarding analyzing your systems, you might want to consider a "Security Optimization Service" session. You can also download this and maintain your own additional checks. That requires a small additional effort and cost. You can find more information on it by searching "OSS" and service.sap.com/security. In a 1 day or more detailed session if you want, you can cover many risks with a relatively low effort.
I have participated in two of these (we requested them) and it was helpfull. I also provided some feedback to SAP suggesting checks and some risks. My take on it is: If we contribute to improving standard solutions (and reporting bugs), then we all benefit from it "for free" in the standard products.
Last but not least, there is monitoring. You can learn a lot from the various monitoring possibilities (check your legal requirements for security there as well).
Some thoughts from me for your interesting question,
Julius

Similar Messages

Hi, I don't know how to find a specific security patch to apply to my Oracle database version to fix a vulnerability

Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
Risk: High
Application: oracle_tnslsnr
Port: 1521
Protocol: tcp
Synopsis:
It is possible to register with a remote Oracle TNS listener.
Description:
The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
legitimate database server or client to an attacker-specified system.
Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
or denial of service attacks on a legitimate database server.
Solution:
Apply the work-around in Oracle's advisory.
Thank you for your help

2835604 wrote:
Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
Risk: High
Application: oracle_tnslsnr
Port: 1521
Protocol: tcp
Synopsis:
It is possible to register with a remote Oracle TNS listener.
Description:
The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
legitimate database server or client to an attacker-specified system.
Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
or denial of service attacks on a legitimate database server.
Solution:
Apply the work-around in Oracle's advisory.
Thank you for your help
that sounds like the "tns poison" vulnerability. CVE 2012-1675 - Oracle Security Alert CVE-2012-1675
See MOS note 134083.1 and 1453883.1

Need a Vulnerability Severity Report for Patch Management

In the standalone version of patch management (v6.4) there was a dashboard feature on the server home page called Vulnerability Severity. It was a graphic chart that displayed the percentage of un-remediated applicable vulnerabilities vs applicable vulnerabilities grouped by vulnerability severity. This feature is not available in the BusinessObject Enterprise InfoView. It looks like the only way I have of getting this feature is to create a report, but I am not an expert at using InfoView. I was wondering if anyone had any tips on creating such a report?
The only predefined report that even comes close is the Vulnerability Analysis report, but it's hundreds of pages long. I need something on a single page, like a chart, showing the percentages grouped by vulnerability severity (critical, recommended, optional).

mdstewar,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Patch Management - Vulnerability Analysis Report

In BOE, under the Public folder, there's a predefined report for Patch Management called Vulnerability Analsysis. This report has several fields: Vulnerability, Criticality, Devices......etc. I'm looking for something that will explain this report. For example, what is the Devices field telling us? It looks to be some sort of status count, but none of the values in my report exceed the value of 3. Another example.....for the "MS 936929 Windows XP Service Pack 3" vulnerability, my report shows 3 for Devices, 938 patched, 46 not patched, 3 not applicable, 0 error, 46 detecting, and 76% patched. Again....I have no idea what the value 3 for Devices means?

mdstewar,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

I'm using my iPad with iOS v 6.1.3- is there a security patch for the SSL/TLS vulnerability for this, or do I have to go to 7.0.6?

I'm using my iPad with iOS 6.1.3. Is there a security patch for this version, or do I have to update to iOS 7.0.6?

There is an update for iOS 6... v6.1.6. But it is only available to iPhone 3GS and iPod touch 4th gen users. http://support.apple.com/kb/HT6146?viewlocale=en_US&locale=en_US
For iPad, the highest supported os for iOS 6 is v6.1.3. If you want to get the security patch, you'll have to go to iOS 7.0.6.
Hope this answers your question.
~Joe

