Avaya Aura® Application Enablement

Product Support Notice © 2019-2020 Avaya Inc. All Rights Reserved. PSN # PSN020400u Avaya Proprietary – Use pursuant to the terms of your signed agreement or company policy. Original publication date: 08-Apr-19. This is Issue #03, published date: Severity/risk level Medium Urgency When convenient 25-Feb-20. Name of problem PSN020400u - Avaya Aura® Application Enablement (AE) Services 8.0.1 Linux Security Updates Products affected Avaya Aura® Application Enablement (AE) Services 8.0.1 (VMware offer) Problem description Oct 3, 2019: Avaya Aura® Application Enablement (AE) Services 8.0.1 Linux Security Update (LSU) 2 is available. (801_LSUPatch2.bin ; PLDS ID AES00000763) Notes: • AE Services Linux Security Updates (LSUs) are cumulative, meaning higher LSU numbers include all of the content of previous/lower LSU numbers for a given release. • AES 8.0.1 LSU 2 is not applicable to the Software Only offer. • AES 8.0.1 LSU 2 is only applicable to AE Services 8.0.1.x • AES 8.0.1 LSU 2 can be applied at any time once the version is 8.0.1.x. • If High Availability is configured, it must be removed before installing the LSU and reapplied after the LSU installation is confirmed.

The following RPMs are installed by AE Services 8.0.1 LSU 2: atk-2.28.1-1.el7.i686.rpm libsss_idmap-1.16.4-21.el7.i686.rpm atk-2.28.1-1.el7.x86_64.rpm libsss_idmap-1.16.4-21.el7.x86_64.rpm avahi-autoipd-0.6.31-19.el7.x86_64.rpm libsss_nss_idmap-1.16.4-21.el7.i686.rpm avahi-libs-0.6.31-19.el7.i686.rpm libsss_nss_idmap-1.16.4-21.el7.x86_64.rpm avahi-libs-0.6.31-19.el7.x86_64.rpm libsss_sudo-1.16.4-21.el7.x86_64.rpm bind-export-libs-9.11.4-9.P2.el7.x86_64.rpm libtevent-0.9.37-1.el7.x86_64.rpm bind-libs-9.11.4-9.P2.el7.x86_64.rpm libthai-0.1.14-9.el7.i686.rpm bind-libs-lite-9.11.4-9.P2.el7.x86_64.rpm libtiff-4.0.3-32.el7.i686.rpm bind-license-9.11.4-9.P2.el7.noarch.rpm libtiff-4.0.3-32.el7.x86_64.rpm bind-utils-9.11.4-9.P2.el7.x86_64.rpm libuuid-2.23.2-61.el7.i686.rpm binutils-2.27-41.base.el7.x86_64.rpm libuuid-2.23.2-61.el7.x86_64.rpm cairo-1.15.12-4.el7.i686.rpm libwayland-client-1.15.0-1.el7.i686.rpm copy-jdk-configs-3.3-10.el7_5.noarch.rpm libwayland-server-1.15.0-1.el7.i686.rpm cryptsetup-libs-2.0.3-5.el7.x86_64.rpm libwayland-server-1.15.0-1.el7.x86_64.rpm cups-libs-1.6.3-40.el7.i686.rpm libwbclient-4.9.1-6.el7.x86_64.rpm cups-libs-1.6.3-40.el7.x86_64.rpm libX11-1.6.7-2.el7.i686.rpm curl-7.29.0-54.el7.x86_64.rpm libX11-1.6.7-2.el7.x86_64.rpm dbus-1.10.24-13.el7_6.x86_64.rpm libX11-common-1.6.7-2.el7.noarch.rpm dbus-libs-1.10.24-13.el7_6.i686.rpm libXau-1.0.8-2.1.el7.x86_64.rpm dbus-libs-1.10.24-13.el7_6.x86_64.rpm libxcb-1.13-1.el7.x86_64.rpm dhclient-4.2.5-77.el7.x86_64.rpm libXcursor-1.1.15-1.el7.i686.rpm dhcp-common-4.2.5-77.el7.x86_64.rpm libXdamage-1.1.4-4.1.el7.i686.rpm dhcp-libs-4.2.5-77.el7.x86_64.rpm libXfixes-5.0.3-1.el7.i686.rpm elfutils-default-yama-scope-0.176- libXft-2.3.2-2.el7.i686.rpm 2.el7.noarch.rpm libXinerama-1.1.3-2.1.el7.i686.rpm elfutils-libelf-0.176-2.el7.i686.rpm libXrandr-1.5.1-2.el7.i686.rpm elfutils-libelf-0.176-2.el7.x86_64.rpm libxshmfence-1.2-1.el7.i686.rpm elfutils-libs-0.176-2.el7.i686.rpm libXxf86vm-1.1.4-1.el7.i686.rpm elfutils-libs-0.176-2.el7.x86_64.rpm linux-firmware-20190429- fribidi-1.0.2-1.el7.i686.rpm 72.gitddde598.el7.noarch.rpm gdk-pixbuf2-2.36.12-3.el7.i686.rpm lz4-1.7.5-3.el7.i686.rpm

