How To: Download and Patch the Management Gateway Appliance Manually

Version 14

    Details: In order to download patches for the Management Gateway Appliance ports 80 and 443 needs to be open in both directions. DNS resolution to the LANDesk patch servers is also required. In many organizations these patch requirements are either difficult or impossible to meet. This article will continually be updated with manual patch information for both the 4.0 and 4.2 versions of the gateway appliance. The article will contain download paths and some install instructions. However, some means of getting the files to the Management Gateway will be required. WinSCP is recommended but SSH will need to be opened in the firewall configuration (at least temporarily) in order to work. If opening SSH is not allowed then other means (USB, external drive, etc) will be required.

     

    Note: The procedure of manually patching the Management Gateway is not currently supported by LANDesk. Some testing of the process below has been performed but not all tests.

     

    Note: All Redhat Package Manager (RPM) installations below should log to the /var/log/rpmupdate.log file. You can use the rpmupdate.log file for troubleshooting and to verify patches that have been installed.

     

    Note: For ease of use all of the patches for each version of the Management Gateway have been attached to this article. The files have been zipped with the Linux TAR command. Use the command below to extract the files. Please be sure to extract the files in a temporary folder. You can create a temporary folder using the "mkdir" command.

     

    tar -xvwf filename.tar

     

    Note: In order to make directories and execute RPM packages you will need to have elevated rights. Only the "admin" account will have access and you can use "sudo sh" with the admin password to elevate rights. Also, if a temporary directory is created it will need to have permissions changed. Use "chmod 777 directory" to change the permissions. After the patches are installed I would recommend removing all temporary directories.

     

    Management Gateway 4.2 Patches

     

    Name: GSBWEB-1.0-1.62

    Description: This patch fixes some UI problems in the system reports and the core certificates pages in the administrative console.

    Download: http://patch.landesk.com/patches/gsbweb-1.0-1.62.noarch.rpm

    Instructions:

     

    Note: A bug is associated with this patch that affects on-demand remote control for Windows Server 2003 machines. A fix to the patch is scheduled but the fix can be applied manually following article: DOC-9316

     

     

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv gsbweb-1.0-1.62.noarch.rpm >> /var/log/rpmupdate.log

     

     

    Name: SUMO-1.0-1.60

    Description: This patch fixes a bug in the System Update Monitor where it wouldn't recurse into subdirectories when recursion was set.

    Download: http://patch.landesk.com/patches/sumo-1.0-1.60.noarch.rpm

    Instructions:

     

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv sumo-1.0-1.60.noarch.rpm >> /var/log/rpmupdate.log

     

     

    Management Gateway 4.0 Patches

     

    Name: BROKER-2.0-1.17.i386

    Description: This updates the security encryption in the connection daemon to replace the older MD5 algorithm with a selectable algorithm. The current default is now SHA1.

    Note: This update requires the OpenSSL patch to be applied first. The OpenSSL patch is located later in the document.

    Download:

    http://patch.landesk.com/patches/sysdirs-1.0-1.19.i386.rpm

    http://patch.landesk.com/patches/broker-2.0-1.17.i386.rpm

    Instructions:

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv sysdirs-1.0-1.19.i386.rpm >> /var/log/rpmupdate.log

    3- rpm -Uv broker-2.0-1.17.i386.rpm >> /var/log/rpmupdate.log

     

    Note: You may see some warnings or errors during this install. The messages appear to be normal and appear to not affect the installation. Examples of the messages are as follows:

     

    "Missing user and/or group"

    stty and sed errors

     

     

     

    Name: DEBUGLOG_HOTPATCH-1.2-1.52

    Description: This patch prevents the system from creating a separate debug log. This log was not getting cleaned up and unchecked could grow quite large.

    Download: http://patch.landesk.com/patches/debuglog_hotpatch-1.2-1.52.noarch.rpm

    Instructions:

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv debuglog_hotpatch-1.2-1.52.noarch.rpm >> /var/log/rpmupdate.log

     

     

     

    Name: GSBFIREWALL-1.0-1.50

    Description: This patch fixes a bug where the firewall on the LANDesk Management Appliance was blocking outgoing SMTP alerts to the administrator email address. This also fixes a possible flaw in the firewall where under certain conditions an ICMP timestamp-required and reply would not get blocked.

    Download: http://patch.landesk.com/patches/gsbfirewall-1.0-1.50.noarch.rpm

    Instructions:

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv gsbfirewall-1.0-1.50.noarch.rpm >> /var/log/rpmupdate.log

     

     

     

    Name: GSBWEB-1.0-1.62s

    Description: This update fixes some possible security exploits were a user logged in as the administrator could post un validated data to the service and cause root level commands to be executed.

    Note: This GSBWEB update replaces an older version GSBWEB-1.0-1.58

    Download: http://patch.landesk.com/patches/gsbweb-1.0-1.62s.noarch.rpm

    Instructions:

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv gsbweb-1.0-1.62s.noarch.rpm >> /var/log/rpmupdate.log

     

     

     

    Name: LOGGER_HOTPATCH-1.2-1.52

    Description: A bugfix for the database management tools. Resolves a problem where the optimization tools failed to run at regular intervals.

    Download: http://patch.landesk.com/patches/logger_hotpatch-1.2-1.52.noarch.rpm

    Instructions:

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv logger_hotpatch-1.2-1.52.noarch.rpm >> /var/log/rpmupdate.log

     

     

     

    Name: SUMO-1.0-1.52

    Description: This patch fixes a bug in the System Update Monitor where it wouldn't notify of files that had been added and then deleted. More detail was added to the system report.

    Download: http://patch.landesk.com/patches/sumo-1.0-1.52.noarch.rpm

    Instructions:

    1- Change into the directory where you placed the file(s) when transferring them to the Gateway.

    2- rpm -Uv sumo-1.0-1.52.noarch.rpm >> /var/log/rpmupdate.log

     

     

     

    Name: OPENSSL-0.9.8i

    Description: This upgrades the secure sockets layer tools (openssl) to version 0.9.8i. This newer version of openssl has improved encryption routines and has fixed a couple of known vulnerabilities.

    Download: http://patch.landesk.com/patches/openssl-0.9.8i-LDMGA_patch.tar.gz

    Instructions:

     

    1- mkdir -p /tmp/openssl

    2- cd /tmp/openssl

    3- When transferring the downloaded files to the Gateway place them in /tmp/openssl

    4- tar -xf /tmp/openssl-0.9.8i/openssl-0.9.8i-LDMGA_patch.tar.gz

    5- ./install.sh

    6- rm -rf /tmp/openssl