Oracle Security Patch Error while applying --The filename, directory name,

Hello,
I am running into strange error while applying Oracle Security Patch 68 by using Opatch.
Supposedly, All the environment variables are set properly.
ACTIVE_STATE_PERL=true
DBMS_TYPE=ORA
dbs_ora_tnsname=YBQ
JAVA_HOME=C:\jdk1.3.1_10
OPATCH_DEBUG=TRUE
ORACLE_HOME=E:\oracle\ora92
ORACLE_SID=YBQ
Path=E:\oracle\OPatch;C:\jdk1.3.1_10\bin;E:\oracle\Perl\bin;E:\oracle\ora92\jre\1.4.2\bin\client;E:\oracle\ora92\jre\1.4.2\bin;E:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\VERITAS Shared;\NetBackup\bin;C:\Program Files\Windows Resource Kits\Tools\;C:\Program Files\Support Tools\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;E:\usr\sap\YBQ\SYS\exe\run
Installed Active Perl. latest version
downloaded Opatch 1.0.0.50
and the patch number 3738339
I went to that directory and run the command :
perl opatch.pl apply
It started of well.
OPatch version is: 1.0.0.0.50
Using ORACLE_HOME/oui to look up oui libs...
Oracle Home = E:\oracle\ora92
Location of Oracle Inventory = E:\oracle\ora92\inventory
Oracle Universal Installer shared library = E:\oracle\ora92\oui\lib\win32\oraInstaller.dll
Path to Java = "E:\oracle\ora92\jre\1.4.2\bin\java.exe"
Location of Oracle Inventory Pointer = N/A
Location of Oracle Universal Installer components = E:\oracle\ora92\oui
Required Jar File under Oracle Universal Installer = jlib\OraInstaller.jar
find under OH/oui/jlib
found OraInstaller.jar
Checking if this is a RAC system...
Accessing inventory... This may take up to 300 seconds.
(retry 10 times, delay 30 seconds each time)
System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;.:E:\oracle\ora92\jlib\srvm.jar" opatch/O2O "e:\oracle\ora92" "E:\oracle\ora92\oui" opatch.pl 1.0.0.0.50"
Result:
----- DEBUG is ON -------
oracle.installer.startup_location will be set to E:\oracle\ora92\oui
oracle.installer.oui_loc will be set to E:\oracle\ora92\oui
oracle.installer.scratchPath will be set to /tmp
opatch.local_node_only is OFF
retryOption is ON: 10
delayOption is ON: 30
Few more stuff here .. not pasting the entire contents
System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;." opatch/CheckConflict "E:\oracle\ora92\oui" "e:\oracle\ora92" opatch.pl 1.0.0.0.50 3738339 "3741539 3528282 3516951 3622875 3668572 3371796 3239873 3356103 3543125 3666502 2800494 2824035 2964252 3617042 3320622 3571233 3253770 3492040 3566469 3354470 3625370 3583686 3150750 3617519 3635177 3597640 3749394 3542588 3698501 2954891 2918138 3559212 3518909 3412818 3430832 3172282 3358490 3637624 3458446 3179637 2810394 3668224 3609791 3566813 3475932 2338704 3412136 3388633 3540576 3571226 3575743 2690205 3240280 3509265 3177513 3575747 3811906 3554319 3752406 3323435 " E:\3738339\etc\config\actions"
Result:
opatch.pl version: 1.0.0.0.50
Copyright (c) 2001-2004 Oracle Corporation. All Rights Reserved.
The filename, directory name, or volume label syntax is incorrect.
Error in executing Java program to check conflict
ERROR: OPatch failed during pre-reqs check.
Now there is no problem with executing the last java program in the same prompt by removing the first and the last double quote "
Please advise.
Thanks in advance.

hi somnath,
this is the portal content management forum. for your database question please use the database forums:
http://forums.oracle.com/forums/index.jsp?cat=18
thanks,
christian

In deadlock after every release of security patch

After a security patch release is available the user has to visit the download page which
can "speak" only Flash using the vulnerable installation of Flash Player.
That means the user must expose own system to attacks in order to download the patched version.
What bad concept. Where is the Adobe specialist responcible for the concept?
Please do not claim one can trust the Adobe server and download page.
Nowadays, there is no one server nor url trustful.
Certificate issuers are not trustfull - see accidents from few last months.
So, the more the servers nor internet sides can be trustfull.
And the link to offline installer does not work due to disabled flash player
or for any other reason. See http://kb2.adobe.com/de/cps/191/tn_19166.html
and the url placed there
Flash Player 10 Plugin (Alle anderen Windows-Browser, wie etwa Firefox oder Google Chrome)
User does not decide to enable vulnerable flash installation and is not able to update
to the patched one. It is a dead-lock.