gdk-pixbuf2-2.36.12-3.el7.x86_64.rpm lz4-1.7.5-3.el7.x86_64.rpm glib2-2.56.1-5.el7.i686.rpm mariadb-libs-5.5.64-1.el7.x86_64.rpm glib2-2.56.1-5.el7.x86_64.rpm mesa-libEGL-18.3.4-5.el7.i686.rpm glibc-2.17-292.el7.i686.rpm mesa-libgbm-18.3.4-5.el7.i686.rpm glibc-2.17-292.el7.x86_64.rpm mesa-libgbm-18.3.4-5.el7.x86_64.rpm glibc-common-2.17-292.el7.x86_64.rpm mesa-libGL-18.3.4-5.el7.i686.rpm graphite2-1.3.10-1.el7_3.i686.rpm mesa-libglapi-18.3.4-5.el7.i686.rpm gtk2-2.24.31-1.el7.i686.rpm mod_ssl-2.4.6-90.el7.x86_64.rpm gtk-update-icon-cache-3.22.30- NetworkManager-1.12.0-8.el7_6.x86_64.rpm 3.el7.x86_64.rpm NetworkManager-config-server-1.12.0- harfbuzz-1.7.5-2.el7.i686.rpm 8.el7_6.noarch.rpm hicolor-icon-theme-0.12-7.el7.noarch.rpm NetworkManager-libnm-1.12.0- httpd-2.4.6-90.el7.x86_64.rpm 8.el7_6.x86_64.rpm httpd-tools-2.4.6-90.el7.x86_64.rpm NetworkManager-team-1.12.0- http-parser-2.7.1-8.el7.x86_64.rpm 8.el7_6.x86_64.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm NetworkManager-tui-1.12.0-8.el7_6.x86_64.rpm iwl100-firmware-39.31.5.1-72.el7.noarch.rpm nspr-4.21.0-1.el7.i686.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm nspr-4.21.0-1.el7.x86_64.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm nss-3.44.0-4.el7.i686.rpm iwl2000-firmware-18.168.6.1- nss-3.44.0-4.el7.x86_64.rpm 72.el7.noarch.rpm nss-softokn-3.44.0-5.el7.i686.rpm iwl2030-firmware-18.168.6.1- nss-softokn-3.44.0-5.el7.x86_64.rpm 72.el7.noarch.rpm nss-softokn-freebl-3.44.0-5.el7.i686.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm nss-softokn-freebl-3.44.0-5.el7.x86_64.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm nss-sysinit-3.44.0-4.el7.x86_64.rpm iwl4965-firmware-228.61.2.24- nss-tools-3.44.0-4.el7.x86_64.rpm 72.el7.noarch.rpm nss-util-3.44.0-3.el7.i686.rpm iwl5000-firmware-8.83.5.1_1- nss-util-3.44.0-3.el7.x86_64.rpm 72.el7.noarch.rpm ntp-4.2.6p5-29.el7.x86_64.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm ntpdate-4.2.6p5-29.el7.x86_64.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm openssh-7.4p1-21.el7.x86_64.rpm iwl6000g2a-firmware-17.168.5.3- openssh-clients-7.4p1-21.el7.x86_64.rpm 72.el7.noarch.rpm openssh-server-7.4p1-21.el7.x86_64.rpm iwl6000g2b-firmware-17.168.5.2- openssl-1.0.2k-19.el7.x86_64.rpm 72.el7.noarch.rpm openssl-libs-1.0.2k-19.el7.i686.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm pango-1.42.4-4.el7_7.i686.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm pcsc-lite-libs-1.8.8-8.el7.i686.rpm jasper-libs-1.900.1-33.el7.i686.rpm perl-5.16.3-294.el7_6.x86_64.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm java-1.8.0-openjdk-1.8.0.222.b10- 0.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.222.b10- perl-macros-5.16.3-294.el7_6.x86_64.rpm 0.el7_6.i686.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm java-1.8.0-openjdk-headless-1.8.0.222.b10- pixman-0.34.0-1.el7.i686.rpm 0.el7_6.i686.rpm polkit-0.112-22.el7.x86_64.rpm jbigkit-libs-2.0-11.el7.i686.rpm procps-ng-3.3.10-26.el7.x86_64.rpm jbigkit-libs-2.0-11.el7.x86_64.rpm python-2.7.5-86.el7.x86_64.rpm kernel-3.10.0-1062.1.1.el7.x86_64.rpm python-libs-2.7.5-86.el7.x86_64.rpm kernel-tools-3.10.0-1062.1.1.el7.x86_64.rpm python-perf-3.10.0-1062.1.1.el7.x86_64.rpm kernel-tools-libs-3.10.0- python-sssdconfig-1.16.4-21.el7.noarch.rpm 1062.1.1.el7.x86_64.rpm redhat-release-server-7.4- libblkid-2.23.2-61.el7.i686.rpm 18.el7_4.3.x86_64.rpm libblkid-2.23.2-61.el7.x86_64.rpm rsyslog-8.24.0-38.el7.x86_64.rpm

