Open Source RDBMS - Seamless, Scalable, Stable and Free

한국어 | Login |Register

2014-04-16 CUBRID Manager Server - Openssl Patch


We are releasing the heart bleed vulnerability patch of CUBRID Manager Server.

You have already seen the news regarding Heart Bleed bug, this vulnerability affecting a lot of web site which are using OpenSSL to provide https protocol.

CUBRID Manager Server uses OpenSSL in its https api and if you are using on the outside of network zone, it might be taken the vulnerability problem. Because of using OpenSSL 1.0.1c on CUBRID Manager Server to provide https CM API, we highly recommend to patch using this heart bleed vulnerability patch version. 

 

Supported CUBRID Engine version:

  • CUBRID 8.4.3
  • CUBRID 8.4.4
  • CUBRID 9.1.0
  • CUBRID 9.2.0

 

Issue:

  • TOOLS-4087: upgrade CMS openssl library to 1.0.1g and make patch for all release CMS.

 

How to Upgrade:

 

1. Download a new patch according to your CUBRID Engine version and OS from http://ftp.cubrid.org/CUBRID_Tools/CUBRID_Manager_Server/Patch/20140417_openssl_heartbleed/

  • CUBRID Manager Server 8.4.3 build 2001
    • Linux
      • cmserver-8.4.3.2001-linux-x64-openssl-patch.tar.gz
      • cmserver-8.4.3.2001-linux-x86-openssl-patch.tar.gz
    • Windows
      • cmserver-8.4.3.2001-win-x64-openssl-patch.zip
      • cmserver-8.4.3.2001-win-x86-openssl-patch.zip
  •    CUBRID Manager Server 8.4.4 build 2416
    • Linux
      • cmserver-8.4.4.2416-linux-x64-openssl-patch.tar.gz
      • cmserver-8.4.4.2416-linux-x86-openssl-patch.tar.gz
    • Windows
      • cmserver-8.4.4.2416-win-x64-openssl-patch.zip
      • cmserver-8.4.4.2416-win-x86-openssl-patch.zip
  • CUBRID Manager Server 9.1.0 build 0416
    • Linux
      • cmserver-9.1.0.0416-linux-x64-openssl-patch.tar.gz
      • cmserver-9.1.0.0416-linux-x86-openssl-patch.tar.gz
    • Windows
      •  cmserver-9.1.0.0416-win-x64-openssl-patch.zip
      •  cmserver-9.1.0.0416-win-x86-openssl-patch.zip
  • CUBRID Manager Server 9.2.0 build 1416
    • Linux
      • cmserver-9.2.0.1416-linux-x64-openssl-patch.tar.gz
      • cmserver-9.2.0.1416-linux-x86-openssl-patch.tar.gz
    • Windows
      •  cmserver-9.2.0.1416-win-x64-openssl-patch.zip
      •  cmserver-9.2.0.1416-win-x86-openssl-patch.zip

 

2. Stop CUBRID manager process using the following command:

> cubrid manager stop
@ cubrid manager server stop
++ cubrid manager server stop: success

 

3. Copy cub_cmhttpd.exe(cub_cmserver_ext.exe for 9.2.0) in patch to %CUBRID%\bin\, replacing the original cub_cmhttpd.exe and cub_js.exe file.

In Linux, Copy cub_cmhttpd(cub_cmserver_ext for 9.2.0) in patch to $CUBRID/bin/, replacing the original cub_cmhttpd.

 

4. Start CUBRID manager process using the following command:

> cubrid manager start
@ cubrid manager server start
++ cubrid manager server start: success

 


Note:

Please close web manager in your browser before patching, otherwise maybe some unpredictable errors will happen.

comments powered by Disqus
Page info
viewed 9465 times
translations en
Author
posted 4 months ago by
bodo_qiao
Contributors
updated 4 months ago by
View revisions
Share this article