Under Adobe Forums: Forum: Flash Player ?
It is defenitely too deep in Adobe's world.
Official download page is not a forum page.
Most of normal and PC non-freaks willl look there for downloads/updates.
Link to full installer should be placed on official download page.
Additionally, this page should not use Flash Player.
Just to avoid a dead-lock when an update includes security patches.
Additionally, as JackMcNac states it above the links to off-line
installers and to be find somewhere in the Flash Online Support
do not always work - it can't be.

What is Sun's answer about PCA patch manager free tool ?

Hi all,
this post aims on echoing customers'feedback.
from customers'experience it seems that smpatch from patch manager tool is suffering of a lack of reliability.
One of them moved to a new freeware called PCA-Patch Check Advanced
http://www.par.univie.ac.at/solaris/pca/
From PCA Web Site we can read:
Sun has offered various tools in the past to analyze Sun/Solaris systems for patches which are installed or missing, e.g. PatchDiag, PatchCheck, PatchPro, smpatch (see the Sun Patch Portal for details). Some of them are not actively maintained, some are huge and opaque, some don't run on older Solaris releases or stripped-down machines. None of them really made me happy. Based on PatchCheck source I implemented PCA, which gets rid of the disadvantages of Sun's own tools.
I would like to know what is Sun's position and could it be possible to integrate such a tool ?
Thanks.
Malek.

- Sun is always interested in customer feedback, and is interested in
the concerns expressed here.I'd also very muck like Sun to be interested in fixing the customers problems, which has not been done in my cases. No solution or explanation has been given to my many cases opened on smpatch, and this, even though in some cases, patches were made (months later): I was never told about them. Which makes me wonder about the point of having paid support contracts in the first place.
But since UM was developed by interns, it's no wonder there's trouble maintaining it (how do I know? I've been an intern doing Java development, and I made the exact same beginner's mistakes, not knowing to handle exceptions, leaving debug output on stdout, being unable to make proper localisation).
It's obviously not the work of experienced Java programmers. Hard to trust it...
- We do understand that opaque is bad, but one of Sun's goals is to
provide complex analysis beyond matching patches with installed
packages. This analysis and its support processes will necessarily
be somewhat opaque.What analysis are you talking about? smpatch is not even able to tell me that security fixes are available for NSS, which has been part of Solaris for years. PCA does.
And what about Studio? Why can't smpatch tell me there are patches for that, too? And why aren't free patches, that are neither recommended nor security (such as the man patches) shown by smpatch when running without a contract?
- We are interested in the concerns surrounding stripped-dow
systems, and are considering a "light" version of our tools that would
support minimal systems. However at this time there are no plans to
release a light version.And what about systems without a network?
And what about not forcing me to read and agreeing to a, abusive license agreement, which can't even be printed, nor shown full screen (5 lines at a time!)?
And, please, can you explain me why I should agree to respect Reuters so-called intellectual property? What does it have to do to with keeping my systems up to date reliably and easily? Is it a competition between Sun and Microsoft to put the most ludicrous licenses on line?
Anyway, I'm sure Solaris 11 will introduce some new bloated offspring of the PatchProManagerUpdateConnection family, so I'm not holding my breath. Rather than repeat this experience again and again, I'll stick with PCA.
Laurent

Handling of pending reboot, exclusive updates for patch management with SCCM 2012

Hello,
Planning to use SCCM 2012, I would like to understand how smart is SCCM 2012 when dealing with specific patch management situation.
Assuming I have the following:
- A given server to be patched is missing a lot of updates, several being mutually exclusive. This typical case will require several reboot / patching to properly obtain a server fully up to date.
- A given server to be patched is in pending reboot state because the local admin installed new software and has not restarted the server yet as requested
- Those servers have configured maintenance windows of 2 hours during each night. I scheduled a deployment of missing patches authorizing restart.
--> when the maintenance window will be reached:
- will the server first be restarted to clean the pending reboot ?
- will the the server be patched / restarted several times as required to fully meet the updates to be deployed.
Another scenario on workstation side:
- can I enforce deployment of updates at a given time, do not automatically restart the workstation during patch deployment, but after deployment schedule a mandatory restart with a countdown if there is a pending reboot... From end-user perspective, it
would have the following behavior. For instance:
- patches are automatically installed on Monday at 10 AM
- as soon as deployment is done, warning message is displayed to ask users to reboot
- then user has up to 48h to restart his computer by himself. If he does not do it, it will be automatically done after countdown expires.
--> Can such a scenario be managed by SCCM 2012 ?
Regards.

