[cisco-voip] glibc/ghost vulnerability

Charles Goldsmith wokka at justfamily.org
Mon Jul 27 09:39:32 EDT 2015


Ryan/Wes, one last followup question,
https://tools.cisco.com/bugsearch/bug/CSCus68524 shows that it was updated
on the 20th, but I don't see a change, other than it may say fixed now
(don't remember before), but it does not show what changed.

Also, of note, since it does say it's fixed, there are 0 fixed versions
out.  Can we get some clarification on it?

Thanks


On Fri, Jul 10, 2015 at 5:57 PM, Ryan LaFountain (rlafount) <
rlafount at cisco.com> wrote:

>  To add to what Wes said:
>
>  If you have other UCC products that run on VOS (Finesse, SocialMiner,
> MediaSense, CUIC) you'll see further differences between underlying VOS
> versions between them, UCCX and CUCM. This causes not only a lot of
> confusion in tracking bug fixes in the platform between products but delay
> in integrating fixes like these as Wes has described below.
>
>  We are working to address this. The first part is in better tracking of
> bug fixes and security issues in the platform and between products. The
> second part is moving to a common underlying platform version and build
> process for most UCC products. This will greatly speed up our fix inclusion
> and standardize the underlying VOS version in many of our applications
> leading to greater consistency and stability. Without exposing too much
> more, we should see this common VOS in UCC system release 11.0.
>
>  HTH.
>
>   Thank you,
>
> Ryan LaFountain
> Unified Contact Center
> Cisco Services
> Direct: +1 919 392 9898
> Hours: M - F 9:00am - 5:00pm Eastern Time
>
>   From: cisco-voip on behalf of Charles Goldsmith
> Date: Friday, July 10, 2015 at 5:21 PM
> To: "Wes Sisk (wsisk)"
> Cc: voip puck
> Subject: Re: [cisco-voip] glibc/ghost vulnerability
>
>   Gotcha, thanks for the explanation Wes, that's what I was looking for
> and can explain it to the customer.  I'll let the customer know of the
> risks and let them make the decision to upgrade or wait for a minor patch.
>
>  Thanks!
>
> On Fri, Jul 10, 2015 at 1:58 PM, Wes Sisk (wsisk) <wsisk at cisco.com> wrote:
>
>>  I’ll lead off with: UCCX does a fair amount of work to customize the
>> VOS platform to their needs. As such they don’t pull in updates and fixes
>> as fast as UCM, UC, and CUP.
>>
>>  I bet if you check the kernel or RHEL version you will find significant
>> difference and that contributes to the complexity of the fix.
>> admin:show packages active kernel
>> Active Side Package(s): for kernel package(s)
>> kernel-firmware-2.6.32-431.20.3.el6.noarch
>> kernel-2.6.32-431.20.3.el6.x86_64
>> platform-kernel-tunable-1.0.0.0-1.i386
>> dracut-kernel-004-336.el6_5.1.noarch
>>
>>  RyanL may weigh in with better details.
>>
>>  -w
>>
>>  On Jul 10, 2015, at 11:41 AM, Charles Goldsmith <wokka at justfamily.org>
>> wrote:
>>
>>  I understand that CUCM and UCCX are both VOS, and that it's probably
>> not the same version, but I don't understand why the platform team for CUCM
>> can give us a minor patch but we can't get the same out of UCCX.
>>
>>  I'm sure most of you are like me, and steer clear of .0 releases.
>> There is an old saying, dot Oh, oh no.
>>
>>  I'm not comfortable advising a customer to upgrade to the 11.0 release.
>>
>>  Would like thoughts on this, and some explanation of the differences of
>> the VOS between CUCM/CUC and UCCX.
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150727/4fbb1e35/attachment.html>


More information about the cisco-voip mailing list