© 2019-2020 Avaya Inc. All Rights Reserved. Page 2 libcurl-7.29.0-54.el7.x86_64.rpm rsyslog-gnutls-8.24.0-38.el7.x86_64.rpm libdrm-2.4.97-2.el7.i686.rpm samba-client-libs-4.9.1-6.el7.x86_64.rpm libdrm-2.4.97-2.el7.x86_64.rpm samba-common-4.9.1-6.el7.noarch.rpm libffi-3.0.13-18.el7.i686.rpm samba-common-libs-4.9.1-6.el7.x86_64.rpm libglvnd-1.0.1-0.8.git5baa1e5.el7.i686.rpm sssd-1.16.4-21.el7.x86_64.rpm libglvnd-egl-1.0.1- sssd-ad-1.16.4-21.el7.x86_64.rpm 0.8.git5baa1e5.el7.i686.rpm sssd-client-1.16.4-21.el7.i686.rpm libglvnd-glx-1.0.1- sssd-client-1.16.4-21.el7.x86_64.rpm 0.8.git5baa1e5.el7.i686.rpm sssd-common-1.16.4-21.el7.x86_64.rpm libgudev1-219-67.el7.x86_64.rpm sssd-common-pac-1.16.4-21.el7.x86_64.rpm libipa_hbac-1.16.4-21.el7.x86_64.rpm sssd-ipa-1.16.4-21.el7.x86_64.rpm libjpeg-turbo-1.2.90-8.el7.i686.rpm sssd-krb5-1.16.4-21.el7.x86_64.rpm libjpeg-turbo-1.2.90-8.el7.x86_64.rpm sssd-krb5-common-1.16.4-21.el7.x86_64.rpm libmount-2.23.2-61.el7.i686.rpm sssd-ldap-1.16.4-21.el7.x86_64.rpm libmount-2.23.2-61.el7.x86_64.rpm sssd-proxy-1.16.4-21.el7.x86_64.rpm libmspack-0.5-0.7.alpha.el7.x86_64.rpm systemd-219-67.el7.x86_64.rpm libpciaccess-0.14-1.el7.i686.rpm systemd-libs-219-67.el7.i686.rpm libpciaccess-0.14-1.el7.x86_64.rpm systemd-libs-219-67.el7.x86_64.rpm libsmartcols-2.23.2-61.el7.x86_64.rpm systemd-sysv-219-67.el7.x86_64.rpm libsmbclient-4.9.1-6.el7.x86_64.rpm unzip-6.0-20.el7.x86_64.rpm libssh2-1.8.0-3.el7.i686.rpm util-linux-2.23.2-61.el7.x86_64.rpm libssh2-1.8.0-3.el7.x86_64.rpm vim-minimal-7.4.160-6.el7_6.x86_64.rpm libsss_autofs-1.16.4-21.el7.x86_64.rpm wget-1.14-18.el7_6.1.x86_64.rpm libsss_certmap-1.16.4-21.el7.i686.rpm libsss_certmap-1.16.4-21.el7.x86_64.rpm

AE Services 8.0.1 LSU 2 includes the installation of the following security updates: Common Vulnerability and Red Hat Exposure (CVE) Updated Package Advisory Red Hat Errata ID kernel kernel-tools kernel-tools-libs CVE-2018-14633 python-perf RHSA-2018:3651 https://access.redhat.com/errata/RHSA-2018:3651 CVE-2018-14646 NetworkManager NetworkManager- config-server NetworkManager- libnm NetworkManager- team NetworkManager-tui RHSA-2018:3665 https://access.redhat.com/errata/RHSA-2018:3665 CVE-2018-15688 libgudev1 systemd CVE-2018-15688 systemd-libs CVE-2018-16864 systemd-sysv RHSA-2019:0049 https://access.redhat.com/errata/RHSA-2018:0049 CVE-2018-16865 perl perl-Pod-Escapes perl-libs RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:0109 CVE-2018-18311