Hi,
I have a related question about deploying Microsoft Security Updates to workstations via SCCM 2012. Is there a way to deploy the MS updates to workstations and only suppress reboots for machines with users logged on or locked? There seems to
be only 2 different options for reboots, Suppress them all or don't suppress them at all. We would like SCCM to reboot the machines that are logged off, but suppress the reboot for those that are logged on, while at the same time, provide the user with
a notification that their machine needs to be rebooted (at their convenience).
We've tried applying the Domain GPO "No auto-restart with logged on users for scheduled automatic updates installations" (Enabled) and "Configure Automatic Updates" (Disabled), but the logged on/locked machines still receive the restart countdown with no
option to postpone or delay.
This is a show stopper for us since we have an environment where we are absolutely not allowed to reboot a logged on machine.
For a little background, we are coming from SMS 2003 and the Distribute Software Updates (ITMU) way of deploying MS Updates, where we could always set the program to run "Only when no user is logged on".
Please tell me there is a way to achieve our desired result.
Thanks,
Dan

ZCM Patch Management Patch Status Inaccuracies

We currently have issues with ZCM Patch Management incorrectly reporting the status of a couple of Microsoft updates. Specifically, we have firm evidence of this for the following patches (but suspect there may be more):
Microsoft Office 2007 SP3 - Microsoft Baseline Security Analyzer shows it as required, ZCM says its already applied.
MS11-049 InfoPatch 2007 - Microsoft Baseline Security Analyzer shows it as required, ZCM says it's not applicable.
We are checking the ZCM status in both the {guid}.state file on the device (which has today's date stamp) and in ZCC - both of these places show the same, incorrect, status.
We see this issue on multiple managed devices. The zone is 10.3.3. Devices have 10.3.3 with Patch Management Agent Update 2.
This isn't a timing issue, as we have left things several days before checking the status again.
I am raising a call with our Novell reseller, but am interested to find out if anyone else is seeing similar issues.
Thanks,
Martin

metheridge,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/

Patch management solution for Mac software?

Does anyone know of a solution to managing the update/patching of Mac software other than the Mac App Store for home users? I know there are enterprise solutions, but I am looking for something that is comparable to Secunia PSI.

That is not my experience with Secunia PSI. It is an excellent home utility for Windows systems to keep the latest security patches applied to more than just the Microsoft products. And by "more", I mean every product that I have ever loaded on a Windows computer.
I am happy that the Mac is not targeted often, but it is targeted. Fixing flaws quickly is important to minimizing the risk of vulnerabilities. Currently, the only product I am aware of that does this is Mackeeper, which the community here has derided because of the aggresive tactics that vendor takes to sell the product and the general sense that Macs dont need any utility software because of a few cleanup scripts that Apple runs automatically.
I dont agree with agressive sales, but I also do not agree that Macs have no need for security software
Macs are great computers, but they are not flawless systems. (http://web.nvd.nist.gov/view/vuln/search-results?query=mac_os_x) Maybe more products for the Mac will go to App store distribution, which will greatly simplify updates, but I am not holding my breath for all the applications that I use.

