[cisco-voip] glibc/ghost vulnerability

Charles Goldsmith wokka at justfamily.org
Wed Jul 29 09:05:02 EDT 2015


Thanks for the info Ryan.

On Wed, Jul 29, 2015 at 7:50 AM, Ryan LaFountain (rlafount) <
rlafount at cisco.com> wrote:

>   Hi Charles,
>
>  This is currently resolved in 11.0(1) only. Since we're still prior to
> FCS for 11.0, we haven't populated the 'Fixed Releases' Bug Search Tool
> field yet. We will populate this with the FCS version of 11.0 when we know
> what specific build / version that will be :)
>
>   Thank you,
>
> Ryan LaFountain
> Unified Contact Center
> Cisco Services
> Direct: +1 919 392 9898
> Hours: M - F 9:00am - 5:00pm Eastern Time
>
>   From: "Wes Sisk (wsisk)"
> Date: Tuesday, July 28, 2015 at 12:32 PM
> To: Charles Goldsmith, Ryan LaFountain
>
> Cc: voip puck
> Subject: Re: [cisco-voip] glibc/ghost vulnerability
>
>   The update that happened on the 20th was an internal system update.
> Basically a change happened on a case that was linked to the bug. This
> tickled the ‘last-update’ date of the bug.
>
>  As far as fixed versions - I’ll look to *Ryan* on how/when UCCX
> populates Integrated-releases field.
>
>  -Wes
>
>  On Jul 27, 2015, at 9:39 AM, Charles Goldsmith <wokka at justfamily.org>
> wrote:
>
>  Ryan/Wes, one last followup question,
> https://tools.cisco.com/bugsearch/bug/CSCus68524 shows that it was
> updated on the 20th, but I don't see a change, other than it may say fixed
> now (don't remember before), but it does not show what changed.
>
>  Also, of note, since it does say it's fixed, there are 0 fixed versions
> out.  Can we get some clarification on it?
>
>  Thanks
>
>
> On Fri, Jul 10, 2015 at 5:57 PM, Ryan LaFountain (rlafount) <
> rlafount at cisco.com> wrote:
>
>>  To add to what Wes said:
>>
>>  If you have other UCC products that run on VOS (Finesse, SocialMiner,
>> MediaSense, CUIC) you'll see further differences between underlying VOS
>> versions between them, UCCX and CUCM. This causes not only a lot of
>> confusion in tracking bug fixes in the platform between products but delay
>> in integrating fixes like these as Wes has described below.
>>
>>  We are working to address this. The first part is in better tracking of
>> bug fixes and security issues in the platform and between products. The
>> second part is moving to a common underlying platform version and build
>> process for most UCC products. This will greatly speed up our fix inclusion
>> and standardize the underlying VOS version in many of our applications
>> leading to greater consistency and stability. Without exposing too much
>> more, we should see this common VOS in UCC system release 11.0.
>>
>>  HTH.
>>
>>   Thank you,
>>
>> Ryan LaFountain
>> Unified Contact Center
>> Cisco Services
>> Direct: +1 919 392 9898
>> Hours: M - F 9:00am - 5:00pm Eastern Time
>>
>>   From: cisco-voip on behalf of Charles Goldsmith
>> Date: Friday, July 10, 2015 at 5:21 PM
>> To: "Wes Sisk (wsisk)"
>> Cc: voip puck
>> Subject: Re: [cisco-voip] glibc/ghost vulnerability
>>
>>   Gotcha, thanks for the explanation Wes, that's what I was looking for
>> and can explain it to the customer.  I'll let the customer know of the
>> risks and let them make the decision to upgrade or wait for a minor patch.
>>
>>  Thanks!
>>
>> On Fri, Jul 10, 2015 at 1:58 PM, Wes Sisk (wsisk) <wsisk at cisco.com>
>> wrote:
>>
>>>  I’ll lead off with: UCCX does a fair amount of work to customize the
>>> VOS platform to their needs. As such they don’t pull in updates and fixes
>>> as fast as UCM, UC, and CUP.
>>>
>>>  I bet if you check the kernel or RHEL version you will find
>>> significant difference and that contributes to the complexity of the fix.
>>> admin:show packages active kernel
>>> Active Side Package(s): for kernel package(s)
>>> kernel-firmware-2.6.32-431.20.3.el6.noarch
>>> kernel-2.6.32-431.20.3.el6.x86_64
>>> platform-kernel-tunable-1.0.0.0-1.i386
>>> dracut-kernel-004-336.el6_5.1.noarch
>>>
>>>  RyanL may weigh in with better details.
>>>
>>>  -w
>>>
>>>  On Jul 10, 2015, at 11:41 AM, Charles Goldsmith <wokka at justfamily.org>
>>> wrote:
>>>
>>>  I understand that CUCM and UCCX are both VOS, and that it's probably
>>> not the same version, but I don't understand why the platform team for CUCM
>>> can give us a minor patch but we can't get the same out of UCCX.
>>>
>>>  I'm sure most of you are like me, and steer clear of .0 releases.
>>> There is an old saying, dot Oh, oh no.
>>>
>>>  I'm not comfortable advising a customer to upgrade to the 11.0 release.
>>>
>>>  Would like thoughts on this, and some explanation of the differences
>>> of the VOS between CUCM/CUC and UCCX.
>>>
>>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150729/f7531c31/attachment.html>


More information about the cisco-voip mailing list