© 2019-2020 Avaya Inc. All Rights Reserved. Page 3 perl-macros kernel kernel-tools kernel-tools-libs CVE-2018-18397 python-perf RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0163 CVE-2018-18559 bind-libs bind-libs-lite bind-license bind-utils RHSA-2019:0194 https://access.redhat.com/errata/RHSA-2019:0194 CVE-2018-5742 libgudev1 systemd systemd-libs systemd-sysv RHSA-2019:0201 https://access.redhat.com/errata/RHSA-2019:0201 CVE-2019-3815 polkit RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0230 CVE-2019-6133 libgudev1 systemd systemd-libs CVE-2018-16864 systemd-sysv RHSA-2019:0271 https://access.redhat.com/errata/RHSA-2019:0271 CVE-2018-16865 libgudev1 systemd systemd-libs systemd-sysv RHSA-2019:0368 https://access.redhat.com/errata/RHSA-2019:0368 CVE-2019-6454 java-1.8.0-openjdk java-1.8.0-openjdk- devel java-1.8.0-openjdk- headless RHSA-2019:0434 https://access.redhat.com/errata/RHSA-2019:0435 CVE-2019-2422 redhat-release-server RHSA-2019:0447 https://access.redhat.com/errata/RHSA-2019:0447 None openssl openssl-libs RHSA-2019:0480 https://access.redhat.com/errata/RHSA-2019:0483 CVE-2018-5407 kernel kernel-tools CVE-2018-9568 kernel-tools-libs CVE-2018-17972 python-perf RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0512 CVE-2018-18445 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 libssh2 RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:0679 CVE-2019-3863 python python-libs RHSA-2019:0710 https://access.redhat.com/errata/RHSA-2019:0710 CVE-2019-9636 java-1.8.0-openjdk java-1.8.0-openjdk- devel CVE-2019-2602 java-1.8.0-openjdk- CVE-2019-2684 headless RHSA-2019:0775 https://access.redhat.com/errata/RHSA-2019:0775 CVE-2019-2698 kernel kernel-tools kernel-tools-libs CVE-2019-6974 python-perf RHSA-2019:0818 https://access.redhat.com/errata/RHSA-2019:0818 CVE-2019-7221 kernel RHSA-2019:1168 https://access.redhat.com/errata/RHSA-2019:1168 CVE-2018-12126 © 2019-2020 Avaya Inc. All Rights Reserved. Page 4 kernel-tools CVE-2018-12127 kernel-tools-libs CVE-2018-12130 python-perf CVE-2019-11091 wget RHSA-2019:1228 https://access.redhat.com/errata/RHSA-2019:1228 CVE-2019-5953 bind-libs bind-libs-lite bind-license bind-utils RHSA-2019:1294 https://access.redhat.com/errata/RHSA-2019:1294 CVE-2018-5743 kernel kernel-tools CVE-2019-11477 kernel-tools-libs CVE-2019-11478 python-perf RHSA-2019:1481 https://access.redhat.com/errata/RHSA-2019:1481 CVE-2019-11479 libgudev1 systemd systemd-libs systemd-sysv RHSA-2019:1502 https://access.redhat.com/errata/RHSA-2019:1502 CVE-2019-6454 python python-libs RHSA-2019:1587 https://access.redhat.com/errata/RHSA-2019:1587 CVE-2019-10160 vim-minimal RHSA-2019:1619 https://access.redhat.com/errata/RHSA-2019:1619 CVE-2019-12735 CVE-2019-2745 java-1.8.0-openjdk CVE-2019-2762 java-1.8.0-openjdk- CVE-2019-2769 devel CVE-2019-2786 java-1.8.0-openjdk- CVE-2019-2816 headless RHSA-2019:1815 https://access.redhat.com/errata/RHSA-2019:1815 CVE-2019-2842 kernel CVE-2018-16871 kernel-tools CVE-2018-16884 kernel-tools-libs CVE-2019-11085 python-perf RHSA-2019:1873 https://access.redhat.com/errata/RHSA-2019:1873 CVE-2019-11811 curl libcurl RHSA-2019:1880 https://access.redhat.com/errata/RHSA-2019:1880 CVE-2018-14618 libssh2 RHSA-2019:1884 https://access.redhat.com/errata/RHSA-2019:1884 CVE-2019-3862 httpd httpd-tools mod_ssl RHSA-2019:1898 https://access.redhat.com/errata/RHSA-2019:1898 CVE-2018-1312 perl perl-Pod-Escapes perl-libs perl-macros RHSA-2019:1942 https://access.redhat.com/errata/RHSA-2019:1942 CVE-2018-18311 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 libssh2 RHSA-2019:1943 https://access.redhat.com/errata/RHSA-2019:1943 CVE-2019-3863 vim-minimal RHSA-2019:1947 https://access.redhat.com/errata/RHSA-2019:1947 CVE-2019-12735 CVE-2018-7755 kernel CVE-2018-8087 kernel-tools CVE-2018-9363 kernel-tools-libs CVE-2018-9516 python-perf RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 CVE-2018-9517