NullPointerException on Patch Management tab

I upgraded yesterday to 11.2.3a. When I go to a device and look at the Patches tab, patches are listed with the devices status and I can deploy patches. However, if I go to the main Patch Management home or the Subscription Download on the Configuration home, I get a java.lang.NullPointException. Any ideas would be much appreciated.
Here is the full error details:
16 May 2013 11:55:47 ============== Exception (begin) ===========================
16 May 2013 11:55:47 Exception occured
java.lang.NullPointerException
at java.lang.String.compareTo(String.java:1167)
at java.lang.String.compareTo(String.java:92)
at java.util.Arrays.mergeSort(Arrays.java:1144)
at java.util.Arrays.mergeSort(Arrays.java:1155)
at java.util.Arrays.mergeSort(Arrays.java:1155)
at java.util.Arrays.sort(Arrays.java:1079)
at java.util.Collections.sort(Collections.java:117)
at com.patchlink.sapphire.web.pages.vulnerability.Vie wVulnerabilitiesSnapshot.listOfVendors(ViewVulnera bilitiesSnapshot.java:1652)
at com.patchlink.sapphire.web.pages.vulnerability.Vie wVulnerabilitiesSnapshot.setFilterInfoFromSession( ViewVulnerabilitiesSnapshot.java:1389)
at com.patchlink.sapphire.web.pages.vulnerability.Vie wVulnerabilitiesSnapshot.onInit(ViewVulnerabilitie sSnapshot.java:166)
at com.novell.web.controls.WebControl.initRecursive(W ebControl.java:2085)
at com.novell.web.controls.WebControl.addControl(WebC ontrol.java:1495)
at com.novell.web.controls.WebControl.addControl(WebC ontrol.java:1415)
at com.novell.zenworks.fw.web.internal.layout.PluginT emplate.loadContent(PluginTemplate.java:288)
at com.novell.zenworks.fw.web.internal.layout.Snapsho tTemplate.loadContent(SnapshotTemplate.java:84)
at com.novell.zenworks.fw.web.internal.layout.PluginT emplate.onLoad(PluginTemplate.java:130)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2423)
at com.novell.zenworks.fw.web.internal.layout.Snapsho tTemplate.loadRecursive(SnapshotTemplate.java:446)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.WebControl.loadRecursive(W ebControl.java:2429)
at com.novell.web.controls.Page.internalProcessReques t(Page.java:712)
at com.novell.web.controls.Page.processRequest(Page.j ava:667)
at com.novell.zenworks.fw.web.internal.layout.Index.p rocessRequest(Index.java:631)
at com.novell.web.internal.controls.PageTag.doEndTag( PageTag.java:86)
at org.apache.jsp.jsp.index_jsp._jspService(index_jsp .java:187)
at org.apache.jasper.runtime.HttpJspBase.service(Http JspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)
at org.apache.jasper.servlet.JspServletWrapper.servic e(JspServletWrapper.java:377)
at org.apache.jasper.servlet.JspServlet.serviceJspFil e(JspServlet.java:313)
at org.apache.jasper.servlet.JspServlet.service(JspSe rvlet.java:260)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.inv oke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.pro cessRequest(ApplicationDispatcher.java:436)
at org.apache.catalina.core.ApplicationDispatcher.doF orward(ApplicationDispatcher.java:342)
at org.apache.catalina.core.ApplicationDispatcher.for ward(ApplicationDispatcher.java:302)
at com.novell.web.NJWCServlet.serviceImpl(NJWCServlet .java:97)
at com.novell.zenworks.fw.web.internal.ZENworksServle t.service(ZENworksServlet.java:84)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:717)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at com.patchlink.sapphire.web.pages.vulnerability.ses sion.HibernateSessionFilter.doFilter(HibernateSess ionFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBas e.invoke(AuthenticatorBase.java:563)
at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineValve.java:109)
at com.novell.zenworks.tomcat.ZENRequestValve.invoke( ZENRequestValve.java:1293)
at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(H ttp11Processor.java:857)
at org.apache.coyote.http11.Http11Protocol$Http11Conn ectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run( JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
16 May 2013 11:55:47
Exception Info:
16 May 2013 11:55:47 Class....... java.lang.NullPointerException
16 May 2013 11:55:47 Message..... null
16 May 2013 11:55:47 Logged at... Index...............637
16 May 2013 11:55:47 ============== Exception (end) =============================

