Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HS
Contributor

Hotfix Ongoing Take 87

Hi,

we need to get protect against CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192.

We are running R80.20 take 17 and we don't find any Checkpoint official documentation about the hotfix take 87. Does anyone already install the ongoing take 87. We don't have idea the minimal requirements for take 87 ? 

We are under take 17 far away from general availability take  47. Install take 87 before take 47 it is good idea ?

thank you for help.

0 Kudos
13 Replies
_Val_
Admin
Admin

@HS The SK is talking about the latest R80.20 Jumbo, more details here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

HS
Contributor

Hi,

Thank you very much for your reply!

sk137592 does not have any kind of minimum requirements for take 87. 

At https://community.checkpoint.com/t5/Product-Announcements/R80-20-Jumbo-Hotfix-Accumulator-New-Ongoin...

there is already some considerations about take 87 installation. Does checkpoint has some official documentation ? If we need to be in some minimum take or other attention.

Anyone has installed the take 87 and face some struggling ? 

Thank you very much

0 Kudos
_Val_
Admin
Admin

What minimum requirements? They are the same as for R80.20 GA, and you are running it already. All available Jumbo hotfix specific documentation is mentioned in the SK above

G_W_Albrecht
Legend Legend
Legend

If you have R80.20 JT 17,  JT 87 installation should be possible. Only thing to think of os special GW hot fixes: 

Jumbo Take 87 will install over MTA Update T 43 or T 46, but you will have to uninstall MABDA portal fix (Check_Point_R80.20_T101_MABDA_sk113410_FULL.tgz) or the special RAD HF from CP TAC (fw1_wrapper_HOTFIX_R80_20_JHF_T17_155_MAIN_GA_FULL.tgz) before JT 87 can be installed. Both MABDA portal fix and RAD HF can then be installed upon JT 87 successfully !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
HS
Contributor

Hi,

I just have take 17 but I cannot understand it is installed  the special RAD HF from CP TAC. It is inside 

We will just install on Checkpoint Management, for Check_Point_R80.20_T101_MABDA_sk113410_FULL.tgz it is take 33 which is not affected.

I cant get any information about he special RAD HF from CP TAC  (fw1_wrapper_HOTFIX_R80_20_JHF_T17_155_MAIN_GA_FULL.tgz) or if it 's installed on my management server.

Do you have any idea how to check if it this installed ? it looks like that is not available to thew world but just from the support.

Thank you very much for help.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Yes, i have to beg everyones pardon for this disclosure - the RAD fix is only available from TAC for special cases ! Please also understand that none of the HFs i have tested can be installed on Management, the MTA as well as the MABDA fix are for GWs.

To see which fixes are installed, use sk83860:

# cpinfo -y all

The output will list everything that is installed... More options and commands regarding that can be found in sk72800 How to check which Hotfixes are installed on a Check Point machine.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Eddie_Kalbert
Employee
Employee

Hi.

All Jumbo hotfixes are accumulators (every take includes the content of all previous takes).

There are no minimum requirements besides choosing the suitable take for your ENV.

As @Yifat_Chen posted earlier, take 87 is GA and can be found in sk137592 with information of all it's content.

G_W_Albrecht
Legend Legend
Legend

It went GA just yesterday already 😊

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
HS
Contributor

Hi,

 

yes it is correct. 

I confirm, today I've take 87 as GA via CPUSE

Thank you for help guys!

0 Kudos
HS
Contributor

Hi,

I've installed the take 87 and for some reason some packages were not installed.

This should happened ?

Packages are: 

Mobile Access R80.20 R80_20_JUMBO_HF_MAIN - Product not installed

Performance Pack R80.20 R80_20_JUMBO_HF_MAIN - Product not installed

Multi-Domain Security Management R80.20 R80_20_JUMBO_HF_MAIN - Product not installed

We don't have multi-domain so is normal the product not installed. But the others two products shouldn't be installed ?

Thank you for help.

 

0 Kudos
Dmitry_Krupnik
Employee Alumnus
Employee Alumnus

Hi,

Do you check the installation status on the MGMT side, right? If so, the "Mobile Access" and "Performance Pack" shouldn't be installed.

Regards, Dmitry Krupnik

 

HS
Contributor

Hi,

I've checked from MGMT side.

I shouldn't be installed, that is my doubt.

Thank you very much for your clarification.

0 Kudos
Dmitry_Krupnik
Employee Alumnus
Employee Alumnus

Hi,

Thank you for your question, we will think how do this output more clear in the future.

Regards, Dmitry Krupnik

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events