© 2019-2020 Avaya Inc. All Rights Reserved. Page 5 CVE-2018-10853 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14625 CVE-2018-14734 CVE-2018-15594 CVE-2018-16658 CVE-2018-16885 CVE-2018-18281 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3900 CVE-2019-5489 CVE-2019-7222 CVE-2019-11599 CVE-2019-11810 CVE-2019-11833 CVE-2018-14647 CVE-2019-5010 CVE-2019-9740 python CVE-2019-9947 python-libs RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030 CVE-2019-9948 polkit RHSA-2019:2046 https://access.redhat.com/errata/RHSA-2019:2046 CVE-2018-19788 CVE-2018-18584 libmspack RHSA-2019:2049 https://access.redhat.com/errata/RHSA-2019:2049 CVE-2018-18585 CVE-2016-3616 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 libjpeg-turbo RHSA-2019:2052 https://access.redhat.com/errata/RHSA-2019:2052 CVE-2018-14498 bind-libs- bind-libs-lite bind-license bind-utils RHSA-2019:2057 https://access.redhat.com/errata/RHSA-2019:2057 CVE-2018-5741 dhclient dhcp-common dhcp-libs RHSA-2019:2060 https://access.redhat.com/errata/RHSA-2019:2060 CVE-2019-6470 CVE-2018-12641 CVE-2018-12697 binutils RHSA-2019:2075 https://access.redhat.com/errata/RHSA-2019:2075 CVE-2018-1000876 ntp ntpdate RHSA-2019:2077 https://access.redhat.com/errata/RHSA-2019:2077 CVE-2018-12327 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 libX11 CVE-2018-15853 libX11-common RHSA-2019:2079 https://access.redhat.com/errata/RHSA-2019:2079 CVE-2018-15854 © 2019-2020 Avaya Inc. All Rights Reserved. Page 6 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 libgudev1 systemd CVE-2018-15686 systemd-libs CVE-2018-16866 systemd RHSA-2019:2091 https://access.redhat.com/errata/RHSA-2019:2091 CVE-2018-16888 libsmbclient libwbclient samba-client-libs samba-common samba-common-libs RHSA-2019:2099 https://access.redhat.com/errata/RHSA-2019:2099 CVE-2019-3880 rsyslog rsyslog-gnutls RHSA-2019:2110 https://access.redhat.com/errata/RHSA-2019:2110 CVE-2018-16881 glibc glibc-common RHSA-2019:2118 https://access.redhat.com/errata/RHSA-2019:2118 CVE-2016-10739 CVE-2019-3858 libssh2 RHSA-2019:2136 https://access.redhat.com/errata/RHSA-2019:2136 CVE-2019-3861 openssh openssh-clients openssh-server RHSA-2019:2143 https://access.redhat.com/errata/RHSA-2019:2143 CVE-2018-15473 unzip RHSA-2019:2159 https://access.redhat.com/errata/RHSA-2019:2159 CVE-2018-18384 iwl100-firmware iwl1000-firmware iwl105-firmware iwl135-firmware iwl2000-firmware iwl2030-firmware iwl3160-firmware iwl3945-firmware iwl4965-firmware iwl5000-firmware iwl5150-firmware iwl6000-firmware iwl6000g2a-firmware iwl6000g2b-firmware iwl6050-firmware iwl7260-firmware iwl7265-firmware- linux-firmware RHSA-2019:2169 https://access.redhat.com/errata/RHSA-2019:2169 CVE-2018-5383 libipa_hbac libsss_autofs libsss_certmap libsss_idmap libsss_nss_idmap CVE-2018-16838 libsss_sudo RHSA-2019:2177 https://access.redhat.com/errata/RHSA-2019:2177 CVE-2019-3811 © 2019-2020 Avaya Inc. All Rights Reserved. Page 7 python-sssdconfig sssd sssd-ad sssd-client sssd-common sssd-common-pac sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy- curl libcurl RHSA-2019:2181 https://access.redhat.com/errata/RHSA-2019:2181 CVE-2018-16842 procps-ng RHSA-2019:2189 https://access.redhat.com/errata/RHSA-2019:2189 CVE-2018-1122 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 elfutils-default-yama- CVE-2019-7149 scope CVE-2019-7150 elfutils-libelf CVE-2019-7664 elfutils-libs RHSA-2019:2197 https://access.redhat.com/errata/RHSA-2019:2197 CVE-2019-7665 nspr nss nss-softokn nss-softokn-freebl nss-sysinit nss-tools CVE-2018-0495 nss-util RHSA-2019:2237 https://access.redhat.com/errata/RHSA-2019:2237 CVE-2018-12404 CVE-2018-7159 http-parser RHSA-2019:2258 https://access.redhat.com/errata/RHSA-2019:2258 CVE-2018-12121 openssl CVE-2018-0734 openssl-libs RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:2304 CVE-2019-1559 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3081 CVE-2018-3282 CVE-2019-2503 CVE-2019-2529 CVE-2019-2614 mariadb-libs RHSA-2019:2327 https://access.redhat.com/errata/RHSA-2019:2327 CVE-2019-2627 httpd httpd-tools CVE-2019-0217 mod_ssl RHSA-2019:2343 https://access.redhat.com/errata/RHSA-2019:2343 CVE-2019-0220 kernel kernel-tools kernel-tools-libs CVE-2019-1125 python-perf RHSA-2019:2600 https://access.redhat.com/errata/RHSA-2019:2600 CVE-2019-9500 © 2019-2020 Avaya Inc. All Rights Reserved. Page 8

HISTORICAL REFERENCE Apr 04, 2019: Avaya Aura® Application Enablement (AE) Services 8.0.1 Linux Security Update (LSU) 1 is available. (801_LSUPatch1.bin ; PLDS ID AES00000731) Notes: • AE Services Linux Security Updates (LSUs) are cumulative, meaning higher LSU numbers include all of the content of previous/lower LSU numbers for a given release. • AES 8.0.1 LSU 1 is not applicable to the Software Only offer. • AES 8.0.1 LSU 1 is only applicable to AE Services 8.0.1.x • AES 8.0.1 LSU 1 can be applied at any time once the version is 8.0.1.x.

