Description

A Critical ranked vulnerability has been discovered for the Ex Libris PDS component. See the announcement, Ex Libris Patron Directory Services (PDS) Security vulnerability, for more details. PDS Apache should be patched on all Local Voyager Servers.

*Even if PDS is not in use, it is likely that the server is still vulnerable. Ex Libris recommends that the patch be applied for this issue regardless of whether PDS is in use, or the service is enabled. If PDS should be left disabled, the following procedure will leave PDS disabled if step 6 is not completed.

Resolution

1. Log into Voyager server as the voyager user.

2. Open a ticket with Voyager support to request this patch.  They will provide you with a special download URL for the patch.

3. Upload the patch provided to the voyager user's home directory - /home/voyager

4. Stop all Voyager PDS Apache services:

for pdsapache in /m1/voyager/*/pds/apache/bin/apachectl; do

ksh $pdsapache stop

done

5. Disable all Voyager PDS Apache services:

chmod 600 /m1/voyager/*/pds/apache/bin/apachectl

6. Install the PDS Apache fix to each Voyager PDS Apache service:

for pdsprog in /m1/voyager/*/pds/program; do

cd $pdsprog &&

cat $HOME/PDSupdate | gzip -dc - | tar -xvf - &&

sh ./RunMe.sh && echo "Patch applied in $pdsprog" || echo "Patch failed in $pdsprog"

done

7. Enable and restart ONLY the PDS Apache services for Voyager installs that you are using (skip if PDS is not enabled or used):

chmod 750 /m1/voyager/*/pds/apache/bin/apachectl

/m1/voyager/*/pds/apache/bin/apachectl start

Additional Information

Since PDS is installed by default, we recommend applying the fix whether it is enabled or not.

If local security or firewall restrictions pose obstacles to downloading the patch, and PDS is not in use, disable the Voyager PDS Apache service:

for pdsapache in /m1/voyager/*/pds/apache/bin/apachectl; do 
ksh $pdsapache stop 
done 
chmod 600 /m1/voyager/*/pds/apache/bin/apachectl 

• Article last edited: 11-Jul-2016