Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Ex Libris Voyager Patron Directory Services (PDS) Security vulnerability patch

    • Product: Voyager
    • Product Version: 8.x - 9.2.1
    • Relevant for Installation Type: Local

     

    Description

    A Critical ranked vulnerability has been discovered for the Ex Libris PDS component. See the announcement, Ex Libris Patron Directory Services (PDS) Security vulnerability, for more details. PDS Apache should be patched on all Local Voyager Servers.

     

    *Even if PDS is not in use, it is likely that the server is still vulnerable. Ex Libris recommends that the patch be applied for this issue regardless of whether PDS is in use, or the service is enabled. If PDS should be left disabled, the following procedure will leave PDS disabled if step 6 is not completed.

    Resolution

    1. Log into Voyager server as the voyager user.

    2. Download the PDS Apache fix

    cd $HOME

    ftp -ni <<EOF

    open  ftp.exlibrisgroup.com

    user produser Pr6gue

    bin

    prompt

    cd /product_patches

    get PDSupdate

    bye

    EOF

     

    3. Stop all Voyager PDS Apache services:

    for pdsapache in /m1/voyager/*/pds/apache/bin/apachectl; do

    ksh $pdsapache stop

    done

     

    4. Disable all Voyager PDS Apache services:

    chmod 600 /m1/voyager/*/pds/apache/bin/apachectl

     

    5. Install the PDS Apache fix to each Voyager PDS Apache service:

    for pdsprog in /m1/voyager/*/pds/program; do

    cd $pdsprog &&

    cat $HOME/PDSupdate | gzip -dc - | tar -xvf - &&

    sh ./RunMe.sh && echo "Patch applied in $pdsprog" || echo "Patch failed in $pdsprog"

    done

     

    6.. Enable and restart ONLY the PDS Apache services for Voyager installs that you are using (skip if PDS is not enabled or used):

    chmod 750 /m1/voyager/*/pds/apache/bin/apachectl

    /m1/voyager/*/pds/apache/bin/apachectl start

     

    Additional Information

    Since PDS is installed by default, we recommend applying the fix whether it is enabled or not.

     

    If local security or firewall restrictions pose obstacles to downloading the patch, and PDS is not in use, disable the Voyager PDS Apache service:

     

    for pdsapache in /m1/voyager/*/pds/apache/bin/apachectl; do 
    ksh $pdsapache stop 
    done 
    chmod 600 /m1/voyager/*/pds/apache/bin/apachectl 

     

     


    • Article last edited: 11-Jul-2016