The following RPMs are installed by AE Services 8.0.1 LSU 1: atk-2.28.1-1.el7.i686.rpm libpciaccess-0.14-1.el7.x86_64.rpm atk-2.28.1-1.el7.x86_64.rpm libsmartcols-2.23.2-59.el7_6.1.x86_64.rpm avahi-autoipd-0.6.31-19.el7.x86_64.rpm libthai-0.1.14-9.el7.i686.rpm avahi-libs-0.6.31-19.el7.i686.rpm libtiff-4.0.3-27.el7_3.i686.rpm avahi-libs-0.6.31-19.el7.x86_64.rpm libtiff-4.0.3-27.el7_3.x86_64.rpm bind-libs-9.9.4-73.el7_6.x86_64.rpm libuuid-2.23.2-59.el7_6.1.i686.rpm bind-libs-lite-9.9.4-73.el7_6.x86_64.rpm libuuid-2.23.2-59.el7_6.1.x86_64.rpm bind-license-9.9.4-73.el7_6.noarch.rpm libwayland-client-1.15.0-1.el7.i686.rpm bind-utils-9.9.4-73.el7_6.x86_64.rpm libwayland-server-1.15.0-1.el7.i686.rpm cairo-1.15.12-3.el7.i686.rpm libwayland-server-1.15.0-1.el7.x86_64.rpm copy-jdk-configs-3.3-10.el7_5.noarch.rpm libX11-1.6.5-2.el7.x86_64.rpm cryptsetup-libs-2.0.3-3.el7.x86_64.rpm libXau-1.0.8-2.1.el7.x86_64.rpm cups-libs-1.6.3-35.el7.i686.rpm libxcb-1.13-1.el7.x86_64.rpm cups-libs-1.6.3-35.el7.x86_64.rpm libXcursor-1.1.15-1.el7.i686.rpm dbus-1.10.24-13.el7_6.x86_64.rpm libXdamage-1.1.4-4.1.el7.i686.rpm dbus-libs-1.10.24-13.el7_6.i686.rpm libXfixes-5.0.3-1.el7.i686.rpm dbus-libs-1.10.24-13.el7_6.x86_64.rpm libXft-2.3.2-2.el7.i686.rpm fribidi-1.0.2-1.el7.i686.rpm libXinerama-1.1.3-2.1.el7.i686.rpm gdk-pixbuf2-2.36.12-3.el7.i686.rpm libXrandr-1.5.1-2.el7.i686.rpm gdk-pixbuf2-2.36.12-3.el7.x86_64.rpm libxshmfence-1.2-1.el7.i686.rpm glib2-2.56.1-2.el7.i686.rpm libXxf86vm-1.1.4-1.el7.i686.rpm graphite2-1.3.10-1.el7_3.i686.rpm logrotate-3.8.6-17.el7.x86_64.rpm gtk2-2.24.31-1.el7.i686.rpm lz4-1.7.5-2.el7.i686.rpm gtk-update-icon-cache-3.22.30- lz4-1.7.5-2.el7.x86_64.rpm 3.el7.x86_64.rpm mesa-libEGL-18.0.5-4.el7_6.i686.rpm harfbuzz-1.7.5-2.el7.i686.rpm mesa-libgbm-18.0.5-4.el7_6.i686.rpm hicolor-icon-theme-0.12-7.el7.noarch.rpm mesa-libgbm-18.0.5-4.el7_6.x86_64.rpm jasper-libs-1.900.1-33.el7.i686.rpm mesa-libGL-18.0.5-4.el7_6.i686.rpm jasper-libs-1.900.1-33.el7.x86_64.rpm mesa-libglapi-18.0.5-4.el7_6.i686.rpm java-1.8.0-openjdk-1.8.0.201.b09- NetworkManager-1.12.0-8.el7_6.x86_64.rpm 2.el7_6.i686.rpm NetworkManager-config-server-1.12.0- java-1.8.0-openjdk-devel-1.8.0.201.b09- 8.el7_6.noarch.rpm 2.el7_6.i686.rpm NetworkManager-libnm-1.12.0- java-1.8.0-openjdk-headless-1.8.0.201.b09- 8.el7_6.x86_64.rpm 2.el7_6.i686.rpm NetworkManager-team-1.12.0- jbigkit-libs-2.0-11.el7.i686.rpm 8.el7_6.x86_64.rpm jbigkit-libs-2.0-11.el7.x86_64.rpm NetworkManager-tui-1.12.0-8.el7_6.x86_64.rpm kernel-3.10.0-957.10.1.el7.x86_64.rpm openssl-1.0.2k-16.el7_6.1.x86_64.rpm kernel-tools-3.10.0-957.10.1.el7.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm kernel-tools-libs-3.10.0- openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm 957.10.1.el7.x86_64.rpm pango-1.42.4-1.el7.i686.rpm libblkid-2.23.2-59.el7_6.1.i686.rpm pcsc-lite-libs-1.8.8-8.el7.i686.rpm

© 2019-2020 Avaya Inc. All Rights Reserved. Page 9 libblkid-2.23.2-59.el7_6.1.x86_64.rpm perl-5.16.3-294.el7_6.x86_64.rpm libdrm-2.4.91-3.el7.i686.rpm perl-libs-5.16.3-294.el7_6.i686.rpm libffi-3.0.13-18.el7.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm libglvnd-1.0.1-0.8.git5baa1e5.el7.i686.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm libglvnd-egl-1.0.1- perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm 0.8.git5baa1e5.el7.i686.rpm pixman-0.34.0-1.el7.i686.rpm libglvnd-glx-1.0.1- polkit-0.112-18.el7_6.1.x86_64.rpm 0.8.git5baa1e5.el7.i686.rpm python-perf-3.10.0-957.10.1.el7.x86_64.rpm libgudev1-219-62.el7_6.5.x86_64.rpm systemd-219-62.el7_6.5.x86_64.rpm libjpeg-turbo-1.2.90-6.el7.x86_64.rpm systemd-libs-219-62.el7_6.5.i686.rpm libmount-2.23.2-59.el7_6.1.i686.rpm systemd-libs-219-62.el7_6.5.x86_64.rpm libmount-2.23.2-59.el7_6.1.x86_64.rpm systemd-sysv-219-62.el7_6.5.x86_64.rpm libpciaccess-0.14-1.el7.i686.rpm util-linux-2.23.2-59.el7_6.1.x86_64.rpm

