cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
HS
Nickel

Hotfix Ongoing Take 87

Hi,

we need to get protect against CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479: TCP SACK PANIC - Linux Kernel vulnerabilities. Refer to sk156192.

We are running R80.20 take 17 and we don't find any Checkpoint official documentation about the hotfix take 87. Does anyone already install the ongoing take 87. We don't have idea the minimal requirements for take 87 ? 

We are under take 17 far away from general availability take  47. Install take 87 before take 47 it is good idea ?

thank you for help.

0 Kudos
13 Replies

Re: Hotfix Ongoing Take 87

@HS The SK is talking about the latest R80.20 Jumbo, more details here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

HS
Nickel

Re: Hotfix Ongoing Take 87

Hi,

Thank you very much for your reply!

sk137592 does not have any kind of minimum requirements for take 87. 

At https://community.checkpoint.com/t5/Product-Announcements/R80-20-Jumbo-Hotfix-Accumulator-New-Ongoin...

there is already some considerations about take 87 installation. Does checkpoint has some official documentation ? If we need to be in some minimum take or other attention.

Anyone has installed the take 87 and face some struggling ? 

Thank you very much

0 Kudos

Re: Hotfix Ongoing Take 87

What minimum requirements? They are the same as for R80.20 GA, and you are running it already. All available Jumbo hotfix specific documentation is mentioned in the SK above

Hotfix Ongoing Take 87

If you have R80.20 JT 17,  JT 87 installation should be possible. Only thing to think of os special GW hot fixes: 

Jumbo Take 87 will install over MTA Update T 43 or T 46, but you will have to uninstall MABDA portal fix (Check_Point_R80.20_T101_MABDA_sk113410_FULL.tgz) or the special RAD HF from CP TAC (fw1_wrapper_HOTFIX_R80_20_JHF_T17_155_MAIN_GA_FULL.tgz) before JT 87 can be installed. Both MABDA portal fix and RAD HF can then be installed upon JT 87 successfully !

HS
Nickel

Re: Hotfix Ongoing Take 87

Hi,

I just have take 17 but I cannot understand it is installed  the special RAD HF from CP TAC. It is inside 

We will just install on Checkpoint Management, for Check_Point_R80.20_T101_MABDA_sk113410_FULL.tgz it is take 33 which is not affected.

I cant get any information about he special RAD HF from CP TAC  (fw1_wrapper_HOTFIX_R80_20_JHF_T17_155_MAIN_GA_FULL.tgz) or if it 's installed on my management server.

Do you have any idea how to check if it this installed ? it looks like that is not available to thew world but just from the support.

Thank you very much for help.

0 Kudos

Re: Hotfix Ongoing Take 87

Yes, i have to beg everyones pardon for this disclosure - the RAD fix is only available from TAC for special cases ! Please also understand that none of the HFs i have tested can be installed on Management, the MTA as well as the MABDA fix are for GWs.

To see which fixes are installed, use sk83860:

# cpinfo -y all

The output will list everything that is installed... More options and commands regarding that can be found in sk72800 How to check which Hotfixes are installed on a Check Point machine.

Employee
Employee

Re: Hotfix Ongoing Take 87

Hi.

All Jumbo hotfixes are accumulators (every take includes the content of all previous takes).

There are no minimum requirements besides choosing the suitable take for your ENV.

As @Yifat_Chen posted earlier, take 87 is GA and can be found in sk137592 with information of all it's content.

Re: Hotfix Ongoing Take 87

It went GA just yesterday already 😊

HS
Nickel

Re: Hotfix Ongoing Take 87

Hi,

 

yes it is correct. 

I confirm, today I've take 87 as GA via CPUSE

Thank you for help guys!

0 Kudos
HS
Nickel

Re: Hotfix Ongoing Take 87

Hi,

I've installed the take 87 and for some reason some packages were not installed.

This should happened ?

Packages are: 

Mobile Access R80.20 R80_20_JUMBO_HF_MAIN - Product not installed

Performance Pack R80.20 R80_20_JUMBO_HF_MAIN - Product not installed

Multi-Domain Security Management R80.20 R80_20_JUMBO_HF_MAIN - Product not installed

We don't have multi-domain so is normal the product not installed. But the others two products shouldn't be installed ?

Thank you for help.

 

0 Kudos
Employee+
Employee+

Re: Hotfix Ongoing Take 87

Hi,

Do you check the installation status on the MGMT side, right? If so, the "Mobile Access" and "Performance Pack" shouldn't be installed.

Regards, Dmitry Krupnik

 

HS
Nickel

Re: Hotfix Ongoing Take 87

Hi,

I've checked from MGMT side.

I shouldn't be installed, that is my doubt.

Thank you very much for your clarification.

0 Kudos
Employee+
Employee+

Re: Hotfix Ongoing Take 87

Hi,

Thank you for your question, we will think how do this output more clear in the future.

Regards, Dmitry Krupnik