Details
In order to download patches for the Management Gateway Appliance ports 80 and 443 needs to be open in both directions. DNS resolution to the LANDesk patch servers is also required. In many organizations, these patch requirements are either difficult or impossible to meet. This article will continually be updated with manual patch information for both the 4.0 and 4.2 versions of the gateway appliance. The article will contain download paths and some install instructions. However, some means of getting the files to the Management Gateway will be required. WinSCP is recommended but SSH will need to be opened in the firewall configuration (at least temporarily) in order to work. If opening SSH is not allowed then other means (USB, external drive, etc) will be required.
Note:The procedure of manually patching the Management Gateway is not currently supported by LANDesk. Some testing of the process below has been performed but not all tests.
Note: All Redhat Package Manager (RPM) installations below should log to the /var/log/rpmupdate.log file. You can use the rpmupdate.log file for troubleshooting and to verify patches that have been installed.
Note: For ease of use all of the patches for each version of the Management Gateway have been attached to this article. The files have been zipped with the Linux TAR command. Use the command below to extra
tar -xvwf filename.tar
Note: In order to make directories and execute RPM packages you will need to have elevated rights. Only the "admin" account will have access and you can use "sudo sh" with the admin password to elevate rights. Also, if a temporary directory is created it will need to have permissions changed. Use "chmod 777 directory" to change the permissions. After the patches are installed I would recommend removing all temporary directories.
Management Gateway 4.2 Patches
Name:GSBWEB-1.0-1.62
Description: This patch fixes some UI problems in the system reports and the core certificates pages in the administrative console.
Download:http://patch.landesk.com/patches/gsbweb-1.0-1.62.noarch.rpm
Instructions:
Note: A bug is associated with this patch that affects on-demand remote control for Windows Server 2003 machines. A fix to the patch is scheduled but the fix can be applied manually following article: DOC-9316
- Change into the directory where you placed the file(s) when transferring them to the Gateway.
- pm -Uv gsbweb-1.0-1.62.noarch.rpm >> /var/log/rpmupdate.log
Name: SUMO-1.0-1.60
Description: This patch fixes a bug in the System Update Monitor where it wouldn't recurse into subdirectories when recursion was set.
Download:http://patch.landesk.com/patches/sumo-1.0-1.60.noarch.rpm
Instructions:
- Change into the directory where you placed the file(s) when transferring them to the Gateway.
- rpm -Uv sumo-1.0-1.60.noarch.rpm >> /var/log/rpmupdate.log
Management Gateway 4.0 Patches
Name:BROKER-2.0-1.17.i386
Description: This updates the security encryption in the connection daemon to replace the older MD5 algorithm with a selectable algorithm. The current default is now SHA1.
Note: This update requires the OpenSSL patch to be applied first. The OpenSSL patch is located later in the document.
Download:
http://patch.landesk.com/patches/sysdirs-1.0-1.19.i386.rpm
http://patch.landesk.com/patches/broker-2.0-1.17.i386.rpm
Instructions:
- Change into the directory where you placed the file(s) when transferring them to the Gateway.
- rpm -Uv sysdirs-1.0-1.19.i386.rpm >> /var/log/rpmupdate.log
- rpm -Uv broker-2.0-1.17.i386.rpm >> /var/log/rpmupdate.log
Note: You may see some warnings or errors during this install. The messages appear to be normal and appear to not affect the installation. Examples of the messages are as follows:
"Missing user and/or group"
stty and sed errors
Name:GSBWEB-1.0-1.62s
Description: This update fixes some possible security exploits were a user logged in as the administrator could post un validated data to the service and cause root level commands to be executed.
Note: This GSBWEB update replaces an older version GSBWEB-1.0-1.58
Download:http://patch.landesk.com/patches/gsbweb-1.0-1.62s.noarch.rpm
Instructions:
- Change into the directory where you placed the file(s) when transferring them to the Gateway.
- rpm -Uv gsbweb-1.0-1.62s.noarch.rpm >> /var/log/rpmupdate.log
Name:LOGGER_HOTPATCH-1.2-1.52
Description: A bugfix for the database management tools. Resolves a problem where the optimization tools failed to run at regular intervals.
Download:http://patch.landesk.com/patches/logger_hotpatch-1.2-1.52.noarch.rpm
Instructions:
- Change into the directory where you placed the file(s) when transferring them to the Gateway.
- rpm -Uv logger_hotpatch-1.2-1.52.noarch.rpm >> /var/log/rpmupdate.log
Name:SUMO-1.0-1.52
Description: This patch fixes a bug in the System Update Monitor where it wouldn't notify of files that had been added and then deleted. More detail was added to the system report.
Download:http://patch.landesk.com/patches/sumo-1.0-1.52.noarch.rpm
Instructions:
- Change into the directory where you placed the file(s) when transferring them to the Gateway.
- rpm -Uv sumo-1.0-1.52.noarch.rpm >> /var/log/rpmupdate.log
Name: OPENSSL-0.9.8i
Description: This upgrades the secure sockets layer tools (openssl) to version 0.9.8i. This newer version of openssl has improved encryption routines and has fixed a couple of known vulnerabilities.
Download:http://patch.landesk.com/patches/openssl-0.9.8i-LDMGA_patch.tar.gz
Instructions:
- mkdir -p /tmp/openssl
- cd /tmp/openssl
- When transferring the downloaded files to the Gateway place them in /tmp/openssl
- tar -xf /tmp/openssl-0.9.8i/openssl-0.9.8i-LDMGA_patch.tar.gz
- ./install.sh
- rm -rf /tmp/openssl
Attachments:
https://download.ivanti.com/kbattachments/GatewayPatches40.tar
https://download.ivanti.com/kbattachments/GatewayPatches42.tar