AE Services 8.0.1 LSU 1 includes the installation of the following security updates:

Common Vulnerability and Red Hat Exposure (CVE) Updated Package Advisory Red Hat Errata ID NetworkManager, NetworkManager- config, NetworkManager- libnm, NetworkManager- team, NetworkManager-tui RHSA-2018:3665 https://access.redhat.com/errata/RHSA-2018:3665 CVE-2018-15688 perl, perl-Pod-Escapes, perl-libs, perl-macros RHSA-2019:0109 https://access.redhat.com/errata/RHSA-2019:0109 CVE-2018-18311 kernel, kernel-tools, kernel-tools-libs, CVE-2018-18397 python-perf RHSA-2019:0163 https://access.redhat.com/errata/RHSA-2019:0163 CVE-2018-18559 bind-libs, bind-libs-lite, bind-license, bind-utils RHSA-2019:0194 https://access.redhat.com/errata/RHSA-2019:0194 CVE-2018-5742 polkit RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0230 CVE-2019-6133 systemd, systemd-libs, systemd-sysv, libgudev1 RHSA-2019:0368 https://access.redhat.com/errata/RHSA-2019:0368 CVE-2019-6454 no RHSA BZ - 1374550 https://bugzilla.redhat.com/show_bug.cgi?id=13745 BZ - 1556993 50 logrotate RHBA-2018:3202 https://access.redhat.com/errata/RHBA-2018:3202 none java-1.8.0-openjdk, java-1.8.0-openjdk- devel, java-1.8.0- openjdk-headless RHSA-2019:0435 https://access.redhat.com/errata/RHSA-2019:0435 CVE-2019-2422 kernel, kernel-tools, CVE-2018-9568 kernel-tools-libs, CVE-2018-17972 python-perf RHSA-2019:0512 https://access.redhat.com/errata/RHSA-2019:0512 CVE-2018-18445 openssl, openssl-libs RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0483 CVE-2018-5407

Resolution Install the specified Linux Security Update (LSU) for the appropriate release. Workaround or alternative remediation n/a Remarks Issue 1 – Apr 04, 2019: Avaya Aura® Application Enablement (AE) Services 8.0.1 Linux Security Update 1 is available. Issue 2 – Oct 03, 2019: Avaya Aura® Application Enablement (AE) Services 8.0.1 Linux Security Update 2 is available. Issue 3 – Feb 25, 2020: Updated to include instructions for removing HA before applying LSU. Patch Notes The information in this section concerns the patch, if any, recommended in the Resolution above. Backup before applying the patch Backup AE Services server data before applying the LSU: 1. Log into the AE Services Management Console using a browser. 2. From the main menu, select Maintenance > Server Data > Backup. AE Services backs up the database, and displays: “The backup file can be downloaded from Here” on the Database Backup screen, 3. Click the "Here" link. A file download dialog box is displayed, from where you can open or save the backup file serverName_SoftwareVersion_aesvcsdbddmmyyyy.tar.gz. Where, ddmmyyyy is the date stamp). 4. Click Save, and download the backup file to a location from where you can gain access after the system upgrade. For example, save the file to your local computer or another computer used for storing backups.

Download To download the LSU: A. Download from the Avaya support site: 1. Go to Avaya Support (http://support.avaya.com/downloads). 2. Click Support by Products >Downloads: i. In Enter Product Name type “Avaya Aura Application Enablement Services” ii. In Choose Release select “8.0.x” from the drop-down menu. iii. In the list of Downloads locate and select the following entry: Avaya Aura® Application Enablement Services 8.0.x Linux Security Updates, 8.0.x (paging might be necessary to find the entry). B. Download from PLDS 1. Go to the link- https://plds.avaya.com. 2. Select View Downloads. 3. Use the search engine to locate the available downloads for Application Enablement Services using version 8.0 to narrow the search. 4. Locate the entry, Avaya Aura® Application Enablement Services 8.0.1 Linux Security Update Patch [n] where n is the LSU number to be installed (paging might be necessary to find the entry). Alternatively, you can search for the Download ID (see below).

Note: All AE Services Software Downloads are available in PLDS, while the Release Note documents are available on the Support Site. Cross references between the corresponding download entries for patches are provided. File size and hash sums are available on the PLDS Download Description.

LSU 1 PLDS ID AES00000731 File Name 801_LSUPatch1.bin MD5 Checksum: a2a2bdd28354f3a3a7ed4ae1e3d15cea

Before you start with the installation of the patch, check the md5 checksum of the file. To get the checksum, run the following command from the command line. This example is for LSU 1. Substitute the appropriate LSU file name in the command line. md5sum 801_LSUPatch1.bin Note: If the MD5 checksum does not match the stated value, do not proceed with installation. Download the patch again and verify the MD5 checksum matches.