ZDC shows different missing files on each Primary, but they're all rpm's or about Asset Management, which we don't have active. All servers show the same list of inconsistent files. Could any of these be part of the problem?
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\conf\novell-rm-audit.xml' is inconsistent!!!
Size: expected = 0, actual = 18214
Checksum: expected = 1, actual = a5ad8991
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\esm\ICSharpCode.SharpZipLib. dll' is inconsistent!!!
Size: expected = 201448, actual = 192512
Checksum: expected = d7e66c82, actual = c37d4766
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\esm\Interop.NetFwTypeLib.dll ' is inconsistent!!!
Size: expected = 28672, actual = 28672
Checksum: expected = bf16c605, actual = ca9fc501
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\esm\WscIsvApiLib.dll' is inconsistent!!!
Size: expected = 14192, actual = 11936
Checksum: expected = 18a5f2c9, actual = e423af3d
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\msi\authto kenclientdevel.msi' is inconsistent!!!
Size: expected = 327680, actual = 325632
Checksum: expected = 98957b1d, actual = 607d3917
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\msi\authto kenclientdevel.x86_64.msi' is inconsistent!!!
Size: expected = 327680, actual = 325632
Checksum: expected = 36e23562, actual = f1603309
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\compat-expat1.rpm' is inconsistent!!!
Size: expected = 59145, actual = 59065
Checksum: expected = f1b54bf6, actual = 5702280b
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\identi ty-abstraction-0.1.620-24.noarch.rpm' is inconsistent!!!
Size: expected = 6911277, actual = 6911117
Checksum: expected = f4b62ee4, actual = b643f5b2
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\jakart a-commons-lang.rpm' is inconsistent!!!
Size: expected = 172086, actual = 172006
Checksum: expected = e551cb12, actual = c771b003
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\jakart a-commons-logging-1.0.4-21.2.noarch.rpm' is inconsistent!!!
Size: expected = 57982, actual = 57902
Checksum: expected = f667074d, actual = b59ee928
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\jpacka ge-utils-1.6.3-18.4.i586.rpm' is inconsistent!!!
Size: expected = 26637, actual = 26557
Checksum: expected = 4bc488e9, actual = 23516b4c
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\log4j-1.2.12-15.2.noarch.rpm' is inconsistent!!!
Size: expected = 343490, actual = 343410
Checksum: expected = 9669ef4b, actual = 9f63d9ec
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\novell-zenworks-jsvc-5.5.20-1.i386.rpm' is inconsistent!!!
Size: expected = 43356, actual = 43196
Checksum: expected = 11725eeb, actual = f41423f5
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\rhel-5-i386\hwinfo-8.62-0.novell.2.1.rpm' is inconsistent!!!
Size: expected = 784225, actual = 784225
Checksum: expected = cb04ebba, actual = 84dcea1f
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\rpm\xalan-j2-2.6.0-21.2.noarch.rpm' is inconsistent!!!
Size: expected = 1698260, actual = 1698180
Checksum: expected = c4d9ac2f, actual = ac458b5f
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\tools\ZENw orksInfocollect_Linux.zip' is inconsistent!!!
Size: expected = 8072, actual = 8514
Checksum: expected = 103012d2, actual = a692e502
ERROR File 'C:\Program Files (x86)\Novell\ZENworks\install\downloads\tools\ZENw orksInfocollect_Win.zip' is inconsistent!!!
Size: expected = 2172914, actual = 2181678
Checksum: expected = 234b35e5, actual = 582f2228

Spiceworks Patch Management

Does anyone have a built in tool for Spiceworks Patch Management of 3rd Party Software?
With all of these Zero-day's coming from Adobe Flash I'm really looking into this issue more and more. Managing 120 devices for a major security patch, every month now for the past several months has been very tiresome.
Is there any functionality like this. Are they are good open source tools. The reporting is useful enough, but still a lot of overhead to perform the work.
This topic first appeared in the Spiceworks Community

Fishoil,
checkout the pathc I posted today -
http://download.novell.com/Download?...d=7DjPTWpuxeM~ - could it be
this?
Shaun Pond

Applying Adobe Reader 8.1.2 Security Patch on top of Adobe Pro 7.x

Hi,
Our firm has a number of users running Adobe Standard and Professional 7.x. These users also have Adobe Reader 8 installed simultaneously as well.
According to the Adobe security bulletin below, the security patch for Adobe Standard and Professional 7.x will not be released until May 2008:
http://www.adobe.com/support/security/advisories/apsa08-01.html
Question: if we deployed Adobe Reader 8.1.2 (which addresses the same security vulnerabilities mentioned in the above link) on top of Adobe Standard and Professional 7.x, will the vulnerability be fixed? The businesses will not be upgrading to Adobe Standard / Professional 8.1.2.
Thank you,
Roland Thomas

Not to make excuses or anything but, it's more than a security patch.
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1

Security patch MS11-049 needed for sql 2008 R2 SP2

My Database engine version is:
SQL
Server 2008 R2(SP2)
- 10.50.4260.0(X64)
Jul 11 2012 15:47:13
Copyright(c)
Microsoft Corporation Enterprise Edition(64-bit)
on
Windows NT 6.1
<X64>(Build
7601:
Service Pack 1)(Hypervisor)
According to KB2494086 this security patch is applicable for SQL Server 2008 R2 RTM. Does this vulnerability addressed in SQL 2008 R2 Service Pack 2?
Thanks,
TRouf

Hello,
That update was already part of SP1 and it is part of SP2 too.
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com

Vulnerability/security patch management

Similar Messages

Maybe you are looking for