[cisco-voip] glibc/ghost vulnerability
Charles Goldsmith
wokka at justfamily.org
Mon Jul 27 09:39:32 EDT 2015
Ryan/Wes, one last followup question,
https://tools.cisco.com/bugsearch/bug/CSCus68524 shows that it was updated
on the 20th, but I don't see a change, other than it may say fixed now
(don't remember before), but it does not show what changed.
Also, of note, since it does say it's fixed, there are 0 fixed versions
out. Can we get some clarification on it?
Thanks
On Fri, Jul 10, 2015 at 5:57 PM, Ryan LaFountain (rlafount) <
rlafount at cisco.com> wrote:
> To add to what Wes said:
>
> If you have other UCC products that run on VOS (Finesse, SocialMiner,
> MediaSense, CUIC) you'll see further differences between underlying VOS
> versions between them, UCCX and CUCM. This causes not only a lot of
> confusion in tracking bug fixes in the platform between products but delay
> in integrating fixes like these as Wes has described below.
>
> We are working to address this. The first part is in better tracking of
> bug fixes and security issues in the platform and between products. The
> second part is moving to a common underlying platform version and build
> process for most UCC products. This will greatly speed up our fix inclusion
> and standardize the underlying VOS version in many of our applications
> leading to greater consistency and stability. Without exposing too much
> more, we should see this common VOS in UCC system release 11.0.
>
> HTH.
>
> Thank you,
>
> Ryan LaFountain
> Unified Contact Center
> Cisco Services
> Direct: +1 919 392 9898
> Hours: M - F 9:00am - 5:00pm Eastern Time
>
> From: cisco-voip on behalf of Charles Goldsmith
> Date: Friday, July 10, 2015 at 5:21 PM
> To: "Wes Sisk (wsisk)"
> Cc: voip puck
> Subject: Re: [cisco-voip] glibc/ghost vulnerability
>
> Gotcha, thanks for the explanation Wes, that's what I was looking for
> and can explain it to the customer. I'll let the customer know of the
> risks and let them make the decision to upgrade or wait for a minor patch.
>
> Thanks!
>
> On Fri, Jul 10, 2015 at 1:58 PM, Wes Sisk (wsisk) <wsisk at cisco.com> wrote:
>
>> I’ll lead off with: UCCX does a fair amount of work to customize the
>> VOS platform to their needs. As such they don’t pull in updates and fixes
>> as fast as UCM, UC, and CUP.
>>
>> I bet if you check the kernel or RHEL version you will find significant
>> difference and that contributes to the complexity of the fix.
>> admin:show packages active kernel
>> Active Side Package(s): for kernel package(s)
>> kernel-firmware-2.6.32-431.20.3.el6.noarch
>> kernel-2.6.32-431.20.3.el6.x86_64
>> platform-kernel-tunable-1.0.0.0-1.i386
>> dracut-kernel-004-336.el6_5.1.noarch
>>
>> RyanL may weigh in with better details.
>>
>> -w
>>
>> On Jul 10, 2015, at 11:41 AM, Charles Goldsmith <wokka at justfamily.org>
>> wrote:
>>
>> I understand that CUCM and UCCX are both VOS, and that it's probably
>> not the same version, but I don't understand why the platform team for CUCM
>> can give us a minor patch but we can't get the same out of UCCX.
>>
>> I'm sure most of you are like me, and steer clear of .0 releases.
>> There is an old saying, dot Oh, oh no.
>>
>> I'm not comfortable advising a customer to upgrade to the 11.0 release.
>>
>> Would like thoughts on this, and some explanation of the differences of
>> the VOS between CUCM/CUC and UCCX.
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150727/4fbb1e35/attachment.html>
More information about the cisco-voip
mailing list