Patch install instructions Service-interrupting? Notes: Yes 1. The AE Services server is rebooted after installation completes. 2. AES 8.0.1 LSU 1 and LSU 2 are only compatible with AE Services 8.0.1 VMware offer types. They should not be applied to the Software Only offer. 3. If High Availability is configured, it must be removed before installing the LSU and reapplied after the LSU installation is confirmed.

I. Check the detailed AE Services version.

Pre-requisite: For the VMware offer, use the AE Services Linux console (and hence see whether the patch has been applied already): 1. Start a Linux console session on the AE Services server (locally, via service port, or remotely using e.g. putty or SSH) 2. Execute the following command: swversion 3. If the patch, LSU 1 patch is not listed, then continue with the procedure How to install the Patch to the AE Services server.

II. Installing the Patch on the AE Services server 1. Login to the AE Services server using one of the following a) Local Linux console b) The services port c) SSH 2. Secure copy the specific LSU patch to the /tmp directory on the AE Services server. 3. As the root user, execute the following commands in the command line. This example is for LSU 1. Substitute the appropriate LSU file name in the command line. cd /tmp chmod 750 801_LSUPatch1.bin ./ 801_LSUPatch1.bin

4. Follow the on-screen instructions, until installation completes. Note: The system reboots AE Services server after the patch installation. Please wait for up to 5 minutes after the reboot for all services to start.

Verification 1. Locally, through service port, or remotely, by using putty, start a Linux console session on the AE Services server () 2. Log in with the credentials. 3. Run the following command to verify the installation of the LSU: © 2019-2020 Avaya Inc. All Rights Reserved. Page 12 swversion

The swversion command displays a message similar to the following if a Linux Security Update Patch is installed. This example is for LSU 1.

a. ************* Patch Numbers Installed in this system are ************* ==== LSU-8.0.1-1 ====

4. Run the following command to verify the status of the “aesvcs” service: a. service aesvcs status b. The status of the service should be “Active”.

5. Log into the AE Services Management Console using a web browser. 6. From the main menu, click Status. 7. On the Status page, verify that all previously licensed services are running. 8. Validate the server configuration data, as follows: a. On the main menu click Networking b. Under AE Service IP (Local IP), verify that the settings are correct. c. Under Network Configure, verify that the displayed settings are correct. d. Under Ports, verify that the settings displayed are correct. 9. Check all of the remaining Management Console pages listed under AE Services and Communication Manager Interface. Verify that the information is complete and correct. a. This completes the installation of the Patch.

AE Services server configurations for data changes Note: Follow this procedure, only if the AE Services server configuration data has changed. Follow this procedure to restore the AE Services server data: 1. From the main menu of the AE Services Management Console, select Maintenance > Server Data > Restore. The Management Console displays the Restore Database Configuration screen. The initial state of the Restore Database page provides you with two basic functions: • Text box with the Browse button, which provides the means to select a backup file to use for the Restore process. Alternatively, you can type a fully qualified name (FQDN) of the backup file in the text box. • Restore button that starts the Restore process. 2. Click Browse and locate the AE Services database backup file that you intend to use 3. Click Restore. The Management Console redisplays the Restore Database Configuration page, with the following message. "A database restore is pending. You must restart the Database Service and the AE Server for the restore to take effect. To restart these services now, click the Restart Services button below." Click Restart Services. AE Services restarts the Database Service and the AE Services, thereby completing the Restore process.

Failure Contact Technical Support.

Patch uninstall instructions LSUs cannot be uninstalled. Security Notes The information in this section concerns the security risk, if any, represented by the topic of this PSN. Security risks Failure to apply the LSU has the potential to result in a security breach.

If you require further information or assistance please contact your Authorized Service Provider, or visit support.avaya.com. There you can access more product information, chat with an Agent, or open an online Service Request. Support is provided per your warranty or service contract terms unless otherwise specified in the Avaya support Terms of Use.

Disclaimer: ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED “AS IS”. AVAYA INC., ON BEHALF OF ITSELF AND ITS SUBSIDIARIES AND AFFILIATES (HEREINAFTER COLLECTIVELY REFERRED TO AS “AVAYA”), DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE STEPS RECOMMENDED WILL ELIMINATE SECURITY OR VIRUS THREATS TO CUSTOMERS’ SYSTEMS. IN NO EVENT SHALL AVAYA BE LIABLE FOR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH THE INFORMATION OR RECOMMENDED ACTIONS PROVIDED HEREIN, INCLUDING DIRECT, INDIRECT, CONSEQUENTIAL DAMAGES, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF AVAYA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE INFORMATION PROVIDED HERE DOES NOT AFFECT THE SUPPORT AGREEMENTS IN PLACE FOR AVAYA PRODUCTS. SUPPORT FOR AVAYA PRODUCTS CONTINUES TO BE EXECUTED AS PER EXISTING AGREEMENTS WITH AVAYA. All trademarks identified by ® or TM are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.