download and install of efixes not installing correct ones #407
Comments
|
Thanks @smurphyit . We did make some changes in this module in recent release. Let us check and we will get back. Assigning the defect to @schamola. |
|
Hi @smurphyit, Can you please send these files to this email id: [email protected] |
|
Hi @smurphyit |
|
This issue seems idol since long time. Please reopen this issue if @smurphyit is still facing the problem. We really dont want to pile up idol issues. It does not help in prioritizing the items. Thanks ! |
When performing a flrt playbook download, it appears the VIOS efix is being picked alot of times, instead of the AIX efix.
Ran playbook against an AIX 7200-05-04 system (with no previous ifixes installed):
$ ansible-playbook -i testinventory -e "hosts=test1.example.com" playbooks/flrt/flrtvc-dload-only.yml -k
...
"result": {
"meta": {
"0.report": [
"Fileset|Current Version|Type|EFix Installed|Abstract|Unsafe Versions|APARs|Bulletin URL|Download URL|CVSS Base Score|Reboot Required|Last Update|Fixed In",
"bos.mp64|7.2.5.105|sec||NOT FIXED - AIX is vulnerable to denial of service vulnerabilities - kernel|7.2.5.100-7.2.5.107|IJ48608 / CVE-2023-45171 / CVE-2023-45175|https://aix.software.ibm.com/aix/efixes/security/kernel_advisory6.asc|https://aix.software.ibm.com/aix/efixes/security/kernel_fix6.tar|CVE-2023-45171:6.2 CVE-2023-45175:6.2|YES|01/10/2024|7200-05-07",
"bos.mp64|7.2.5.105|sec||NOT FIXED - AIX is vulnerable to denial of service vulnerabilities - kernel|7.2.5.100-7.2.5.107|IJ49202 / CVE-2023-45171 / CVE-2023-
45175|https://aix.software.ibm.com/aix/efixes/security/kernel_advisory6.asc|https://aix.software.ibm.com/aix/efixes/security/kernel_fix6.tar|CVE-2023-45171:6.2 CVE-2023-4517
5:6.2|YES|01/10/2024|See Bulletin",
"openssh.base.client|8.1.102.2106|sec||NOT FIXED - AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH|8.1.102.0-8.1.102.2106|38408m9a / 38408m9b / 38408m9c / CVE-2023-38408 / CVE-2023-40371|https://aix.software.ibm.com/aix/efixes/security/openssh_advisory15.asc|https://aix.software.ibm.com/aix/efixes/security/openssh_fix15.tar|CVE-2023-38408:8.1 CVE-2023-40371:6.2|NO|08/23/2023|See Bulletin",
"bos.rte.control|7.2.5.101|sec||NOT FIXED - AIX is vulnerable to a denial of service due to libxml2|7.2.5.100-7.2.5.103|IJ47597 / CVE-2023-28484 / CVE-2023-29469|https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory5.asc|https://aix.software.ibm.com/aix/efixes/security/libxml2_fix5.tar|CVE-2023-28484:5.5 CVE-2023-29469:5.5|NO|07/25/2023|7200-05-07",
...
"1.parse": [
"https://aix.software.ibm.com/aix/efixes/security/kernel_fix6.tar",
"4.2.check": [
"/usr/sys/inst.images/work/tardir/kernel_fix6/IJ49202m2b.240109.epkg.Z",
"/usr/sys/inst.images/work/tardir/kernel_fix6/IJ49533m4a.231219.epkg.Z",
"/usr/sys/inst.images/work/tardir/openssh_fix15/38408m9a.230811.epkg.Z",
"/usr/sys/inst.images/work/tardir/libxml2_fix5/IJ47597m4a.230718.epkg.Z",
expected behaviour:
The IJ49202m2b fix is actually a kernel fix for VIOS ios 3.1.3. It should of selected IJ48608 for AIX 7.2.5.4
The IJ49533m4a selected fix is the nfs kernel extension for VIOS 3.1.3, instead of IJ48671 for AIX 7.2.5
38408m9a.230811.epkg.z is correct for AIX 7.2.5.4.
IJ47597m4a is correct for AIX 7.2.5.4.
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: