- Product: Aleph
- Product Version: 22, 23
- Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local, TotalCare
The following applies only for installations having Apache 2.2.32 installed on their Aleph server and using PDS in SSL mode.
Note: Apache version 2.2.32 is not part of the Third Party updates [Status: June 07, 2017].
There is a problem with login via PDS in SSL mode after the upgrade to Apache 2.2.32 which was required to address security vulnerability CVE-2016-8743
The HTTPS call from Aleph to PDS was changed to support Apache 2.2.32 in rc #2415 (v22) and rc #2122 (v23).
Note 1) If you would like to implement this Apache version on your Aleph server to address the vulnerability issue documented as 'CVE-2016-8743', please contact Ex Libris Support team to schedule the installation on your Aleph production server.
Note 2) A hotfix is available for rc #2415 (v22) resp. #2122 (v23)
Download instructions for the hotfix (example for rc #2122):
1) Connect to ftp.exl.de:
Please note that user Outgoing has read-only permission on ftp-server and no directory-listing is allowed.
2) Download of file hotfix_ver23_rc2122.tar.gz to any directory on your server:
ftp> cd hotfix
ftp> get hotfix_ver23_rc2122.tar.gz
3) Unzip and untar:
tar xvf hotfix_ver23_rc2122.tar
4) Call up script aaa_install:
5) The fix is reactivated after the next startup of Aleph.
Replace hotfix_ver23_rc2122 with hotfix_ver22_rc2415 to obtain the hotfix for Aleph version 22.
- Article last edited: 07-June-2017